3 files changed, 43 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..28ed98848cf3
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,12 @@
+pkgbase = witness
+	pkgdesc = Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
+	pkgver = 0.1.12
+	pkgrel = 1
+	url = https://github.com/testifysec/witness
+	arch = any
+	license = Apache
+	makedepends = go
+	source = witness-0.1.12.tar.gz::https://github.com/testifysec/witness/archive/v0.1.12.tar.gz
+	sha256sums = e02ee5cb340f9f703ea2204a4aed1d506c547979ca02155ad909968835ea5b19
+
+pkgname = witness
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..b774d65f9ddb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+pkg
+build
+witness-*
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..dfaed01f4e87
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,28 @@
+# Maintainer: Aditya Sirish <aditya@saky.in>
+
+pkgname=witness
+pkgver=0.1.12
+pkgrel=1
+pkgdesc="Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance."
+arch=('any')
+license=('Apache')
+url="https://github.com/testifysec/witness"
+makedepends=('go')
+source=("$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz")
+sha256sums=('e02ee5cb340f9f703ea2204a4aed1d506c547979ca02155ad909968835ea5b19')
+
+build() {
+    export CGO_CPPFLAGS="${CPPFLAGS}"
+    export CGO_CFLAGS="${CFLAGS}"
+    export CGO_CXXFLAGS="${CXXFLAGS}"
+    export CGO_LDFLAGS="${LDFLAGS}"
+    export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
+
+    cd "$pkgname-$pkgver"
+    go build -o bin/${pkgname}
+}
+
+package() {
+    cd "$pkgname-$pkgver"
+    install -Dm 755 -t "${pkgdir}/usr/bin" bin/${pkgname}
+}