From a1ff4c7f7bfb5ca11aa3f7bf7bd01986f527ca52 Mon Sep 17 00:00:00 2001 From: "Danilo M." Date: Tue, 5 May 2026 16:49:23 +0200 Subject: Added: gitleaks slackbuild --- gitleaks/README | 19 +++++++ gitleaks/gitleaks.SlackBuild | 129 +++++++++++++++++++++++++++++++++++++++++++ gitleaks/gitleaks.info | 10 ++++ gitleaks/slack-desc | 19 +++++++ 4 files changed, 177 insertions(+) create mode 100644 gitleaks/README create mode 100644 gitleaks/gitleaks.SlackBuild create mode 100644 gitleaks/gitleaks.info create mode 100644 gitleaks/slack-desc (limited to 'gitleaks') diff --git a/gitleaks/README b/gitleaks/README new file mode 100644 index 0000000..be165d2 --- /dev/null +++ b/gitleaks/README @@ -0,0 +1,19 @@ +gitleaks (detect secrets in git repositories) + +Gitleaks is a fast, lightweight tool for detecting hardcoded secrets +such as API keys, passwords, and tokens in git repositories. It uses +a combination of regex pattern matching and entropy analysis to scan +commit history, staged files, and the working directory. + +It is commonly used as a pre-commit or pre-push git hook to prevent +accidental exposure of credentials before they reach a remote +repository. Over 150 secret types are supported out of the box, +and custom rules can be defined via a TOML configuration file. + +Gitleaks is distributed as a statically linked Go binary. No +runtime dependencies are required. + +Optional: A custom rules file can be passed at runtime: + gitleaks detect --config /path/to/config.toml + +Homepage: https://github.com/gitleaks/gitleaks diff --git a/gitleaks/gitleaks.SlackBuild b/gitleaks/gitleaks.SlackBuild new file mode 100644 index 0000000..ad3d846 --- /dev/null +++ b/gitleaks/gitleaks.SlackBuild @@ -0,0 +1,129 @@ +#!/bin/bash +# +# Slackware build script for gitleaks +# +# Copyright 2026 danix +# All rights reserved. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version, with the following exception: +# the text of the GPL license may be omitted. + +# This program is distributed in the hope that it will be useful, but +# without any warranty; without even the implied warranty of +# merchantability or fitness for a particular purpose. Compiling, +# interpreting, executing or merely reading the text of the program +# may result in lapses of consciousness and/or very being, up to and +# including the end of all existence and the Universe as we know it. +# See the GNU General Public License for more details. + +# You may have received a copy of the GNU General Public License along +# with this program (most likely, a file named COPYING). If not, see +# . +# + +cd $(dirname $0) ; CWD=$(pwd) + +PRGNAM=gitleaks +VERSION=${VERSION:-8.30.1} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +PKGTYPE=${PKGTYPE:-tgz} +ARCH=x86_64 + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME:-""}" ]; then + echo "$PRGNAM-$VERSION-$ARCH-$BUILD.txz " + exit 0 +fi + +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=pentium4 -mtune=generic" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -march=x86-64 -mtune=generic -fPIC -pipe -fomit-frame-pointer" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + + +# Use vendor mode if directory is present; otherwise, fallback to readonly +# to prevent automatic go.mod updates during the build process. +if [ -d vendor ]; then + MOD_STRATEGY="-mod=vendor" +else + MOD_STRATEGY="-mod=readonly" +fi + +# Standard Slackware CGO flags to respect $SLKCFLAGS +export CGO_CPPFLAGS="$SLKCFLAGS" +export CGO_CFLAGS="$SLKCFLAGS" +export CGO_CXXFLAGS="$SLKCFLAGS" + +# Setup local Go environment to avoid polluting the user's home directory +# Using a hidden directory within the build root +export GOPATH="$(pwd)/.gocache" +export GOPROXY="https://proxy.golang.org,direct" + +# Optimized GOFLAGS for Slackware: +# -buildmode=pie: Enable Position Independent Executable for security +# -trimpath: Remove local file system paths from the resulting binary +# -modcacherw: Ensure the module cache is writable (prevents permission issues during cleanup) +export GOFLAGS="$MOD_STRATEGY -trimpath -modcacherw" + +# Linker flags: +# -s: Omit the symbol table and debug information +# -w: Omit the DWARF symbol table +# -linkmode=external: Ensure proper linking with Slackware's glibc +LIB_LDFLAGS="-linkmode=external -s -w" + +mkdir -p "$PKG"/usr/bin +# Compile all packages in the module +go build -ldflags="$LIB_LDFLAGS" -o "$PKG"/usr/bin/$PRGNAM . + +# Optional: Clean up the temporary Go cache after build to save space +rm -rf "$GOPATH" + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs -r strip --strip-unneeded 2> /dev/null || true +find $PKG | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs -r strip -g 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + CONTRIBUTING.md LICENSE README.md USERS.md \ + $PKG/usr/doc/$PRGNAM-$VERSION 2>/dev/null || true +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/gitleaks/gitleaks.info b/gitleaks/gitleaks.info new file mode 100644 index 0000000..57d3797 --- /dev/null +++ b/gitleaks/gitleaks.info @@ -0,0 +1,10 @@ +PRGNAM="gitleaks" +VERSION="8.30.1" +HOMEPAGE="https://gitleaks.io" +DOWNLOAD="https://github.com/gitleaks/gitleaks/archive/v8.30.1/gitleaks-8.30.1.tar.gz" +MD5SUM="28b0603a5c14aa8046720e474f617c30" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="danix" +EMAIL="danix@danix.xyz" diff --git a/gitleaks/slack-desc b/gitleaks/slack-desc new file mode 100644 index 0000000..74d9097 --- /dev/null +++ b/gitleaks/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +gitleaks: gitleaks (a tool for detecting secrets in git repos.) +gitleaks: +gitleaks: Gitleaks is a tool for detecting secrets like passwords, API keys, +gitleaks: and tokens in git repos, files, and whatever else you wanna throw +gitleaks: at it via stdin. +gitleaks: +gitleaks: +gitleaks: Homepage: https://gitleaks.io/ +gitleaks: +gitleaks: +gitleaks: -- cgit v1.2.3