mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 12:59:04 +02:00
ff1a94e523
The nixpkgs-unstable channel's programs.sqlite was used to identify packages producing exactly one binary, and these automatically added to their package definitions wherever possible.
85 lines
2.7 KiB
Nix
85 lines
2.7 KiB
Nix
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
|
|
|
|
buildGoModule rec {
|
|
pname = "fulcio";
|
|
version = "1.4.4";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "sigstore";
|
|
repo = pname;
|
|
rev = "v${version}";
|
|
sha256 = "sha256-zL+53GIGDQagWtsSHQT1Gn1hZUCpYF3uYKXmJWFGy7k=";
|
|
# populate values that require us to use git. By doing this in postFetch we
|
|
# can delete .git afterwards and maintain better reproducibility of the src.
|
|
leaveDotGit = true;
|
|
postFetch = ''
|
|
cd "$out"
|
|
git rev-parse HEAD > $out/COMMIT
|
|
# 0000-00-00T00:00:00Z
|
|
date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
|
|
find "$out" -name .git -print0 | xargs -0 rm -rf
|
|
'';
|
|
};
|
|
vendorHash = "sha256-B4/SIY9G5uEP+P+oSdhaMM7HRaHm5nq2jqXdIWxdP+8=";
|
|
|
|
nativeBuildInputs = [ installShellFiles ];
|
|
|
|
subPackages = [ "." ];
|
|
|
|
ldflags = [
|
|
"-s"
|
|
"-w"
|
|
"-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
|
|
"-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
|
|
];
|
|
|
|
# ldflags based on metadata from git and source
|
|
preBuild = ''
|
|
ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)"
|
|
ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
|
|
'';
|
|
|
|
preCheck = ''
|
|
# test all paths
|
|
unset subPackages
|
|
|
|
# skip test that requires networking
|
|
substituteInPlace pkg/config/config_network_test.go \
|
|
--replace "TestLoad" "SkipLoad"
|
|
'';
|
|
|
|
postInstall = ''
|
|
installShellCompletion --cmd fulcio \
|
|
--bash <($out/bin/fulcio completion bash) \
|
|
--fish <($out/bin/fulcio completion fish) \
|
|
--zsh <($out/bin/fulcio completion zsh)
|
|
'';
|
|
|
|
doInstallCheck = true;
|
|
installCheckPhase = ''
|
|
runHook preInstallCheck
|
|
$out/bin/fulcio --help
|
|
$out/bin/fulcio version 2>&1 | grep "v${version}"
|
|
runHook postInstallCheck
|
|
'';
|
|
|
|
meta = with lib; {
|
|
homepage = "https://github.com/sigstore/fulcio";
|
|
changelog = "https://github.com/sigstore/fulcio/releases/tag/v${version}";
|
|
description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address";
|
|
mainProgram = "fulcio";
|
|
longDescription = ''
|
|
Fulcio is a free code signing Certificate Authority, built to make
|
|
short-lived certificates available to anyone. Based on an Open ID Connect
|
|
email address, Fulcio signs x509 certificates valid for under 20 minutes.
|
|
|
|
Fulcio was designed to run as a centralized, public-good instance backed
|
|
up by other transparency logs. Development is now underway to support
|
|
different delegation models, and to deploy and run Fulcio as a
|
|
disconnected instance.
|
|
'';
|
|
license = licenses.asl20;
|
|
maintainers = with maintainers; [ lesuisse jk ];
|
|
};
|
|
}
|