pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / tools / security / badrobot / default.nix
at 24.11-pre 46 lines 1.5 kB view raw
stuebinm treewide: add meta.mainProgram to packages with a single binary
ff1a94e5
1{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: 2 3buildGoModule rec { 4 pname = "badrobot"; 5 version = "0.1.3"; 6 7 src = fetchFromGitHub { 8 owner = "controlplaneio"; 9 repo = pname; 10 rev = "v${version}"; 11 sha256 = "sha256-mLBJLeB85QeC4PYH4FyOI8lHz1OxIJlJbqgDfXTNnhM="; 12 }; 13 vendorHash = "sha256-SB7gGgm7BwMSo4ocKX4UGB+OdjVY92S5YZfOmTl4VEk="; 14 15 nativeBuildInputs = [ installShellFiles ]; 16 17 ldflags = [ 18 "-s" 19 "-w" 20 "-X github.com/controlplaneio/badrobot/cmd.version=v${version}" 21 ]; 22 23 postInstall = '' 24 installShellCompletion --cmd badrobot \ 25 --bash <($out/bin/badrobot completion bash) \ 26 --fish <($out/bin/badrobot completion fish) \ 27 --zsh <($out/bin/badrobot completion zsh) 28 ''; 29 30 meta = with lib; { 31 homepage = "https://github.com/controlplaneio/badrobot"; 32 changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md"; 33 description = "Operator Security Audit Tool"; 34 mainProgram = "badrobot"; 35 longDescription = '' 36 Badrobot is a Kubernetes Operator audit tool. It statically analyses 37 manifests for high risk configurations such as lack of security 38 restrictions on the deployed controller and the permissions of an 39 associated clusterole. The risk analysis is primarily focussed on the 40 likelihood that a compromised Operator would be able to obtain full 41 cluster permissions. 42 ''; 43 license = with licenses; [ asl20 ]; 44 maintainers = with maintainers; [ jk ]; 45 }; 46}