diff options
author | Arnout Engelen <arnout@bzzt.net> | 2022-10-27 14:55:27 +0200 |
---|---|---|
committer | Arnout Engelen <arnout@bzzt.net> | 2023-09-12 16:13:30 +0200 |
commit | 13e3f24e7d89a344c9c7741ab1dd51c1822c1756 (patch) | |
tree | 0e670a52f0fd28c43a9421034b817c4ddff059d0 | |
parent | 3a2786eea085f040a66ecde1bc3ddc7099f6dbeb (diff) | |
download | nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.tar nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.tar.gz nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.tar.bz2 nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.tar.lz nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.tar.xz nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.tar.zst nixpkgs-13e3f24e7d89a344c9c7741ab1dd51c1822c1756.zip |
docker-sbom: init at 0.6.1
Use `docker-sbom` directly or use `docker.override { sbomSupport = true; }` to enable `docker sbom` as a subcommand.
-rw-r--r-- | pkgs/applications/virtualization/docker/default.nix | 8 | ||||
-rw-r--r-- | pkgs/applications/virtualization/docker/sbom-disable-tests.patch | 28 | ||||
-rw-r--r-- | pkgs/applications/virtualization/docker/sbom.nix | 43 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
4 files changed, 78 insertions, 3 deletions
diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 4b8fc566bff..11dc75c0540 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -7,12 +7,13 @@ rec { , mobyRev, mobyHash , runcRev, runcHash , containerdRev, containerdHash - , tiniRev, tiniHash, buildxSupport ? true, composeSupport ? true + , tiniRev, tiniHash + , buildxSupport ? true, composeSupport ? true, sbomSupport ? false # package dependencies , stdenv, fetchFromGitHub, fetchpatch, buildGoPackage , makeWrapper, installShellFiles, pkg-config, glibc , go-md2man, go, containerd, runc, docker-proxy, tini, libtool - , sqlite, iproute2, docker-buildx, docker-compose + , sqlite, iproute2, docker-buildx, docker-compose, docker-sbom , iptables, e2fsprogs, xz, util-linux, xfsprogs, git , procps, rootlesskit, slirp4netns, fuse-overlayfs, nixosTests , clientOnly ? !stdenv.isLinux, symlinkJoin @@ -159,7 +160,8 @@ rec { }); plugins = lib.optional buildxSupport docker-buildx - ++ lib.optional composeSupport docker-compose; + ++ lib.optional composeSupport docker-compose + ++ lib.optional sbomSupport docker-sbom; pluginsRef = symlinkJoin { name = "docker-plugins"; paths = plugins; }; in buildGoPackage (lib.optionalAttrs (!clientOnly) { diff --git a/pkgs/applications/virtualization/docker/sbom-disable-tests.patch b/pkgs/applications/virtualization/docker/sbom-disable-tests.patch new file mode 100644 index 00000000000..2bf3116da81 --- /dev/null +++ b/pkgs/applications/virtualization/docker/sbom-disable-tests.patch @@ -0,0 +1,28 @@ +diff --git a/test/cli/all_formats_expressible_test.go b/test/cli/all_formats_expressible_test.go +index 3f40a46..5ba04e8 100644 +--- a/test/cli/all_formats_expressible_test.go ++++ b/test/cli/all_formats_expressible_test.go +@@ -8,7 +8,8 @@ import ( + "github.com/anchore/syft/syft" + ) + +-func TestAllFormatsExpressible(t *testing.T) { ++// Disabled because it needs a running docker daemon ++func disabledTestAllFormatsExpressible(t *testing.T) { + commonAssertions := []traitAssertion{ + func(tb testing.TB, stdout, _ string, _ int) { + tb.Helper() +diff --git a/test/cli/sbom_cmd_test.go b/test/cli/sbom_cmd_test.go +index 0a0771c..a086c3b 100644 +--- a/test/cli/sbom_cmd_test.go ++++ b/test/cli/sbom_cmd_test.go +@@ -8,7 +8,8 @@ import ( + "github.com/docker/sbom-cli-plugin/internal" + ) + +-func TestSBOMCmdFlags(t *testing.T) { ++// Disabled because it needs a running docker daemon ++func disabledTestSBOMCmdFlags(t *testing.T) { + hiddenPackagesImage := getFixtureImage(t, "image-hidden-packages") + coverageImage := getFixtureImage(t, "image-pkg-coverage") + tmp := t.TempDir() + "/" diff --git a/pkgs/applications/virtualization/docker/sbom.nix b/pkgs/applications/virtualization/docker/sbom.nix new file mode 100644 index 00000000000..7314eb2029f --- /dev/null +++ b/pkgs/applications/virtualization/docker/sbom.nix @@ -0,0 +1,43 @@ +{ buildGoModule +, fetchFromGitHub +, docker +, lib +}: + +buildGoModule rec { + pname = "docker-sbom"; + version = "0.6.1"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "sbom-cli-plugin"; + rev = "tags/v${version}"; + hash = "sha256-i3gIogHb0oW/VDuZUo6LGBmvqs/XfMXjpvTTYeGCK7Q="; + }; + + patches = [ + # Disable tests that require a docker daemon to be running + # in the sandbox + ./sbom-disable-tests.patch + ]; + + vendorHash = "sha256-XPPVAdY2NaasZ9bkf24VWWk3X5pjnryvsErYIWkeekc="; + + nativeBuildInputs = [ docker ]; + + installPhase = '' + runHook preInstall + install -D $GOPATH/bin/sbom-cli-plugin $out/libexec/docker/cli-plugins/docker-sbom + + mkdir -p $out/bin + ln -s $out/libexec/docker/cli-plugins/docker-sbom $out/bin/docker-sbom + runHook postInstall + ''; + + meta = with lib; { + description = "Plugin for Docker CLI to support SBOM creation using Syft"; + homepage = "https://github.com/docker/sbom-cli-plugin"; + license = licenses.asl20; + maintainers = with maintainers; [ raboof ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b04a5fe0324..34f64be4d89 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31365,6 +31365,8 @@ with pkgs; docker-buildx = callPackage ../applications/virtualization/docker/buildx.nix { }; docker-compose = callPackage ../applications/virtualization/docker/compose.nix { }; docker-compose_1 = python3Packages.callPackage ../applications/virtualization/docker/compose_1.nix { }; + docker-sbom = callPackage ../applications/virtualization/docker/sbom.nix { }; + amazon-ecr-credential-helper = callPackage ../tools/admin/amazon-ecr-credential-helper { }; |