From d41aac3e0ca15110b53709cb24c8644d9d2f8f39 Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Sun, 9 Feb 2020 13:47:41 +0100 Subject: [PATCH] new package --- dependency-check/dependency-check.sh | 8 +++ dependency-check/dependency-check.spec | 79 ++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 dependency-check/dependency-check.sh create mode 100644 dependency-check/dependency-check.spec diff --git a/dependency-check/dependency-check.sh b/dependency-check/dependency-check.sh new file mode 100644 index 0000000000..8a6c0c547d --- /dev/null +++ b/dependency-check/dependency-check.sh @@ -0,0 +1,8 @@ +#!/bin/sh +## +## dependency-check.sh -- Dependency Check startup wrapper script +## + +eval `JAVA_PLATFORM="sun-jdk" @l_prefix@/bin/java-toolkit -e` +exec @l_prefix@/libexec/dependency-check/bin/dependency-check.sh ${1+"$@"} + diff --git a/dependency-check/dependency-check.spec b/dependency-check/dependency-check.spec new file mode 100644 index 0000000000..853664a290 --- /dev/null +++ b/dependency-check/dependency-check.spec @@ -0,0 +1,79 @@ +## +## dependency-check.spec -- OpenPKG RPM Package Specification +## Copyright (c) 2000-2020 OpenPKG Project +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## + +# package information +Name: dependency-check +Summary: OWASP Dependency Security Checker +URL: https://jeremylong.github.io/DependencyCheck/ +Vendor: Jeremy Long +Packager: OpenPKG Project +Distribution: OpenPKG Community +Class: EVAL +Group: Security +License: Apache +Version: 5.3.0 +Release: 20200209 + +# list of sources +Source0: https://bintray.com/jeremy-long/owasp/download_file?file_path=dependency-check-%{version}-release.zip +Source1: dependency-check.sh + +# build information +BuildPreReq: OpenPKG, openpkg >= 20160101 +PreReq: OpenPKG, openpkg >= 20160101, java, JAVA-JDK + +%description + Dependency-Check is a Software Composition Analysis (SCA) tool that + attempts to detect publicly disclosed vulnerabilities contained + within a project's dependencies. It does this by determining if + there is a Common Platform Enumeration (CPE) identifier for a given + dependency. If found, it will generate a report linking to the + associated CVE entries. + +%track + prog dependency-check = { + version = %{version} + url = https://github.com/jeremylong/DependencyCheck/releases + regex = v(__VER__)\.tar\.gz + } + +%prep + %setup -q -n dependency-check + +%build + +%install + %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/bin \ + $RPM_BUILD_ROOT%{l_prefix}/libexec/dependency-check + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE dependency-check.sh} \ + $RPM_BUILD_ROOT%{l_prefix}/bin/dependency-check + rm -f bin/*.bat + cp -rp bin lib $RPM_BUILD_ROOT%{l_prefix}/libexec/dependency-check/ + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std} + +%files -f files + +%clean +