summary refs log tree commit diff
path: root/pkgs/tools
diff options
context:
space:
mode:
authorThomas Gerbet <thomas@gerbet.me>2021-07-14 20:08:39 +0200
committerThomas Gerbet <thomas@gerbet.me>2021-07-14 20:08:39 +0200
commit48e281f963b32eb3d08702c5bf0a0838f13ea377 (patch)
tree4188caa0250dee554f3f0a42f89b57c0bc184e0d /pkgs/tools
parentd75b67bfa4bb2dd7abad55a79426788ba2628f9f (diff)
downloadnixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar
nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.gz
nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.bz2
nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.lz
nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.xz
nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.zst
nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.zip
cosign: enable PIV key support
This was disabled by default in cosign 0.5.0 [0] and we did not enabled
it back when we upgraded cosign [1].

The support for PIV keys is enabled by default and can be disabled if
needed.

[0] https://github.com/sigstore/cosign/commit/749c7e3e5d80f3fa976f31084317a556718c3e54
[1] https://github.com/NixOS/nixpkgs/commit/de0014a227e45b6e82dcf817807e5700138c992f
Diffstat (limited to 'pkgs/tools')
-rw-r--r--pkgs/tools/security/cosign/default.nix9
1 files changed, 6 insertions, 3 deletions
diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix
index 550f965b07d..bdc32570dfa 100644
--- a/pkgs/tools/security/cosign/default.nix
+++ b/pkgs/tools/security/cosign/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, PCSC }:
+{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, PCSC, pivKeySupport ? true }:
 
 buildGoModule rec {
   pname = "cosign";
@@ -12,8 +12,8 @@ buildGoModule rec {
   };
 
   buildInputs =
-    lib.optional stdenv.isLinux (lib.getDev pcsclite)
-    ++ lib.optionals stdenv.isDarwin [ PCSC ];
+    lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite)
+    ++ lib.optionals (stdenv.isDarwin && pivKeySupport) [ PCSC ];
 
   nativeBuildInputs = [ pkg-config ];
 
@@ -21,6 +21,9 @@ buildGoModule rec {
 
   subPackages = [ "cmd/cosign" ];
 
+  preBuild = ''
+    buildFlagsArray+=(${lib.optionalString pivKeySupport "-tags=pivkey"})
+  '';
   ldflags = [ "-s" "-w" "-X github.com/sigstore/cosign/cmd/cosign/cli.gitVersion=v${version}"];
 
   meta = with lib; {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-19 19:42:36 +0000