fulcio: 0.3.0 -> 0.4.0

1 files changed, 26 insertions, 16 deletions

diff --git a/pkgs/tools/security/fulcio/default.nix b/pkgs/tools/security/fulcio/default.nix
index 4098a1015180b..86ba5a9b3bf45 100644
--- a/pkgs/tools/security/fulcio/default.nix
+++ b/pkgs/tools/security/fulcio/default.nix
@@ -2,47 +2,50 @@
 
 buildGoModule rec {
   pname = "fulcio";
-  version = "0.3.0";
+  version = "0.4.0";
 
   src = fetchFromGitHub {
     owner = "sigstore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-jcmjfNGruDhQPhVn5R2hdUr+d42qQnIVj8+CCX5HMMM=";
+    sha256 = "sha256-WxSN1pZ8E5vKMoqR5EkGgKnLuHYb5Wl2vzqPcPEkXWE=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;
     postFetch = ''
       cd "$out"
       git rev-parse HEAD > $out/COMMIT
-      # '0000-00-00T00:00:00Z'
-      date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
+      # 0000-00-00T00:00:00Z
+      date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
       find "$out" -name .git -print0 | xargs -0 rm -rf
     '';
   };
-  vendorSha256 = "sha256-WQ0MuNEJWCxKTjkyqA66bGPoMrS/7W/YTiGU3yd+Ge8=";
+  vendorSha256 = "sha256-v3H+uUERDHZB2ArruCOClCQFEEW8ANeReObww+1VKOI=";
 
-  # install completions post-install
   nativeBuildInputs = [ installShellFiles ];
 
-  excludedPackages = [ "federation" "test/prometheus" ];
+  subPackages = [ "." ];
 
   ldflags = [
     "-s"
     "-w"
-    "-X github.com/sigstore/fulcio/cmd/app.gitVersion=v${version}"
-    "-X github.com/sigstore/fulcio/cmd/app.gitTreeState=clean"
+    "-X github.com/sigstore/fulcio/pkg/api.gitVersion=v${version}"
+    "-X github.com/sigstore/fulcio/pkg/api.gitTreeState=clean"
   ];
 
   # ldflags based on metadata from git and source
   preBuild = ''
-    ldflags+=" -X github.com/sigstore/fulcio/cmd/app.gitCommit=$(cat COMMIT)"
-    ldflags+=" -X github.com/sigstore/fulcio/cmd/app.buildDate=$(cat SOURCE_DATE_EPOCH)"
+    ldflags+=" -X github.com/sigstore/fulcio/pkg/api.gitCommit=$(cat COMMIT)"
+    ldflags+=" -X github.com/sigstore/fulcio/pkg/api.buildDate=$(cat SOURCE_DATE_EPOCH)"
   '';
 
   preCheck = ''
-    # remove test that requires networking
-    rm pkg/config/config_test.go
+    # test all paths
+    unset subPackages
+
+    # skip test that requires networking
+    substituteInPlace pkg/config/config_test.go \
+      --replace "TestLoad" "SkipLoad"
   '';
 
   postInstall = ''
@@ -55,10 +58,8 @@ buildGoModule rec {
   doInstallCheck = true;
   installCheckPhase = ''
     runHook preInstallCheck
-
     $out/bin/fulcio --help
     $out/bin/fulcio version | grep "v${version}"
-
     runHook postInstallCheck
   '';
 
@@ -66,8 +67,17 @@ buildGoModule rec {
     homepage = "https://github.com/sigstore/fulcio";
     changelog = "https://github.com/sigstore/fulcio/releases/tag/v${version}";
     description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address";
+    longDescription = ''
+      Fulcio is a free code signing Certificate Authority, built to make
+      short-lived certificates available to anyone. Based on an Open ID Connect
+      email address, Fulcio signs x509 certificates valid for under 20 minutes.
+
+      Fulcio was designed to run as a centralized, public-good instance backed
+      up by other transparency logs. Development is now underway to support
+      different delegation models, and to deploy and run Fulcio as a
+      disconnected instance.
+    '';
     license = licenses.asl20;
     maintainers = with maintainers; [ lesuisse jk ];
-    mainProgram = "fulcio-server";
   };
 }