pkgs/tools/security/cosign/default.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / pkgs / tools / security / cosign / default.nix

at 22.05-pre 41 lines 1.4 kB view raw

 1{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, installShellFiles, PCSC, pivKeySupport ? true }:
 2
 3buildGoModule rec {
 4  pname = "cosign";
 5  version = "1.3.0";
 6
 7  src = fetchFromGitHub {
 8    owner = "sigstore";
 9    repo = pname;
10    rev = "v${version}";
11    sha256 = "sha256-VKlM+bsK2Oj0UB4LF10pHEIJqXv6cAO5rtxnTogpfOk=";
12  };
13
14  buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite)
15    ++ lib.optionals (stdenv.isDarwin && pivKeySupport) [ PCSC ];
16
17  nativeBuildInputs = [ pkg-config installShellFiles ];
18
19  vendorSha256 = "sha256-idMvvYeP5rAT6r9RPZ9S8K9KTpVYVq06ZKSBPxWA2ms=";
20
21  excludedPackages = "\\(sample\\|webhook\\|help\\)";
22
23  tags = lib.optionals pivKeySupport [ "pivkey" ];
24
25  ldflags = [ "-s" "-w" "-X github.com/sigstore/cosign/cmd/cosign/cli/options.GitVersion=v${version}" ];
26
27  postInstall = ''
28    installShellCompletion --cmd cosign \
29      --bash <($out/bin/cosign completion bash) \
30      --fish <($out/bin/cosign completion fish) \
31      --zsh <($out/bin/cosign completion zsh)
32  '';
33
34  meta = with lib; {
35    homepage = "https://github.com/sigstore/cosign";
36    changelog = "https://github.com/sigstore/cosign/releases/tag/v${version}";
37    description = "Container Signing CLI with support for ephemeral keys and Sigstore signing";
38    license = licenses.asl20;
39    maintainers = with maintainers; [ lesuisse jk ];
40  };
41}