diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2021-07-14 20:08:39 +0200 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2021-07-14 20:08:39 +0200 |
commit | 48e281f963b32eb3d08702c5bf0a0838f13ea377 (patch) | |
tree | 4188caa0250dee554f3f0a42f89b57c0bc184e0d /pkgs/tools | |
parent | d75b67bfa4bb2dd7abad55a79426788ba2628f9f (diff) | |
download | nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.gz nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.bz2 nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.lz nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.xz nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.tar.zst nixpkgs-48e281f963b32eb3d08702c5bf0a0838f13ea377.zip |
cosign: enable PIV key support
This was disabled by default in cosign 0.5.0 [0] and we did not enabled it back when we upgraded cosign [1]. The support for PIV keys is enabled by default and can be disabled if needed. [0] https://github.com/sigstore/cosign/commit/749c7e3e5d80f3fa976f31084317a556718c3e54 [1] https://github.com/NixOS/nixpkgs/commit/de0014a227e45b6e82dcf817807e5700138c992f
Diffstat (limited to 'pkgs/tools')
-rw-r--r-- | pkgs/tools/security/cosign/default.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix index 550f965b07d..bdc32570dfa 100644 --- a/pkgs/tools/security/cosign/default.nix +++ b/pkgs/tools/security/cosign/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, PCSC }: +{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, PCSC, pivKeySupport ? true }: buildGoModule rec { pname = "cosign"; @@ -12,8 +12,8 @@ buildGoModule rec { }; buildInputs = - lib.optional stdenv.isLinux (lib.getDev pcsclite) - ++ lib.optionals stdenv.isDarwin [ PCSC ]; + lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite) + ++ lib.optionals (stdenv.isDarwin && pivKeySupport) [ PCSC ]; nativeBuildInputs = [ pkg-config ]; @@ -21,6 +21,9 @@ buildGoModule rec { subPackages = [ "cmd/cosign" ]; + preBuild = '' + buildFlagsArray+=(${lib.optionalString pivKeySupport "-tags=pivkey"}) + ''; ldflags = [ "-s" "-w" "-X github.com/sigstore/cosign/cmd/cosign/cli.gitVersion=v${version}"]; meta = with lib; { |