about summary refs log tree commit diff
path: root/pkgs/tools/security/cosign/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/cosign/default.nix')
-rw-r--r--pkgs/tools/security/cosign/default.nix13
1 files changed, 10 insertions, 3 deletions
diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix
index 0c934e3c6953c..54beab643a80f 100644
--- a/pkgs/tools/security/cosign/default.nix
+++ b/pkgs/tools/security/cosign/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "cosign";
-  version = "1.4.1";
+  version = "1.5.1";
 
   src = fetchFromGitHub {
     owner = "sigstore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-WjYW9Fo27wE1pg/BqYsdHd8jwd8jG5bk37HmU1DqnyE=";
+    sha256 = "sha256-hQFkbHOmtk0SqFSPw1+5nCvjq9cKsGzFPtK4jXDrubQ=";
   };
 
   buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite)
@@ -16,7 +16,7 @@ buildGoModule rec {
 
   nativeBuildInputs = [ pkg-config installShellFiles ];
 
-  vendorSha256 = "sha256-6T98zu55BQ26e43a1i68rhebaLwY/iFM8CRqRcv2QwI=";
+  vendorSha256 = "sha256-d3aOX4iMlhlxgYbqCHCIFKXunVha0Fw4ZBmy4OA6EhI=";
 
   excludedPackages = "\\(sample\\|webhook\\|help\\)";
 
@@ -24,6 +24,13 @@ buildGoModule rec {
 
   ldflags = [ "-s" "-w" "-X github.com/sigstore/cosign/pkg/version.GitVersion=v${version}" ];
 
+  postPatch = ''
+    rm pkg/cosign/tuf/client_test.go # Require network access
+    rm internal/pkg/cosign/fulcio/signer_test.go # Require network access
+    rm internal/pkg/cosign/rekor/signer_test.go # Require network access
+    rm pkg/cosign/kubernetes/webhook/validator_test.go # Require network access
+  '';
+
   postInstall = ''
     installShellCompletion --cmd cosign \
       --bash <($out/bin/cosign completion bash) \
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-10 16:23:03 +0000