pkgs/tools/admin/boulder/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / admin / boulder / default.nix
at netboot-syslinux-multiplatform 101 lines 2.7 kB view raw
  1{ lib
  2, fetchFromGitHub
  3, buildGoModule
  4, testers
  5, boulder
  6}:
  7
  8buildGoModule rec {
  9  pname = "boulder";
 10  version = "2022-09-29";
 11
 12  src = fetchFromGitHub {
 13    owner = "letsencrypt";
 14    repo = "boulder";
 15    rev = "release-${version}";
 16    leaveDotGit = true;
 17    postFetch = ''
 18      cd $out
 19      git rev-parse --short=8 HEAD 2>/dev/null >$out/COMMIT
 20      find "$out" -name .git -print0 | xargs -0 rm -rf
 21    '';
 22    hash = "sha256-MyJHTkt4qEHwD1UOkOfDNhNddcyFHPJvDzoT7kJ2qi4=";
 23  };
 24
 25  vendorHash = null;
 26
 27  subPackages = [ "cmd/boulder" ];
 28
 29  patches = [ ./no-build-id-test.patch ];
 30
 31  ldflags = [
 32    "-s"
 33    "-w"
 34    "-X github.com/letsencrypt/boulder/core.BuildHost=nixbld@localhost"
 35  ];
 36
 37  preBuild = ''
 38    ldflags+=" -X \"github.com/letsencrypt/boulder/core.BuildID=${src.rev} +$(cat COMMIT)\""
 39    ldflags+=" -X \"github.com/letsencrypt/boulder/core.BuildTime=$(date -u -d @0)\""
 40  '';
 41
 42  preCheck = ''
 43    # Test all targets.
 44    unset subPackages
 45
 46    # Disable tests that require additional services.
 47    rm -rf \
 48      cmd/admin-revoker/main_test.go \
 49      cmd/bad-key-revoker/main_test.go \
 50      cmd/cert-checker/main_test.go \
 51      cmd/contact-auditor/main_test.go \
 52      cmd/expiration-mailer/main_test.go \
 53      cmd/expiration-mailer/send_test.go \
 54      cmd/id-exporter/main_test.go \
 55      cmd/rocsp-tool/client_test.go \
 56      db/map_test.go \
 57      db/multi_test.go \
 58      db/rollback_test.go \
 59      log/log_test.go \
 60      ocsp/updater/updater_test.go \
 61      ra/ra_test.go \
 62      rocsp/rocsp_test.go \
 63      sa/database_test.go \
 64      sa/model_test.go \
 65      sa/precertificates_test.go \
 66      sa/rate_limits_test.go \
 67      sa/sa_test.go \
 68      test/load-generator/acme/directory_test.go \
 69      va/caa_test.go \
 70      va/dns_test.go \
 71      va/http_test.go \
 72      va/tlsalpn_test.go \
 73      va/va_test.go
 74  '';
 75
 76  postInstall = ''
 77    for i in $($out/bin/boulder --list); do
 78      ln -s $out/bin/boulder $out/bin/$i
 79    done
 80  '';
 81
 82  passthru.tests.version = testers.testVersion {
 83    package = boulder;
 84    command = "boulder --version";
 85    inherit version;
 86  };
 87
 88  meta = with lib; {
 89    homepage = "https://github.com/letsencrypt/boulder";
 90    description = "An ACME-based certificate authority, written in Go";
 91    longDescription = ''
 92      This is an implementation of an ACME-based CA. The ACME protocol allows
 93      the CA to automatically verify that an applicant for a certificate
 94      actually controls an identifier, and allows domain holders to issue and
 95      revoke certificates for their domains. Boulder is the software that runs
 96      Let's Encrypt.
 97    '';
 98    license = licenses.mpl20;
 99    maintainers = with maintainers; [ azahi ];
100  };
101}