New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
notary: init at 0.5.1 #32712
notary: init at 0.5.1 #32712
Conversation
src = fetchurl { | ||
url = "https://github.com/theupdateframework/notary/releases/download/v${version}/${shortname}-${metadata.arch}"; | ||
sha256 = metadata.sha256; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason not to compile from source? The build looks straight forward and would not require to constraint platforms: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=notary-git
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That was to go as quick as I needed.. I can take a look at compiling for source 😉
|
||
Consumers, having acquired the publisher's public key through a secure channel, can then communicate with any notary server or (insecure) mirror, relying only on the publisher's key to determine the validity and integrity of the received content. | ||
''; | ||
license = licenses.apache2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you want asl2
instead of apache2
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oups 😅
b915ec2
to
1b37d21
Compare
Updated (building from sources, rebased) |
|
||
buildInputs = [ git libtool ]; | ||
|
||
goPackagePath = "github.com/docker/notary"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The move to theupdateframework
(due to giving the project to CNCF) happened after the v0.4.3
release.. so building imports, etc.. are still refering the path with docker
.
227e8e3
to
6b96134
Compare
url = "https://github.com/theupdateframework/notary"; | ||
rev = "refs/tags/v${version}"; | ||
sha256 = "1max6rgangmw892l8zpijhx5bj9zllqim457k1dq7vf1mzybihr6"; | ||
leaveDotGit = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
output path '/nix/store/g0x3f272dhwns82v2ygaa3w72y2gbhkp-notary' has r:sha256 hash '1j75973a6vciwcrqxbzvk6smr5s502dsa43723g3k9f33nz8lyhz' when '1max6rgangmw892l8zpijhx5bj9zllqim457k1dq7vf1mzybihr6' was expected
Looks like the checksum of fetchgit
changed or my systems creates a different one then yours.
Can we get rid of leaveDotGit
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be possible to set make GITCOMMIT=<hash> GITUNTRACKEDCHANGES=
and get rid of the git repository:
https://github.com/theupdateframework/notary/blob/master/Makefile#L8
goPackagePath = "github.com/docker/notary"; | ||
buildPhase = '' | ||
cd go/src/github.com/docker/notary | ||
make GITCOMMIT=${gitcommit} client |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, you are already doing that. so only GITUNTRACKEDCHANGES=
is missing.
@GrahamcOfBorg build notary |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Failure for system: x86_64-darwin
remote: Compressing objects: 100% (1835/1835), done.
remote: Total 2219 (delta 240), reused 1715 (delta 202), pack-reused 0
Receiving objects: 100% (2219/2219), 5.95 MiB | 12.11 MiB/s, done.
Resolving deltas: 100% (240/240), done.
From https://github.com/theupdateframework/notary
* tag v0.4.3 -> FETCH_HEAD
Switched to a new branch 'fetchgit'
output path '/nix/store/g0x3f272dhwns82v2ygaa3w72y2gbhkp-notary' has r:sha256 hash '1j75973a6vciwcrqxbzvk6smr5s502dsa43723g3k9f33nz8lyhz' when '1max6rgangmw892l8zpijhx5bj9zllqim457k1dq7vf1mzybihr6' was expected
cannot build derivation '/nix/store/ns172gx6y2104328xhl5yqp4i7d6bs0z-notary-0.4.3.drv': 1 dependencies couldn't be built
error: build of '/nix/store/ns172gx6y2104328xhl5yqp4i7d6bs0z-notary-0.4.3.drv' failed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Failure for system: x86_64-linux
fetching path ‘/nix/store/fr0mp90ax2nw17wrx5bx27kpw3py3s8a-go-1.9.2’...
*** Downloading ‘https://cache.nixos.community/nar/06na4a9nd3hg7x2w7xsgih0fzvkyh3fxghq2avy640kzpnk6jz7g.nar.xz’ (signed by ‘cache.nixos.org-1’) to ‘/nix/store/fr0mp90ax2nw17wrx5bx27kpw3py3s8a-go-1.9.2’...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 117 100 117 0 0 117 0 0:00:01 --:--:-- 0:00:01 3250
19 44.9M 19 9151k 0 0 9151k 0 0:00:05 0:00:01 0:00:04 9151k
42 44.9M 42 19.0M 0 0 9775k 0 0:00:04 0:00:02 0:00:02 9.9M
62 44.9M 62 27.9M 0 0 9546k 0 0:00:04 0:00:03 0:00:01 9768k
81 44.9M 81 36.8M 0 0 9431k 0 0:00:04 0:00:04 --:--:-- 9525k
100 44.9M 100 44.9M 0 0 11.2M 0 0:00:04 0:00:04 --:--:-- 9407k
cannot build derivation ‘/nix/store/xmkz213nrw61b65j759v6v6phq94650k-notary-0.4.3.drv’: 1 dependencies couldn't be built
error: build of ‘/nix/store/xmkz213nrw61b65j759v6v6phq94650k-notary-0.4.3.drv’ failed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Failure for system: aarch64-linux
stripping (with command strip and flags -S) in /nix/store/hilfzf1gsnmp6x5qqjlylyn8bwxijhcg-govers-20150109-3b5f175-bin/bin
patching script interpreter paths in /nix/store/hilfzf1gsnmp6x5qqjlylyn8bwxijhcg-govers-20150109-3b5f175-bin
checking for references to /build in /nix/store/hilfzf1gsnmp6x5qqjlylyn8bwxijhcg-govers-20150109-3b5f175-bin...
cannot find section .dynamic
shrinking RPATHs of ELF executables and libraries in /nix/store/6p1c2v24bzdpk9mm0lhdhsdm53gv18w1-govers-20150109-3b5f175
strip is /nix/store/c6qj0j45xizkrx58i65j75a5ysmqhgrs-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/6p1c2v24bzdpk9mm0lhdhsdm53gv18w1-govers-20150109-3b5f175
checking for references to /build in /nix/store/6p1c2v24bzdpk9mm0lhdhsdm53gv18w1-govers-20150109-3b5f175...
cannot build derivation '/nix/store/jm36qi30mz7z8hrwl2yb10qdzy01nvxd-notary-0.4.3.drv': 1 dependencies couldn't be built
error: build of '/nix/store/jm36qi30mz7z8hrwl2yb10qdzy01nvxd-notary-0.4.3.drv' failed
huh ? the tag changed 😱 |
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
6b96134
to
843ea6b
Compare
Updated to |
tested with: $ notary version
Signed-off-by: Vincent Demeester vincent@sbr.pm
Motivation for this change
Notary is a project that allows anyone to have trust over arbitrary collections of data. It is used for docker content trust but definitely can be used on its own.
https://github.com/theupdateframework/notary
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)