pkgs/tools/security/rekor/default.nix at devShellTools-shell

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / tools / security / rekor / default.nix
at devShellTools-shell 86 lines 2.5 kB view raw
wrap content
 1{
 2  lib,
 3  buildGoModule,
 4  fetchFromGitHub,
 5  installShellFiles,
 6}:
 7
 8let
 9  generic =
10    {
11      pname,
12      packageToBuild,
13      description,
14    }:
15    buildGoModule rec {
16      inherit pname;
17      version = "1.3.10";
18
19      src = fetchFromGitHub {
20        owner = "sigstore";
21        repo = "rekor";
22        rev = "v${version}";
23        hash = "sha256-fxBLh7QrBBkUsVrONeFmrXtmRGNgkH7WnncMQ+E56Ok=";
24        # populate values that require us to use git. By doing this in postFetch we
25        # can delete .git afterwards and maintain better reproducibility of the src.
26        leaveDotGit = true;
27        postFetch = ''
28          cd "$out"
29          git rev-parse HEAD > $out/COMMIT
30          # '0000-00-00T00:00:00Z'
31          date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
32          find "$out" -name .git -print0 | xargs -0 rm -rf
33        '';
34      };
35
36      vendorHash = "sha256-2ddpzKzVlmOgxsBtLB28fKZ2o4QvtrNZC+1wOny3Amk=";
37
38      nativeBuildInputs = [ installShellFiles ];
39
40      subPackages = [ packageToBuild ];
41
42      ldflags = [
43        "-s"
44        "-w"
45        "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
46        "-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
47      ];
48
49      # ldflags based on metadata from git and source
50      preBuild = ''
51        ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)"
52        ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
53      '';
54
55      postInstall = ''
56        installShellCompletion --cmd ${pname} \
57          --bash <($out/bin/${pname} completion bash) \
58          --fish <($out/bin/${pname} completion fish) \
59          --zsh <($out/bin/${pname} completion zsh)
60      '';
61
62      meta = with lib; {
63        inherit description;
64        homepage = "https://github.com/sigstore/rekor";
65        changelog = "https://github.com/sigstore/rekor/releases/tag/v${version}";
66        license = licenses.asl20;
67        maintainers = with maintainers; [
68          lesuisse
69          jk
70          developer-guy
71        ];
72      };
73    };
74in
75{
76  rekor-cli = generic {
77    pname = "rekor-cli";
78    packageToBuild = "cmd/rekor-cli";
79    description = "CLI client for Sigstore, the Signature Transparency Log";
80  };
81  rekor-server = generic {
82    pname = "rekor-server";
83    packageToBuild = "cmd/rekor-server";
84    description = "Sigstore server, the Signature Transparency Log";
85  };
86}