notary: init at 0.5.1 #32712
notary: init at 0.5.1 #32712
Conversation
| src = fetchurl { | ||
| url = "https://github.com/theupdateframework/notary/releases/download/v${version}/${shortname}-${metadata.arch}"; | ||
| sha256 = metadata.sha256; | ||
| }; |
There was a problem hiding this comment.
Any reason not to compile from source? The build looks straight forward and would not require to constraint platforms: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=notary-git
There was a problem hiding this comment.
That was to go as quick as I needed.. I can take a look at compiling for source 😉
|
|
||
| Consumers, having acquired the publisher's public key through a secure channel, can then communicate with any notary server or (insecure) mirror, relying only on the publisher's key to determine the validity and integrity of the received content. | ||
| ''; | ||
| license = licenses.apache2; |
There was a problem hiding this comment.
I think you want asl2 instead of apache2.
vdemeester
force-pushed
the
init-notary
branch
from
b915ec2
to
1b37d21
Compare
|
Updated (building from sources, rebased) |
|
|
||
| buildInputs = [ git libtool ]; | ||
|
|
||
| goPackagePath = "github.com/docker/notary"; |
There was a problem hiding this comment.
The move to theupdateframework (due to giving the project to CNCF) happened after the v0.4.3 release.. so building imports, etc.. are still refering the path with docker.
vdemeester
force-pushed
the
init-notary
branch
2 times, most recently
from
227e8e3
to
6b96134
Compare
| url = "https://github.com/theupdateframework/notary"; | ||
| rev = "refs/tags/v${version}"; | ||
| sha256 = "1max6rgangmw892l8zpijhx5bj9zllqim457k1dq7vf1mzybihr6"; | ||
| leaveDotGit = true; |
There was a problem hiding this comment.
output path '/nix/store/g0x3f272dhwns82v2ygaa3w72y2gbhkp-notary' has r:sha256 hash '1j75973a6vciwcrqxbzvk6smr5s502dsa43723g3k9f33nz8lyhz' when '1max6rgangmw892l8zpijhx5bj9zllqim457k1dq7vf1mzybihr6' was expected
Looks like the checksum of fetchgit changed or my systems creates a different one then yours.
Can we get rid of leaveDotGit?
There was a problem hiding this comment.
It should be possible to set make GITCOMMIT=<hash> GITUNTRACKEDCHANGES= and get rid of the git repository:
https://github.com/theupdateframework/notary/blob/master/Makefile#L8
| goPackagePath = "github.com/docker/notary"; | ||
| buildPhase = '' | ||
| cd go/src/github.com/docker/notary | ||
| make GITCOMMIT=${gitcommit} client |
There was a problem hiding this comment.
ah, you are already doing that. so only GITUNTRACKEDCHANGES= is missing.
|
@GrahamcOfBorg build notary |
There was a problem hiding this comment.
Failure for system: x86_64-darwin
remote: Compressing objects: 100% (1835/1835), done.
remote: Total 2219 (delta 240), reused 1715 (delta 202), pack-reused 0
Receiving objects: 100% (2219/2219), 5.95 MiB | 12.11 MiB/s, done.
Resolving deltas: 100% (240/240), done.
From https://github.com/theupdateframework/notary
* tag v0.4.3 -> FETCH_HEAD
Switched to a new branch 'fetchgit'
output path '/nix/store/g0x3f272dhwns82v2ygaa3w72y2gbhkp-notary' has r:sha256 hash '1j75973a6vciwcrqxbzvk6smr5s502dsa43723g3k9f33nz8lyhz' when '1max6rgangmw892l8zpijhx5bj9zllqim457k1dq7vf1mzybihr6' was expected
cannot build derivation '/nix/store/ns172gx6y2104328xhl5yqp4i7d6bs0z-notary-0.4.3.drv': 1 dependencies couldn't be built
error: build of '/nix/store/ns172gx6y2104328xhl5yqp4i7d6bs0z-notary-0.4.3.drv' failed
There was a problem hiding this comment.
Failure for system: x86_64-linux
fetching path ‘/nix/store/fr0mp90ax2nw17wrx5bx27kpw3py3s8a-go-1.9.2’...
*** Downloading ‘https://cache.nixos.community/nar/06na4a9nd3hg7x2w7xsgih0fzvkyh3fxghq2avy640kzpnk6jz7g.nar.xz’ (signed by ‘cache.nixos.org-1’) to ‘/nix/store/fr0mp90ax2nw17wrx5bx27kpw3py3s8a-go-1.9.2’...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 117 100 117 0 0 117 0 0:00:01 --:--:-- 0:00:01 3250
19 44.9M 19 9151k 0 0 9151k 0 0:00:05 0:00:01 0:00:04 9151k
42 44.9M 42 19.0M 0 0 9775k 0 0:00:04 0:00:02 0:00:02 9.9M
62 44.9M 62 27.9M 0 0 9546k 0 0:00:04 0:00:03 0:00:01 9768k
81 44.9M 81 36.8M 0 0 9431k 0 0:00:04 0:00:04 --:--:-- 9525k
100 44.9M 100 44.9M 0 0 11.2M 0 0:00:04 0:00:04 --:--:-- 9407k
cannot build derivation ‘/nix/store/xmkz213nrw61b65j759v6v6phq94650k-notary-0.4.3.drv’: 1 dependencies couldn't be built
error: build of ‘/nix/store/xmkz213nrw61b65j759v6v6phq94650k-notary-0.4.3.drv’ failed
There was a problem hiding this comment.
Failure for system: aarch64-linux
stripping (with command strip and flags -S) in /nix/store/hilfzf1gsnmp6x5qqjlylyn8bwxijhcg-govers-20150109-3b5f175-bin/bin
patching script interpreter paths in /nix/store/hilfzf1gsnmp6x5qqjlylyn8bwxijhcg-govers-20150109-3b5f175-bin
checking for references to /build in /nix/store/hilfzf1gsnmp6x5qqjlylyn8bwxijhcg-govers-20150109-3b5f175-bin...
cannot find section .dynamic
shrinking RPATHs of ELF executables and libraries in /nix/store/6p1c2v24bzdpk9mm0lhdhsdm53gv18w1-govers-20150109-3b5f175
strip is /nix/store/c6qj0j45xizkrx58i65j75a5ysmqhgrs-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/6p1c2v24bzdpk9mm0lhdhsdm53gv18w1-govers-20150109-3b5f175
checking for references to /build in /nix/store/6p1c2v24bzdpk9mm0lhdhsdm53gv18w1-govers-20150109-3b5f175...
cannot build derivation '/nix/store/jm36qi30mz7z8hrwl2yb10qdzy01nvxd-notary-0.4.3.drv': 1 dependencies couldn't be built
error: build of '/nix/store/jm36qi30mz7z8hrwl2yb10qdzy01nvxd-notary-0.4.3.drv' failed
|
huh ? the tag changed 😱 |
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
vdemeester
force-pushed
the
init-notary
branch
from
6b96134
to
843ea6b
Compare
|
Updated to |
tested with: $ notary version
Signed-off-by: Vincent Demeester vincent@sbr.pm
Motivation for this change
Notary is a project that allows anyone to have trust over arbitrary collections of data. It is used for docker content trust but definitely can be used on its own.
https://github.com/theupdateframework/notary
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)