diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-02-22 10:43:06 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-03-11 16:17:56 +0000 |
commit | ca1aada113c0ebda1ab8667199f6453f8e01c4fc (patch) | |
tree | 55e402280096f62eb0bc8bcad5ce6050c5a0aec7 /nixpkgs/pkgs/tools/security/grype/default.nix | |
parent | e4df5a52a6a6531f32626f57205356a773ac2975 (diff) | |
parent | 93883402a445ad467320925a0a5dbe43a949f25b (diff) | |
download | nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.gz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.bz2 nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.lz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.xz nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.tar.zst nixlib-ca1aada113c0ebda1ab8667199f6453f8e01c4fc.zip |
Merge commit '93883402a445ad467320925a0a5dbe43a949f25b'
Conflicts: nixpkgs/nixos/modules/programs/ssh.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/data/fonts/noto-fonts/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/libraries/mesa/default.nix
Diffstat (limited to 'nixpkgs/pkgs/tools/security/grype/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/security/grype/default.nix | 52 |
1 files changed, 42 insertions, 10 deletions
diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index 9d327f37af6a..30206fab0eb9 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -1,39 +1,71 @@ { lib , buildGoModule -, docker , fetchFromGitHub +, installShellFiles }: buildGoModule rec { pname = "grype"; - version = "0.28.0"; + version = "0.33.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Mc0bO9BDcIXEoHwhQDbX9g84kagcT3gVz8PPxXpG7dw="; + sha256 = "sha256-RXEeJZeC6hA6DetZnUNWFtNZEy4HJpxviL8pySBLfts="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + commit="$(git rev-parse HEAD)" + source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad) + substituteInPlace "$out/internal/version/build.go" \ + --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \ + --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\"" + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; }; - vendorSha256 = "sha256-su0dg9Gidd8tQKM5IzX6/GC5jk8SCIO+qsI3UGlvpwg="; + vendorSha256 = "sha256-2T2fw1nOycP1LxUuMSmz1ke2bg4yox/tIAveXCNJG9Y="; - propagatedBuildInputs = [ docker ]; + nativeBuildInputs = [ + installShellFiles + ]; ldflags = [ - "-s" "-w" "-X github.com/anchore/grype/internal/version.version=${version}" + "-s" + "-w" + "-X github.com/anchore/grype/internal/version.version=${version}" + "-X github.com/anchore/grype/internal/version.gitTreeState=clean" ]; + preBuild = '' + # grype version also displays the version of the syft library used + # we need to grab it from the go.sum and add an ldflag for it + SYFTVERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')" + ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFTVERSION" + ''; + # Tests require a running Docker instance doCheck = false; + postInstall = '' + installShellCompletion --cmd grype \ + --bash <($out/bin/grype completion bash) \ + --fish <($out/bin/grype completion fish) \ + --zsh <($out/bin/grype completion zsh) + ''; + meta = with lib; { + homepage = "https://github.com/anchore/grype"; + changelog = "https://github.com/anchore/grype/releases/tag/v${version}"; description = "Vulnerability scanner for container images and filesystems"; longDescription = '' - As a vulnerability scanner is grype abale to scan the contents of a container - image or filesystem to find known vulnerabilities. + As a vulnerability scanner grype is able to scan the contents of a + container image or filesystem to find known vulnerabilities. ''; - homepage = "https://github.com/anchore/grype"; license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab ]; + maintainers = with maintainers; [ fab jk ]; }; } |