search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
biome: 1.9.2 -> 1.9.3
[NixPkgs.git] / pkgs / tools / security / rekor / default.nix
blob054eec51a16c0b12ff8b7fdb8c418766eea4c834
1 { lib, buildGoModule, fetchFromGitHub, installShellFiles }:
2
3 let
4   generic = { pname, packageToBuild, description }:
5     buildGoModule rec {
6       inherit pname;
7       version = "1.3.6";
8
9       src = fetchFromGitHub {
10         owner = "sigstore";
11         repo = "rekor";
12         rev = "v${version}";
13         hash = "sha256-CGRR+rOlcFTfvXRxx6x7m0qK6YE6HZGvmMx+X7zu1sQ=";
14         # populate values that require us to use git. By doing this in postFetch we
15         # can delete .git afterwards and maintain better reproducibility of the src.
16         leaveDotGit = true;
17         postFetch = ''
18           cd "$out"
19           git rev-parse HEAD > $out/COMMIT
20           # '0000-00-00T00:00:00Z'
21           date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
22           find "$out" -name .git -print0 | xargs -0 rm -rf
23         '';
24       };
25
26       vendorHash = "sha256-PDf3nUvDDBg+POMpklx45VhhjlB55pUMRhQMlwq7lnI=";
27
28       nativeBuildInputs = [ installShellFiles ];
29
30       subPackages = [ packageToBuild ];
31
32       ldflags = [
33         "-s"
34         "-w"
35         "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
36         "-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
37       ];
38
39       # ldflags based on metadata from git and source
40       preBuild = ''
41         ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)"
42         ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
43       '';
44
45       postInstall = ''
46         installShellCompletion --cmd ${pname} \
47           --bash <($out/bin/${pname} completion bash) \
48           --fish <($out/bin/${pname} completion fish) \
49           --zsh <($out/bin/${pname} completion zsh)
50       '';
51
52       meta = with lib; {
53         inherit description;
54         homepage = "https://github.com/sigstore/rekor";
55         changelog = "https://github.com/sigstore/rekor/releases/tag/v${version}";
56         license = licenses.asl20;
57         maintainers = with maintainers; [ lesuisse jk developer-guy ];
58       };
59     };
60 in {
61   rekor-cli = generic {
62     pname = "rekor-cli";
63     packageToBuild = "cmd/rekor-cli";
64     description = "CLI client for Sigstore, the Signature Transparency Log";
65   };
66   rekor-server = generic {
67     pname = "rekor-server";
68     packageToBuild = "cmd/rekor-server";
69     description = "Sigstore server, the Signature Transparency Log";
70   };
71 }
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs