uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948 this can do it nicely. Signed-off-by: Anton Arapov <anton@deadbeef.mx>
2021-04-03 12:58:10 +02:00 · 2021-04-03 12:58:10 +02:00 · 56de2bcd43
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
--- a/pkgs/tools/security/witness/default.nix
+++ b/pkgs/tools/security/witness/default.nix
@ -0,0 +1,64 @@
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "witness";
+  version = "0.1.8";
+
+  src = fetchFromGitHub {
+    owner = "testifysec";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-i76sw5ysWDZwuNt7CYtpVy9mEV643i4YaMxksglyPWw=";
+  };
+  vendorSha256 = "sha256-A3fnAWEJ7SeUnDfIIOkbHIhUBRB8INcqMleOLL3LHF0=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  # We only want the witness binary, not the helper utilities for generating docs.
+  subPackages = [ "cmd/witness" ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/testifysec/witness/cmd/witness/cmd.Version=v${version}"
+  ];
+
+  # Feed in all tests for testing
+  # This is because subPackages above limits what is built to just what we
+  # want but also limits the tests
+  preCheck = ''
+    unset subPackages
+  '';
+
+  postInstall = ''
+    installShellCompletion --cmd witness \
+      --bash <($out/bin/witness completion bash) \
+      --fish <($out/bin/witness completion fish) \
+      --zsh <($out/bin/witness completion zsh)
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/witness --help
+    $out/bin/witness version | grep "v${version}"
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target";
+    longDescription = ''
+      Witness prevents tampering of build materials and verifies the integrity
+      of the build process from source to target. It works by wrapping commands
+      executed in a continuous integration process. Its attestation system is
+      pluggable and offers support out of the box for most major CI and
+      infrastructure providers. Verification of Witness metadata and a secure
+      PKI distribution system will mitigate against many software supply chain
+      attack vectors and can be used as a framework for automated governance.
+    '';
+    homepage = "https://github.com/testifysec/witness";
+    changelog = "https://github.com/testifysec/witness/releases/tag/v${version}";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fkautz jk ];
+  };
+}