From 7f5462345a5861097afa493a4fa7b646d3d31f2d Mon Sep 17 00:00:00 2001
From: Sergey Zhemoytel <djam5@ya.ru>
Date: Sat, 11 May 2024 16:02:59 +0300
Subject: [PATCH] Imported from SRPM

---
 .abf.yml    |  2 ++
 cosign.spec | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 .abf.yml
 create mode 100644 cosign.spec

diff --git a/.abf.yml b/.abf.yml
new file mode 100644
index 0000000..716782a
--- /dev/null
+++ b/.abf.yml
@@ -0,0 +1,2 @@
+sources:
+  cosign-2.2.4.tar.gz: f458ec8e5e44f9dbf9a6f44e58b816b50c69ff65
diff --git a/cosign.spec b/cosign.spec
new file mode 100644
index 0000000..487f96e
--- /dev/null
+++ b/cosign.spec
@@ -0,0 +1,48 @@
+%define		debug %nil
+%define		debug_package %nil
+
+Name:		cosign
+Version:	2.2.4
+Release:	1
+Summary:	Code signing and transparency for containers and binaries
+URL:		https://github.com/sigstore/cosign
+Source0:	%{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+License:	ASL 2.0
+Group:		Development/Other
+BuildRequires:	go
+BuildRequires:	git-core
+BuildRequires:	upx
+
+%description
+Signing OCI containers (and other artifacts) using Sigstore!
+
+Cosign aims to make signatures invisible infrastructure.
+
+Cosign supports:
+
+- "Keyless signing" with the Sigstore public good Fulcio 
+certificate authority and Rekor transparency log (default)
+- Hardware and KMS signing
+- Signing with a cosign generated encrypted private/public 
+keypair
+- Container Signing, Verification and Storage in an OCI 
+registry.
+- Bring-your-own PKI
+
+
+%prep
+%setup -q
+
+%build
+export GOPROXY=direct
+%make GIT_VERSION="v%{version}"
+
+upx %{name}
+
+%install
+install -Dm0755 %{name} %{buildroot}%{_bindir}/%{name}
+
+%files
+%doc README.md LICENSE
+%{_bindir}/%{name}
+