diff options
author | 06kellyjac <dev@j-k.io> | 2022-06-17 20:14:55 +0100 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2022-06-17 20:14:55 +0100 |
commit | 34c91d44c8acc52a6b0eefbf378df48250590494 (patch) | |
tree | 7bec12782ec14eefa43b9512ca87bdad03aa07a9 /pkgs/tools/security/kdigger | |
parent | af97e1313dc3d05c22faa9b541e69c6bff02becb (diff) |
kdigger: init at 1.2.0
Diffstat (limited to 'pkgs/tools/security/kdigger')
-rw-r--r-- | pkgs/tools/security/kdigger/default.nix | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/pkgs/tools/security/kdigger/default.nix b/pkgs/tools/security/kdigger/default.nix new file mode 100644 index 0000000000000..5067d4003274a --- /dev/null +++ b/pkgs/tools/security/kdigger/default.nix @@ -0,0 +1,82 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +, installShellFiles +, fetchpatch +}: + +buildGoModule rec { + pname = "kdigger"; + version = "1.2.0"; + + src = fetchFromGitHub { + owner = "quarkslab"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-j4HIwfRIUpV25DmbQ+9go8aJMEYaFDPxrdr/zGWBeVU="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; + }; + vendorSha256 = "sha256-3vn3MsE/4lBw89wgYgzm0RuJJ5RQTkgS6O74PpfFcUk="; + + patches = [ + (fetchpatch { + name = "simplify-ldflags.patch"; + url = "https://github.com/quarkslab/kdigger/pull/2.patch"; + sha256 = "sha256-d/NdoAdnheVgdqr2EF2rNn3gJvbjRZtOKFw2DqWR8TY="; + }) + ]; + + nativeBuildInputs = [ installShellFiles ]; + + CGO_ENABLED = 0; + ldflags = [ + "-s" + "-w" + "-X github.com/quarkslab/kdigger/commands.VERSION=v${version}" + "-X github.com/quarkslab/kdigger/commands.BUILDERARCH=${stdenv.hostPlatform.linuxArch}" + ]; + + preBuild = '' + ldflags+=" -X github.com/quarkslab/kdigger/commands.GITCOMMIT=$(cat COMMIT)" + ''; + + postInstall = '' + installShellCompletion --cmd kdigger \ + --bash <($out/bin/kdigger completion bash) \ + --fish <($out/bin/kdigger completion fish) \ + --zsh <($out/bin/kdigger completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/kdigger --help + + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/quarkslab/kdigger"; + changelog = "https://github.com/quarkslab/kdigger/releases/tag/v${version}"; + description = "An in-pod context discovery tool for Kubernetes penetration testing"; + longDescription = '' + kdigger, short for "Kubernetes digger", is a context discovery tool for + Kubernetes penetration testing. This tool is a compilation of various + plugins called buckets to facilitate pentesting Kubernetes from inside a + pod. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + # aarch64-linux support progress - https://github.com/quarkslab/kdigger/issues/3 + platforms = [ "x86_64-linux" ]; + }; +} |