rekor/rekor.spec

%define		debug %nil
%define		debug_package %nil

Name:		rekor
Version:	1.3.9
Release:	1
Summary:	Software Supply Chain Transparency Log
URL:		https://sigstore.dev
Source0:	https://github.com/sigstore/rekor/archive/v%{version}/%{name}-%{version}.tar.gz
License:	ASL 2.0
Group:		Development/Other
BuildRequires:	go
BuildRequires:	git-core
BuildRequires:	upx
BuildRequires:	pkgconfig(openssl3.3)

%description
Rekor's goals are to provide an immutable tamper resistant
ledger of metadata generated within a software projects 
supply chain. Rekor will enable software maintainers and 
build systems to record signed metadata to an immutable 
record. Other parties can then query said metadata to 
enable them to make informed decisions on trust and
non-repudiation of an object's lifecycle. For more details
visit the sigstore website.

The Rekor project provides a restful API based server for
validation and a transparency log for storage. A CLI 
application is available to make and verify entries, query
the transparency log for inclusion proof, integrity 
verification of the transparency log or retrieval of entries
by either public key or artifact.

Rekor fulfils the signature transparency role of sigstore's
software signing infrastructure. However, Rekor can be run
on its own and is designed to be extensible to working with
different manifest schemas and PKI tooling.

%prep
%setup -q

%build
export GOPROXY=https://proxy.golang.org/cached-only
export GIT_VERSION=%{version}
%make

upx %{name}-cli %{name}-server

%install
install -Dm0755 %{name}-cli %{buildroot}%{_bindir}/%{name}-cli
install -Dm0755 %{name}-server %{buildroot}%{_bindir}/%{name}-server

%files
%doc README.md LICENSE COPYRIGHT.txt *.md config Dockerfile* docker-compose*.yml scripts rekor-server.yaml
%{_bindir}/%{name}-cli
%{_bindir}/%{name}-server