blob: 4fdbac341cdb1b5deb2fff90d7b3db6a8412834d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# Maintainer: Vitalii Kuzhdin <vitaliikuzhdin@gmail.com>
_pkgname="scorecard"
pkgname="${_pkgname}-bin"
pkgver=5.4.0
pkgrel=1
pkgdesc="Security health metrics for Open Source"
arch=('aarch64' 'x86_64')
url="https://scorecard.dev"
_url="https://github.com/ossf/${_pkgname}"
license=('Apache-2.0')
makedepends=(
'slsa-verifier'
)
provides=(
"${_pkgname}"
)
conflicts=(
"${_pkgname}"
)
_pkgsrc="${_pkgname}-${pkgver}"
source=("${_pkgsrc}-multiple.intoto.jsonl::${_url}/releases/download/v${pkgver}/multiple.intoto.jsonl")
source_aarch64=("${_pkgsrc}-aarch64.tar.gz::${_url}/releases/download/v${pkgver}/${_pkgsrc//-/_}_linux_arm64.tar.gz")
source_x86_64=("${_pkgsrc}-x86_64.tar.gz::${_url}/releases/download/v${pkgver}/${_pkgsrc//-/_}_linux_amd64.tar.gz")
sha256sums=('94849917ffc369ecd47d33dc7d6049ce056c4c9d743e18d1de82dd94585a3f9e')
sha256sums_aarch64=('3f8b6354c62ec0287a8e9694481d834e16bff8451cf5b5dca435e8400ce5adaf')
sha256sums_x86_64=('e5183aeaa5aa548fbb7318a6deb3e1038be0ef9aca24e655422ae88dfbe67502')
verify() {
slsa-verifier verify-artifact "${_pkgsrc}-${CARCH}.tar.gz" \
--provenance-path "${_pkgsrc}-multiple.intoto.jsonl" \
--source-uri "${_url#https://}" \
--source-tag "v${pkgver}"
}
package() {
cd "${srcdir}"
install -vDm755 "${_pkgname}" "${pkgdir}/usr/bin/${_pkgname}"
install -vDm644 "README.md" "${pkgdir}/usr/share/doc/${_pkgname}/README.md"
install -vDm644 "LICENSE" "${pkgdir}/usr/share/licenses/${_pkgname}/LICENSE"
}
|