6a32965e17
The package is broken on master for some time now: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.notary.x86_64-linux/all The main reason for the breackage is that the `Makefile` script attempts to retrieve the latest git commit by using `git rev-parse` which breaks as `git` is not in the build environment. This could be fixed by using `?=` rather than `:=` for the `GITCOMMIT` variable in the `make` script to easily override `GITCOMMIT` in the `buildPhase`. See the Hydra logs for reference: https://nix-cache.s3.amazonaws.com/log/ib4qp8h4r8d830ra4fah38l7ybb82gp7-notary-0.6.0.drv Furthermore some refactoring was applied: * Activated the test suite for `cmd/notary` to confirm the basic functionality when building for NixOS. * Added {pre,post} hooks for `{build,install}Phase` * Added myself as maintainer to have more people available in case of further breakage.
65 lines
2.2 KiB
Nix
65 lines
2.2 KiB
Nix
{ stdenv, fetchFromGitHub, buildGoPackage, libtool }:
|
|
|
|
buildGoPackage rec {
|
|
name = "notary-${version}";
|
|
version = "0.6.1";
|
|
gitcommit = "d6e1431f";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "theupdateframework";
|
|
repo = "notary";
|
|
rev = "v${version}";
|
|
sha256 = "1ak9dk6vjny5069hp3w36dbjawcnaq82l3i2qvf7mn7zfglbsnf9";
|
|
};
|
|
|
|
patches = [ ./no-git-usage.patch ];
|
|
|
|
buildInputs = [ libtool ];
|
|
buildPhase = ''
|
|
runHook preBuild
|
|
cd go/src/github.com/theupdateframework/notary
|
|
make client GITCOMMIT=${gitcommit}
|
|
runHook postBuild
|
|
'';
|
|
|
|
goPackagePath = "github.com/theupdateframework/notary";
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
install -D bin/notary $bin/bin/notary
|
|
runHook postInstall
|
|
'';
|
|
|
|
doCheck = true;
|
|
checkPhase = ''
|
|
make test PKGS=github.com/theupdateframework/notary/cmd/notary
|
|
'';
|
|
|
|
meta = with stdenv.lib; {
|
|
description = "Notary is a project that allows anyone to have trust over arbitrary collections of data";
|
|
longDescription = ''
|
|
The Notary project comprises a server and a client for running and
|
|
interacting with trusted collections. See the service architecture
|
|
documentation for more information.
|
|
|
|
Notary aims to make the internet more secure by making it easy for people
|
|
to publish and verify content. We often rely on TLS to secure our
|
|
communications with a web server which is inherently flawed, as any
|
|
compromise of the server enables malicious content to be substituted for
|
|
the legitimate content.
|
|
|
|
With Notary, publishers can sign their content offline using keys kept
|
|
highly secure. Once the publisher is ready to make the content available,
|
|
they can push their signed trusted collection to a Notary Server.
|
|
|
|
Consumers, having acquired the publisher's public key through a secure
|
|
channel, can then communicate with any notary server or (insecure) mirror,
|
|
relying only on the publisher's key to determine the validity and
|
|
integrity of the received content.
|
|
'';
|
|
license = licenses.asl20;
|
|
homepage = https://github.com/theupdateframework/notary;
|
|
maintainers = with maintainers; [ vdemeester ma27 ];
|
|
platforms = platforms.unix;
|
|
};
|
|
}
|