pkgs/by-name/sp/spire/package.nix at python-updates

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / by-name / sp / spire / package.nix
at python-updates 101 lines 2.3 kB view raw
wrap content
  1{
  2  lib,
  3  buildGoModule,
  4  fetchFromGitHub,
  5  openssl,
  6}:
  7
  8buildGoModule (finalAttrs: {
  9  pname = "spire";
 10  version = "1.14.1";
 11
 12  outputs = [
 13    "out"
 14    "agent"
 15    "server"
 16    "oidc"
 17  ];
 18
 19  src = fetchFromGitHub {
 20    owner = "spiffe";
 21    repo = "spire";
 22    tag = "v${finalAttrs.version}";
 23    sha256 = "sha256-aefYVK8dPBrLBlAzh33bIZkuIClLj8Cs1p+CHXMxWcU=";
 24  };
 25
 26  # Needed for github.co/google/go-tpm-tools/simulator  which contains non-go files that `go mod vendor` strips
 27  proxyVendor = true;
 28  vendorHash = "sha256-YtSaibsoSxuEY9UO1EmFHZoVpwHs/gjx28gpxCiOzYE=";
 29
 30  buildInputs = [ openssl ];
 31
 32  ldflags = [
 33    "-s"
 34    "-w"
 35    "-X github.com/spiffe/spire/pkg/common/version.gittag=${finalAttrs.version}"
 36  ];
 37
 38  subPackages = [
 39    "cmd/spire-agent"
 40    "cmd/spire-server"
 41    "support/oidc-discovery-provider"
 42  ];
 43
 44  __darwinAllowLocalNetworking = true;
 45
 46  checkFlags =
 47    let
 48      skippedTests = [
 49        # wants to reach remote TUF mirror
 50        "TestDockerConfig"
 51        "TestPlugin"
 52      ];
 53    in
 54    [ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
 55
 56  preCheck = ''
 57    # unset to run all tests
 58    unset subPackages
 59  '';
 60
 61  # Usually either the agent or server is needed for a given use case, but not both
 62  postInstall = ''
 63    mkdir -vp $agent/bin $server/bin $oidc/bin
 64    mv -v $out/bin/spire-agent $agent/bin/
 65    mv -v $out/bin/spire-server $server/bin/
 66    mv -v $out/bin/oidc-discovery-provider $oidc/bin/
 67
 68    ln -vs $agent/bin/spire-agent $out/bin/spire-agent
 69    ln -vs $server/bin/spire-server $out/bin/spire-server
 70    ln -vs $oidc/bin/oidc-discovery-provider $out/bin/oidc-discovery-provider
 71  '';
 72
 73  doInstallCheck = true;
 74  installCheckPhase = ''
 75    runHook preInstallCheck
 76
 77    for bin in $out/bin/*; do
 78      $bin -h
 79      if [ "$($bin --version 2>&1)" != "${finalAttrs.version}" ]; then
 80        echo "$bin version does not match"
 81        exit 1
 82      fi
 83    done
 84
 85    runHook postInstallCheck
 86  '';
 87
 88  meta = {
 89    description = "SPIFFE Runtime Environment";
 90    homepage = "https://spiffe.io/";
 91    downloadPage = "https://github.com/spiffe/spire";
 92    changelog = "https://github.com/spiffe/spire/releases/tag/v${finalAttrs.version}";
 93    license = lib.licenses.asl20;
 94    maintainers = with lib.maintainers; [
 95      fkautz
 96      jk
 97      mjm
 98      arianvp
 99    ];
100  };
101})