Merge pull request #220670 from developer-guy/feature/slsa-verifier

slsa-verifier: init at 2.0.1
2025-01-20 11:53:51 +00:00 · 2023-03-14 23:24:53 +02:00 · 2023-03-14 23:24:53 +02:00 · b780f0b4e9
commit b780f0b4e9
parent 20213a3d92 b8dc603724
2 changed files with 45 additions and 0 deletions
--- a/pkgs/tools/security/slsa-verifier/default.nix
+++ b/pkgs/tools/security/slsa-verifier/default.nix
@ -0,0 +1,43 @@
+{ lib
+, fetchFromGitHub
+, buildGoModule
+}:
+
+buildGoModule rec {
+  pname = "slsa-verifier";
+  version = "2.0.1";
+
+  src = fetchFromGitHub {
+    owner = "slsa-framework";
+    repo = "slsa-verifier";
+    rev = "v${version}";
+    hash = "sha256-Gef8TQSd6bTWIzFOQ9xjqB49We7IKBu9p/Lb426nNbc=";
+  };
+
+  vendorHash = "sha256-1syIEjvqYHCiOLf8Fc2vghFKfN6ADM05By11jGNZODs=";
+
+  CGO_ENABLED = 0;
+  GO111MODULE = "on";
+  GOFLAGS = "-trimpath";
+
+  subPackages = [ "cli/slsa-verifier" ];
+
+  tags = [ "netgo" ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-buildid="
+    "-X sigs.k8s.io/release-utils/version.gitVersion=${version}"
+  ];
+
+  doCheck = false;
+
+  meta = {
+    homepage = "https://github.com/slsa-framework/slsa-verifier";
+    changelog = "https://github.com/slsa-framework/slsa-verifier/releases/tag/v${version}";
+    description = "Verify provenance from SLSA compliant builders";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [ developer-guy mlieberman85 ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -12164,6 +12164,8 @@ with pkgs;

  slowlorust = callPackage ../tools/networking/slowlorust { };

+  slsa-verifier = callPackage ../tools/security/slsa-verifier { };
+
  slsnif = callPackage ../tools/misc/slsnif { };

  slstatus = callPackage ../applications/misc/slstatus {