diff options
author | 06kellyjac <dev@j-k.io> | 2022-04-27 15:57:35 +0100 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2022-04-27 15:57:35 +0100 |
commit | 0094e13d47837595c4012f9adbca27a99f55bb54 (patch) | |
tree | 3d02e7feedd6756af06eca5caec8684cfc15adee /pkgs/tools/security/fulcio | |
parent | c3dabb43e3e45a0ca7dab0836d52282f7e251555 (diff) |
fulcio: 0.3.0 -> 0.4.0
Diffstat (limited to 'pkgs/tools/security/fulcio')
-rw-r--r-- | pkgs/tools/security/fulcio/default.nix | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/pkgs/tools/security/fulcio/default.nix b/pkgs/tools/security/fulcio/default.nix index 4098a1015180b..86ba5a9b3bf45 100644 --- a/pkgs/tools/security/fulcio/default.nix +++ b/pkgs/tools/security/fulcio/default.nix @@ -2,47 +2,50 @@ buildGoModule rec { pname = "fulcio"; - version = "0.3.0"; + version = "0.4.0"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-jcmjfNGruDhQPhVn5R2hdUr+d42qQnIVj8+CCX5HMMM="; + sha256 = "sha256-WxSN1pZ8E5vKMoqR5EkGgKnLuHYb5Wl2vzqPcPEkXWE="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; postFetch = '' cd "$out" git rev-parse HEAD > $out/COMMIT - # '0000-00-00T00:00:00Z' - date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH + # 0000-00-00T00:00:00Z + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-WQ0MuNEJWCxKTjkyqA66bGPoMrS/7W/YTiGU3yd+Ge8="; + vendorSha256 = "sha256-v3H+uUERDHZB2ArruCOClCQFEEW8ANeReObww+1VKOI="; - # install completions post-install nativeBuildInputs = [ installShellFiles ]; - excludedPackages = [ "federation" "test/prometheus" ]; + subPackages = [ "." ]; ldflags = [ "-s" "-w" - "-X github.com/sigstore/fulcio/cmd/app.gitVersion=v${version}" - "-X github.com/sigstore/fulcio/cmd/app.gitTreeState=clean" + "-X github.com/sigstore/fulcio/pkg/api.gitVersion=v${version}" + "-X github.com/sigstore/fulcio/pkg/api.gitTreeState=clean" ]; # ldflags based on metadata from git and source preBuild = '' - ldflags+=" -X github.com/sigstore/fulcio/cmd/app.gitCommit=$(cat COMMIT)" - ldflags+=" -X github.com/sigstore/fulcio/cmd/app.buildDate=$(cat SOURCE_DATE_EPOCH)" + ldflags+=" -X github.com/sigstore/fulcio/pkg/api.gitCommit=$(cat COMMIT)" + ldflags+=" -X github.com/sigstore/fulcio/pkg/api.buildDate=$(cat SOURCE_DATE_EPOCH)" ''; preCheck = '' - # remove test that requires networking - rm pkg/config/config_test.go + # test all paths + unset subPackages + + # skip test that requires networking + substituteInPlace pkg/config/config_test.go \ + --replace "TestLoad" "SkipLoad" ''; postInstall = '' @@ -55,10 +58,8 @@ buildGoModule rec { doInstallCheck = true; installCheckPhase = '' runHook preInstallCheck - $out/bin/fulcio --help $out/bin/fulcio version | grep "v${version}" - runHook postInstallCheck ''; @@ -66,8 +67,17 @@ buildGoModule rec { homepage = "https://github.com/sigstore/fulcio"; changelog = "https://github.com/sigstore/fulcio/releases/tag/v${version}"; description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address"; + longDescription = '' + Fulcio is a free code signing Certificate Authority, built to make + short-lived certificates available to anyone. Based on an Open ID Connect + email address, Fulcio signs x509 certificates valid for under 20 minutes. + + Fulcio was designed to run as a centralized, public-good instance backed + up by other transparency logs. Development is now underway to support + different delegation models, and to deploy and run Fulcio as a + disconnected instance. + ''; license = licenses.asl20; maintainers = with maintainers; [ lesuisse jk ]; - mainProgram = "fulcio-server"; }; } |