From 24b4cfb8800e56b3fb092430e70e030af52a9e57 Mon Sep 17 00:00:00 2001
From: 06kellyjac <dev@j-k.io>
Date: Wed, 26 Oct 2022 13:53:29 +0100
Subject: [PATCH] vexctl: init at 0.0.2

---
 pkgs/tools/security/vexctl/default.nix | 69 ++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix        |  2 +
 2 files changed, 71 insertions(+)
 create mode 100644 pkgs/tools/security/vexctl/default.nix

diff --git a/pkgs/tools/security/vexctl/default.nix b/pkgs/tools/security/vexctl/default.nix
new file mode 100644
index 000000000000..3821fa77dc88
--- /dev/null
+++ b/pkgs/tools/security/vexctl/default.nix
@@ -0,0 +1,69 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, installShellFiles
+}:
+
+buildGoModule rec {
+  pname = "vexctl";
+  version = "0.0.2";
+
+  src = fetchFromGitHub {
+    owner = "chainguard-dev";
+    repo = "vex";
+    rev = "v${version}";
+    sha256 = "sha256-rDq62vkrZ8/76LERchxijmQCgo58KXlAIfv4SwI7egY=";
+    # populate values that require us to use git. By doing this in postFetch we
+    # can delete .git afterwards and maintain better reproducibility of the src.
+    leaveDotGit = true;
+    postFetch = ''
+      cd "$out"
+      git rev-parse HEAD > $out/COMMIT
+      # '0000-00-00T00:00:00Z'
+      date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH
+      find "$out" -name .git -print0 | xargs -0 rm -rf
+    '';
+  };
+  vendorSha256 = "sha256-7hhiJowtQv4JPqvpMiukL2JVgNeB5gi5X4p+AVGp4S0=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
+    "-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
+  ];
+
+  # ldflags based on metadata from git and source
+  preBuild = ''
+    ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)"
+    ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)"
+  '';
+
+  postBuild = ''
+    mv $GOPATH/bin/vex{,ctl}
+  '';
+
+  postInstall = ''
+    installShellCompletion --cmd vexctl \
+      --bash <($out/bin/vexctl completion bash) \
+      --fish <($out/bin/vexctl completion fish) \
+      --zsh <($out/bin/vexctl completion zsh)
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/vexctl --help
+    $out/bin/vexctl version 2>&1 | grep "v${version}"
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/chainguard-dev/vex/";
+    description = "A tool to attest VEX impact statements";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ jk ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 8dba9defae36..62a549fcd913 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12346,6 +12346,8 @@ with pkgs;
 
   versus = callPackage ../applications/networking/versus { };
 
+  vexctl = callPackage ../tools/security/vexctl { };
+
   vgrep = callPackage ../tools/text/vgrep { };
 
   vhd2vl = callPackage ../applications/science/electronics/vhd2vl { };