uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>

pkgs/tools/admin/trivy/default.nix

@@ -0,0 +1,56 @@
+{ lib
+, stdenv
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "trivy";
+  version = "0.28.1";
+
+  src = fetchFromGitHub {
+    owner = "aquasecurity";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-x9mojwA86zgXRwKDp1kIh5/LRdHjm02119CKYlIkZgw=";
+  };
+  vendorSha256 = "sha256-7rX4j188IXhSS4E4NStAsJq4FEfAFxIys7jucDCCe+4=";
+
+  excludedPackages = "misc";
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X main.version=v${version}"
+  ];
+
+  # Tests require network access
+  doCheck = false;
+
+  doInstallCheck = true;
+
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/trivy --help
+    $out/bin/trivy --version | grep "v${version}"
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/aquasecurity/trivy";
+    changelog = "https://github.com/aquasecurity/trivy/releases/tag/v${version}";
+    description = "A simple and comprehensive vulnerability scanner for containers, suitable for CI";
+    longDescription = ''
+      Trivy is a simple and comprehensive vulnerability scanner for containers
+      and other artifacts. A software vulnerability is a glitch, flaw, or
+      weakness present in the software or in an Operating System. Trivy detects
+      vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and
+      application dependencies (Bundler, Composer, npm, yarn, etc.).
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+    # Need updated macOS SDK
+    # https://github.com/NixOS/nixpkgs/issues/101229
+    broken = (stdenv.isDarwin && stdenv.isx86_64);
+  };
+}