restore SPECS/helm

LICENSES-AND-NOTICES/SPECS/data/licenses.json

@@ -2359,6 +2359,7 @@
                 "GSL",
                 "gstreamer1",
                 "gtk-update-icon-cache",
+                "helm",
                 "intel-pf-bb-config",
                 "ivykis",
                 "jsonbuilder",

SPECS/helm/generate_source_tarball.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# Quit on failure
+set -e
+
+PKG_VERSION=""
+SRC_TARBALL=""
+OUT_FOLDER="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+# parameters:
+#
+# --srcTarball  : src tarball file
+#                 this file contains the 'initial' source code of the component
+#                 and should be replaced with the new/modified src code
+# --outFolder   : folder where to copy the new tarball(s)
+# --pkgVersion  : package version
+#
+PARAMS=""
+while (( "$#" )); do
+    case "$1" in
+        --srcTarball)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            SRC_TARBALL=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        --outFolder)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            OUT_FOLDER=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        --pkgVersion)
+        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+            PKG_VERSION=$2
+            shift 2
+        else
+            echo "Error: Argument for $1 is missing" >&2
+            exit 1
+        fi
+        ;;
+        -*|--*=) # unsupported flags
+        echo "Error: Unsupported flag $1" >&2
+        exit 1
+        ;;
+        *) # preserve positional arguments
+        PARAMS="$PARAMS $1"
+        shift
+        ;;
+  esac
+done
+
+echo "--srcTarball   -> $SRC_TARBALL"
+echo "--outFolder    -> $OUT_FOLDER"
+echo "--pkgVersion   -> $PKG_VERSION"
+
+if [ -z "$PKG_VERSION" ]; then
+    echo "--pkgVersion parameter cannot be empty"
+    exit 1
+fi
+
+echo "-- create temp folder"
+tmpdir=$(mktemp -d)
+function cleanup {
+    echo "+++ cleanup -> remove $tmpdir"
+    rm -rf $tmpdir
+}
+trap cleanup EXIT
+
+pushd $tmpdir > /dev/null
+
+NAME="helm"
+NAME_VER="$NAME-$PKG_VERSION"
+VENDOR_TARBALL="$OUT_FOLDER/$NAME_VER-vendor.tar.gz"
+
+echo "Unpacking source tarball..."
+tar -xf $SRC_TARBALL
+
+cd "$NAME_VER"
+echo "Get vendored modules"
+go mod vendor
+
+echo "Tar vendored modules"
+tar  --sort=name \
+     --mtime="2021-04-26 00:00Z" \
+     --owner=0 --group=0 --numeric-owner \
+     --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+     -cf "$VENDOR_TARBALL" vendor
+
+popd > /dev/null
+echo "$NAME vendored modules are available at $VENDOR_TARBALL"

SPECS/helm/helm.signatures.json

@@ -0,0 +1,6 @@
+{
+ "Signatures": {
+  "helm-3.18.3-vendor.tar.gz": "dab598d7d52c4da5f91f6890d8b8a4664ed8d3c54d2834ebaa23b67c2f008306",
+  "helm-3.18.3.tar.gz": "9e8f43ebf48786f41fd83ca67405c7f73753a46c65c041e51888a142c82cab96"
+ }
+}

SPECS/helm/helm.spec

@@ -0,0 +1,158 @@
+%global debug_package %{nil}
+
+Name:          helm
+Version:       3.18.3
+Release:       1%{?dist}
+Summary:       The Kubernetes Package Manager
+Group:         Applications/Networking
+License:       Apache 2.0
+Vendor:        Intel Corporation
+Distribution:  Edge Microvisor Toolkit
+Url:           https://helm.sh/
+Source0:       https://github.com/helm/helm/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Below is a manually created tarball, no download link.
+# We're using pre-populated Go modules from this tarball, since network is disabled during build time.
+# How to re-build this file:
+#   1. wget https://github.com/helm/helm/archive/v%%{version}.tar.gz -O %%{name}-%%{version}.tar.gz
+#   2. tar -xf %%{name}-%%{version}.tar.gz
+#   3. cd %%{name}-%%{version}
+#   4. go mod vendor
+#   5. tar  --sort=name \
+#           --mtime="2021-04-26 00:00Z" \
+#           --owner=0 --group=0 --numeric-owner \
+#           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+#           -cf %%{name}-%%{version}-vendor.tar.gz vendor
+#
+Source1:       %{name}-%{version}-vendor.tar.gz
+BuildRequires: golang
+
+%description
+Helm is a tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes.
+
+%prep
+%autosetup -N
+tar -xf %{SOURCE1} --no-same-owner
+
+%build
+export VERSION=%{version}
+for cmd in cmd/* ; do
+    go build -tags '' -ldflags '-w -s -X helm.sh/helm/v3/internal/version.version=v%{version} -X helm.sh/helm/v3/internal/version.metadata= -X helm.sh/helm/v3/internal/version.gitCommit= -X helm.sh/helm/v3/internal/version.gitTreeState=clean ' \
+    -mod=vendor -v -o $(basename $cmd) ./$cmd
+done
+
+%install
+install -d -m 755 %{buildroot}%{_bindir}
+install -m 755 ./helm %{buildroot}%{_bindir}
+
+%files
+%license LICENSE
+%doc ADOPTERS.md SECURITY.md code-of-conduct.md CONTRIBUTING.md README.md
+%{_bindir}/helm
+
+%check
+go test -v ./cmd/helm
+
+%changelog
+* Thu Jun 26 2025 Aaron Dorney <[email protected]> - 3.18.3-1
+- Bump Release to rebuild and remove CVE patch
+
+* Fri Mar 21 2025 Anuj Mittal <[email protected]> - 3.15.2-3
+- Bump Release to rebuild
+
+* Tue Dec 31 2024 Rohit Rawat <[email protected]> - 3.15.2-2
+- Add patch for CVE-2024-45338
+
+* Wed Jul 10 2024 Sumedh Sharma <[email protected]> - 3.15.2-1
+- Bump package version to address CVE-2023-45288 & CVE-2023-44487
+- Remove patches fixed in sources
+
+* Wed May 29 2024 Neha Agarwal <[email protected]> - 3.13.2-3
+- Patch CVE-2024-25620
+
+* Wed May 22 2024 Neha Agarwal <[email protected]> - 3.13.2-2
+- Patch CVE-2024-26147
+
+* Fri Nov 10 2023 Nicolas Guibourge <[email protected]> - 3.13.2-1
+- Upgrade to 3.13.2 - Azure Linux 3.0 - package upgrades
+
+* Mon Oct 16 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-11
+- Bump release to rebuild with go 1.20.10
+
+* Tue Oct 10 2023 Dan Streetman <[email protected]> - 3.10.3-10
+- Bump release to rebuild with updated version of Go.
+
+* Mon Aug 07 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-9
+- Bump release to rebuild with go 1.19.12
+
+* Thu Jul 13 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-8
+- Bump release to rebuild with go 1.19.11
+
+* Thu Jun 15 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-7
+- Bump release to rebuild with go 1.19.10
+
+* Wed Apr 05 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-6
+- Bump release to rebuild with go 1.19.8
+
+* Tue Mar 28 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-5
+- Bump release to rebuild with go 1.19.7
+
+* Wed Mar 15 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-4
+- Bump release to rebuild with go 1.19.6
+
+* Thu Feb 16 2023 Suresh Thelkar <[email protected]> - 3.10.3-3
+- Patch CVE-2023-25165
+- License verified.
+
+* Wed Jan 18 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-2
+- - Set golang <= 1.18.8 build requires
+
+* Wed Jan 04 2023 CBL-Mariner Servicing Account <[email protected]> - 3.10.3-1
+- Auto-upgrade to 3.10.3 - to fix CVE-2022-23524
+
+* Thu Dec 22 2022 Nan Liu <[email protected]> - 3.9.4-5
+- Enable the check tests
+
+* Wed Dec 21 2022 Nan Liu <[email protected]> - 3.9.4-4
+- Patch CVE-2022-23525, CVE-2022-23526
+
+* Fri Dec 16 2022 Daniel McIlvaney <[email protected]> - 3.9.4-3
+- Bump release to rebuild with go 1.18.8 with patch for CVE-2022-41717
+
+* Tue Nov 01 2022 Olivia Crain <[email protected]> - 3.9.4-2
+- Bump release to rebuild with go 1.18.8
+
+* Mon Oct 24 2022 CBL-Mariner Servicing Account <[email protected]> - 3.9.4-1
+- Upgrade to 3.9.4
+
+* Mon Aug 22 2022 Olivia Crain <[email protected]> - 3.9.3-2
+- Bump release to rebuild against Go 1.18.5
+
+* Mon Aug 22 2022 Suresh Babu Chalamalasetty <[email protected]> 3.9.3-1
+- Update helm version to 3.9.3
+- Fix version info not displaying correct version.
+
+* Tue Jun 14 2022 Muhammad Falak <[email protected]> - 3.4.1-5
+- Bump release to rebuild with golang 1.18.3
+- License verified
+
+* Mon Sep 20 2021 Henry Beberman <[email protected]> - 3.4.1-4
+- Patch CVE-2021-32690
+
+* Mon Sep 20 2021 Henry Beberman <[email protected]> - 3.4.1-3
+- Patch CVE-2021-21303
+
+* Tue Aug 17 2021 Henry Li <[email protected]> 3.4.1-2
+- Update and rename vendor source tarball
+- Use go to build the project from vendor source
+- Remove glide and ca-certificates from BR
+- Modify file section to add license and document files
+
+* Wed Nov 25 2020 Suresh Babu Chalamalasetty <[email protected]> 3.4.1-1
+- Update helm version 3
+
+* Tue Jun 02 2020 Paul Monson <[email protected]> 2.14.3-2
+- Rename go to golang
+- Add ca-certificates temporarily
+
+* Thu Oct 17 2019 Andrew Phelps <[email protected]> 2.14.3-1
+- Original version for CBL-Mariner

cgmanifest.json

@@ -5355,6 +5355,16 @@
         }
       }
     },
+    {
+      "component": { 
+        "type": "other", 
+        "other": {
+          "name": "helm",
+          "version": "3.18.3",
+          "downloadUrl": "https://github.com/helm/helm/archive/refs/tags/v3.18.3.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",