From 2e5986a5e5c897b778b29c5dbe73529d66ca7501 Mon Sep 17 00:00:00 2001
From: Yuriy Taraday <yorik.sar@gmail.com>
Date: Mon, 6 Nov 2023 00:41:36 +0100
Subject: age: skip flaky plugin test

See issue in upstream https://github.com/FiloSottile/age/issues/517.
age sometimes fails this test, but sometimes it doesn't.
Disable this test until the upstream issue is resolved.
---
 pkgs/tools/security/age/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkgs/tools/security')

diff --git a/pkgs/tools/security/age/default.nix b/pkgs/tools/security/age/default.nix
index 8ad4ff9c904..ea8108fde30 100644
--- a/pkgs/tools/security/age/default.nix
+++ b/pkgs/tools/security/age/default.nix
@@ -53,6 +53,11 @@ buildGoModule rec {
     fi
   '';
 
+  # plugin test is flaky, see https://github.com/FiloSottile/age/issues/517
+  checkFlags = [
+    "-skip" "TestScript/plugin"
+  ];
+
   meta = with lib; {
     homepage = "https://age-encryption.org/";
     description = "Modern encryption tool with small explicit keys";
-- 
cgit 1.4.1


From c2281e585a45037b8f240ccf96b6797fd30e9faf Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas.gerbet@enalean.com>
Date: Tue, 7 Nov 2023 14:53:15 +0100
Subject: cosign: 2.2.0 -> 2.2.1

Fixes CVE-2023-46737.

Changelog:
https://github.com/sigstore/cosign/releases/tag/v2.2.1
---
 pkgs/tools/security/cosign/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'pkgs/tools/security')

diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix
index c08a8cf1dd1..3e8acc96f29 100644
--- a/pkgs/tools/security/cosign/default.nix
+++ b/pkgs/tools/security/cosign/default.nix
@@ -13,13 +13,13 @@
 }:
 buildGoModule rec {
   pname = "cosign";
-  version = "2.2.0";
+  version = "2.2.1";
 
   src = fetchFromGitHub {
     owner = "sigstore";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-VE/rm85KZs3JWMsidIlUGJ9JrtZ4VBI+Go1yujq7z1s=";
+    hash = "sha256-J/CQonW/ICrNUSQXVZPMR+WACZYJH0eH6bXhdXE27TY=";
   };
 
   buildInputs =
@@ -28,7 +28,7 @@ buildGoModule rec {
 
   nativeBuildInputs = [ pkg-config installShellFiles ];
 
-  vendorHash = "sha256-mpT4/BS/NofMueBbwhh4v6pNEONEpWM9RDKuYZ+9BtA=";
+  vendorHash = "sha256-RPwU6W6a9mnfriyz3ASvamZ3jEG6C2ug/MTp1Pahc/Q=";
 
   subPackages = [
     "cmd/cosign"
@@ -52,6 +52,7 @@ buildGoModule rec {
     rm pkg/cosign/ctlog_test.go # Require network access
     rm pkg/cosign/tlog_test.go # Require network access
     rm cmd/cosign/cli/verify/verify_blob_attestation_test.go # Require network access
+    rm cmd/cosign/cli/verify/verify_blob_test.go # Require network access
   '';
 
   postInstall = ''
-- 
cgit 1.4.1