summary refs log tree commit diff
path: root/pkgs/tools/security/grype/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/grype/default.nix')
-rw-r--r--pkgs/tools/security/grype/default.nix21
1 files changed, 11 insertions, 10 deletions
diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix
index 377bed93054..1b80d7ecd88 100644
--- a/pkgs/tools/security/grype/default.nix
+++ b/pkgs/tools/security/grype/default.nix
@@ -6,28 +6,26 @@
 
 buildGoModule rec {
   pname = "grype";
-  version = "0.34.1";
+  version = "0.34.3";
 
   src = fetchFromGitHub {
     owner = "anchore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-Xr3ws6qmfL25Kml7Klw095N9MNrm6a8lBtOWiucnzXE=";
+    sha256 = "sha256-iWmLfQ08+dhjvKQiK2iy2Tegk4jH9dGopu/6kdDRZd0=";
     # populate values that require us to use git. By doing this in postFetch we
     # can delete .git afterwards and maintain better reproducibility of the src.
     leaveDotGit = true;
     postFetch = ''
       cd "$out"
-      commit="$(git rev-parse HEAD)"
-      source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad)
-      substituteInPlace "$out/internal/version/build.go" \
-        --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \
-        --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\""
+      git rev-parse HEAD > $out/COMMIT
+      # 0000-00-00T00:00:00Z
+      date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH
       find "$out" -name .git -print0 | xargs -0 rm -rf
     '';
   };
 
-  vendorSha256 = "sha256-fuOAfLESs/97aQUkIy6DkmYFyvKKCHazgt1WnE8GeH8=";
+  vendorSha256 = "sha256-WrUZFlN7dPbyN9InjX/Y9J+iYKu5v2/SHmRgDP5BJi8=";
 
   nativeBuildInputs = [
     installShellFiles
@@ -37,14 +35,17 @@ buildGoModule rec {
     "-s"
     "-w"
     "-X github.com/anchore/grype/internal/version.version=${version}"
+    "-X github.com/anchore/grype/internal/version.gitDescription=v${version}"
     "-X github.com/anchore/grype/internal/version.gitTreeState=clean"
   ];
 
   preBuild = ''
     # grype version also displays the version of the syft library used
     # we need to grab it from the go.sum and add an ldflag for it
-    SYFTVERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')"
-    ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFTVERSION"
+    SYFT_VERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')"
+    ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFT_VERSION"
+    ldflags+=" -X github.com/anchore/grype/internal/version.gitCommit=$(cat COMMIT)"
+    ldflags+=" -X github.com/anchore/grype/internal/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
   '';
 
   # Tests require a running Docker instance
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-03 09:32:21 +0000