diff options
author | 06kellyjac <dev@j-k.io> | 2022-02-25 11:58:14 +0000 |
---|---|---|
committer | 06kellyjac <dev@j-k.io> | 2022-03-01 08:53:35 +0000 |
commit | b17558d859b52cd4ac7a9a358f8960f1f14d57c9 (patch) | |
tree | 724ad347d7d497e353724131e3ef02ec35521ffc /pkgs/tools/security/witness | |
parent | 7a9bc465b1a6c11d68b62e3ed90a59138d0a180e (diff) |
witness: 0.1.1 -> 0.1.6
also: - added completions - enabled tests - added longDescription - added changelog - added myself as a maintainer
Diffstat (limited to 'pkgs/tools/security/witness')
-rw-r--r-- | pkgs/tools/security/witness/default.nix | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/pkgs/tools/security/witness/default.nix b/pkgs/tools/security/witness/default.nix index 571685afb4006..bb15d9d72cc05 100644 --- a/pkgs/tools/security/witness/default.nix +++ b/pkgs/tools/security/witness/default.nix @@ -1,25 +1,57 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: buildGoModule rec { pname = "witness"; - version = "0.1.1"; + version = "0.1.6"; src = fetchFromGitHub { owner = "testifysec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-NnDsiDUTCdjsHVA/mHnB8WRnvwFTzETkWUOd7IgMIWE="; + sha256 = "sha256-/35hIA6Wm/F5hwyLZbt4JXpwWISWbzVAWrX29r6pejY="; }; - vendorSha256 = "sha256-zkLparWJsuqrhOQxxV37dBqt6fwpSinTO+paJkbl+sM="; + vendorSha256 = "sha256-vXDsHHJknw9hsHx1mJA2c0CWwFbRXjCjitNWPh6V4yw="; + + nativeBuildInputs = [ installShellFiles ]; # We only want the witness binary, not the helper utilities for generating docs. subPackages = [ "cmd/witness" ]; + ldflags = [ + "-s" + "-w" + "-X github.com/testifysec/witness/cmd/witness/cmd.Version=v${version}" + ]; + + # Feed in all tests for testing + # This is because subPackages above limits what is built to just what we + # want but also limits the tests + preCheck = '' + unset subPackages + ''; + + postInstall = '' + installShellCompletion --cmd witness \ + --bash <($out/bin/witness completion bash) \ + --fish <($out/bin/witness completion fish) \ + --zsh <($out/bin/witness completion zsh) + ''; + meta = with lib; { description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; + longDescription = '' + Witness prevents tampering of build materials and verifies the integrity + of the build process from source to target. It works by wrapping commands + executed in a continuous integration process. Its attestation system is + pluggable and offers support out of the box for most major CI and + infrastructure providers. Verification of Witness metadata and a secure + PKI distribution system will mitigate against many software supply chain + attack vectors and can be used as a framework for automated governance. + ''; homepage = "https://github.com/testifysec/witness"; + changelog = "https://github.com/testifysec/witness/releases/tag/v${version}"; license = licenses.asl20; - maintainers = with maintainers; [ fkautz ]; + maintainers = with maintainers; [ fkautz jk ]; }; } |