From b8dc60372462f7bd676c7ffb026b1d523af98278 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= <batuhan.apaydin@trendyol.com>
Date: Sat, 11 Mar 2023 17:14:57 +0300
Subject: [PATCH] slsa-verifier: init at 2.0.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
---
 pkgs/tools/security/slsa-verifier/default.nix | 43 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 +
 2 files changed, 45 insertions(+)
 create mode 100644 pkgs/tools/security/slsa-verifier/default.nix

diff --git a/pkgs/tools/security/slsa-verifier/default.nix b/pkgs/tools/security/slsa-verifier/default.nix
new file mode 100644
index 000000000000..188052452db2
--- /dev/null
+++ b/pkgs/tools/security/slsa-verifier/default.nix
@@ -0,0 +1,43 @@
+{ lib
+, fetchFromGitHub
+, buildGoModule
+}:
+
+buildGoModule rec {
+  pname = "slsa-verifier";
+  version = "2.0.1";
+
+  src = fetchFromGitHub {
+    owner = "slsa-framework";
+    repo = "slsa-verifier";
+    rev = "v${version}";
+    hash = "sha256-Gef8TQSd6bTWIzFOQ9xjqB49We7IKBu9p/Lb426nNbc=";
+  };
+
+  vendorHash = "sha256-1syIEjvqYHCiOLf8Fc2vghFKfN6ADM05By11jGNZODs=";
+
+  CGO_ENABLED = 0;
+  GO111MODULE = "on";
+  GOFLAGS = "-trimpath";
+
+  subPackages = [ "cli/slsa-verifier" ];
+
+  tags = [ "netgo" ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-buildid="
+    "-X sigs.k8s.io/release-utils/version.gitVersion=${version}"
+  ];
+
+  doCheck = false;
+
+  meta = {
+    homepage = "https://github.com/slsa-framework/slsa-verifier";
+    changelog = "https://github.com/slsa-framework/slsa-verifier/releases/tag/v${version}";
+    description = "Verify provenance from SLSA compliant builders";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [ developer-guy mlieberman85 ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 12382fb2162c..009d563e36f9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12140,6 +12140,8 @@ with pkgs;
 
   slowlorust = callPackage ../tools/networking/slowlorust { };
 
+  slsa-verifier = callPackage ../tools/security/slsa-verifier { };
+
   slsnif = callPackage ../tools/misc/slsnif { };
 
   slstatus = callPackage ../applications/misc/slstatus {