pkgs/servers/spicedb/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


{ lib
, buildGoModule
, fetchFromGitHub
, fetchpatch
}:

buildGoModule rec {
  pname = "spicedb";
  version = "1.25.0";

  src = fetchFromGitHub {
    owner = "authzed";
    repo = "spicedb";
    rev = "v${version}";
    hash = "sha256-+/0raANdWXPnme/l82wzbhf+kYggBvs4iYswDUPFjlI=";
  };

  patches = [
    (fetchpatch {
      name = "CVE-2023-46255.patch";
      url = "https://github.com/authzed/spicedb/commit/ae50421b80f895e4c98d999b18e06b6f1e6f1cf8.patch";
      hash = "sha256-6VYye1lJkUxekRI870KonP+IFk61HkCS1NGhrJ3Vhv8=";
    })
    (fetchpatch {
      name = "CVE-2024-27101.patch";
      url = "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe.patch";
      hash = "sha256-8xXM0EBxJ0hI7RtURFxmRpYqGdSGZ/jZVP4KAuh2E/U=";
    })
  ];

  vendorHash = "sha256-r0crxfE3XtsT4+5lWNY6R/bcuxq2WeongK9l7ABXQo8=";

  subPackages = [ "cmd/spicedb" ];

  meta = with lib; {
    description = "Open source permission database";
    longDescription = ''
      SpiceDB is an open-source permissions database inspired by
      Google Zanzibar.
    '';
    homepage = "https://authzed.com/";
    license = licenses.asl20;
    maintainers = with maintainers; [ thoughtpolice ];
    mainProgram = "spicedb";
  };
}