about summary refs log tree commit diff
path: root/pkgs/tools/security/rekor
diff options
context:
space:
mode:
authorThomas Gerbet <thomas@gerbet.me>2022-04-17 12:04:41 +0200
committerThomas Gerbet <thomas@gerbet.me>2022-04-17 12:04:41 +0200
commiteb86e75c1677203668a49045e87a350d40bc7e55 (patch)
treeaee899dd532d24be0d1d4b118280201d9afc8a38 /pkgs/tools/security/rekor
parent6a289abddde4065a9e14ab0450bfab10a822e2ad (diff)
rekor-cli, rekor-server: 0.5.0 -> 0.6.0
https://github.com/sigstore/rekor/releases/tag/v0.6.0

Used the same approach than in the Fulcio package to populate version
information.
Diffstat (limited to 'pkgs/tools/security/rekor')
-rw-r--r--pkgs/tools/security/rekor/default.nix29
1 files changed, 25 insertions, 4 deletions
diff --git a/pkgs/tools/security/rekor/default.nix b/pkgs/tools/security/rekor/default.nix
index 663cc38291cb3..69e0f0a2e9318 100644
--- a/pkgs/tools/security/rekor/default.nix
+++ b/pkgs/tools/security/rekor/default.nix
@@ -4,22 +4,43 @@ let
   generic = { pname, packageToBuild, description }:
     buildGoModule rec {
       inherit pname;
-      version = "0.5.0";
+      version = "0.6.0";
 
       src = fetchFromGitHub {
         owner = "sigstore";
         repo = "rekor";
         rev = "v${version}";
-        sha256 = "sha256-y8klkb0hyITxLhcNWF7RYRVwF8rclDKzQF/MJs6y//Y=";
+        sha256 = "sha256-cihue4DMqHLFVz5kLZf17EcwbkfBxlxtqmto5K11sIo=";
+        # populate values that require us to use git. By doing this in postFetch we
+        # can delete .git afterwards and maintain better reproducibility of the src.
+        leaveDotGit = true;
+        postFetch = ''
+          cd "$out"
+          git rev-parse HEAD > $out/COMMIT
+          # '0000-00-00T00:00:00Z'
+          date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
+          find "$out" -name .git -print0 | xargs -0 rm -rf
+        '';
       };
 
-      vendorSha256 = "sha256-0PPdnE3ND/YNIk50XkgBROpe5OhFiFre5Lwsml02DQU=";
+      vendorSha256 = "sha256-bJOWSf2MHeLdI1smFXCjN3PIFRcO76cDnxks+FgqZdY=";
 
       nativeBuildInputs = [ installShellFiles ];
 
       subPackages = [ packageToBuild ];
 
-      ldflags = [ "-s" "-w" "-X github.com/sigstore/rekor/pkg/api.GitVersion=v${version}" ];
+      ldflags = [
+        "-s"
+        "-w"
+        "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
+        "-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
+      ];
+
+      # ldflags based on metadata from git and source
+      preBuild = ''
+        ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)"
+        ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
+      '';
 
       postInstall = ''
         installShellCompletion --cmd ${pname} \
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-05 20:17:20 +0000