git: e4a9ef0dd38b - main - security/cosign: New port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 04 May 2025 18:45:16 UTC
The branch main has been updated by bofh:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389
commit e4a9ef0dd38bcab6535b4d6ad4bdc8c3f3abd389
Author: Muhammad Moinur Rahman <bofh@FreeBSD.org>
AuthorDate: 2025-05-03 13:26:50 +0000
Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2025-05-04 18:44:46 +0000
security/cosign: New port
Signing OCI containers and other artifacts using Sigstore
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- "Keyless signing" with the Sigstore public good Fulcio certificate
authority and Rekor transparency log (default)
- Hardware and KMS signing
- Signing with a cosign generated encrypted private/public keypair
- Container Signing, Verification and Storage in an OCI registry.
- Bring-your-own PKI
WWW: https://github.com/sigstore/cosign
---
security/Makefile | 1 +
security/cosign/Makefile | 35 +++++++++++++++++++++++++++++++++++
security/cosign/distinfo | 5 +++++
security/cosign/pkg-descr | 9 +++++++++
4 files changed, 50 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index e2ae4779a379..ed0df1b17e93 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -100,6 +100,7 @@
SUBDIR += clamtk
SUBDIR += cloak
SUBDIR += cops
+ SUBDIR += cosign
SUBDIR += courier-authlib
SUBDIR += courier-authlib-base
SUBDIR += courierpassd
diff --git a/security/cosign/Makefile b/security/cosign/Makefile
new file mode 100644
index 000000000000..5a8e00d37bc2
--- /dev/null
+++ b/security/cosign/Makefile
@@ -0,0 +1,35 @@
+PORTNAME= cosign
+DISTVERSIONPREFIX= v
+DISTVERSION= 2.5.0
+CATEGORIES= security
+
+MAINTAINER= bofh@FreeBSD.org
+COMMENT= Signing OCI containers and other artifacts using Sigstore
+WWW= https://www.sigstore.dev/
+
+LICENSE= APACHE20
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+USES= cpe go:1.23,modules
+CPE_VENDOR= sigstore
+
+GO_MODULE= github.com/sigstore/cosign/v2
+GO_TARGET= ./cmd/${PORTNAME}
+GO_BUILDFLAGS= -ldflags="-buildid= \
+ -X sigs.k8s.io/release-utils/version.gitVersion=$(DISTVERSION) \
+ -X sigs.k8s.io/release-utils/version.gitCommit=$(GIT_HASH) \
+ -X sigs.k8s.io/release-utils/version.gitTreeState=clean \
+ -X sigs.k8s.io/release-utils/version.buildDate=${SOURCE_DATE_EPOCH:U${SOURCE_DATE_EPOCH_CMD:sh}}"
+
+PLIST_FILES= bin/${PORTNAME}
+
+GIT_HASH= 38bb98697005cdc5c092f031594c0e45d039f4a0
+
+.include <bsd.port.pre.mk>
+
+# Bring DISTINFO_FILE into scope so we can get the timestamp.
+SOURCE_DATE_EPOCH_CMD= date -ur \
+ $$(${GREP} -m1 TIMESTAMP ${DISTINFO_FILE} | ${SED} -e 's/[^0-9]//g') \
+ '+%Y-%m-%dT%H:%M:%SZ'
+
+.include <bsd.port.post.mk>
diff --git a/security/cosign/distinfo b/security/cosign/distinfo
new file mode 100644
index 000000000000..6a77534390e6
--- /dev/null
+++ b/security/cosign/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1746276026
+SHA256 (go/security_cosign/cosign-v2.5.0/v2.5.0.mod) = fc290766dd5324141caa63fed997ce4b975b0a5b9eb2345c43db315bd8969e4e
+SIZE (go/security_cosign/cosign-v2.5.0/v2.5.0.mod) = 14751
+SHA256 (go/security_cosign/cosign-v2.5.0/v2.5.0.zip) = 930d7c766f230d56063bc42a2a4cee77260e4fd5d79a6200c531e5e99b354b0c
+SIZE (go/security_cosign/cosign-v2.5.0/v2.5.0.zip) = 1260158
diff --git a/security/cosign/pkg-descr b/security/cosign/pkg-descr
new file mode 100644
index 000000000000..7e8fb80af2d7
--- /dev/null
+++ b/security/cosign/pkg-descr
@@ -0,0 +1,9 @@
+Cosign aims to make signatures invisible infrastructure.
+
+Cosign supports:
+- "Keyless signing" with the Sigstore public good Fulcio certificate
+ authority and Rekor transparency log (default)
+- Hardware and KMS signing
+- Signing with a cosign generated encrypted private/public keypair
+- Container Signing, Verification and Storage in an OCI registry.
+- Bring-your-own PKI