From 0925a17c9ba9c041980f8451da5c1702bbaaeb07 Mon Sep 17 00:00:00 2001
From: 06kellyjac <dev@j-k.io>
Date: Wed, 7 Jul 2021 12:37:38 +0100
Subject: [PATCH] fulcio: init at 0.1.0

---
 pkgs/tools/security/fulcio/default.nix | 41 ++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix        |  2 ++
 2 files changed, 43 insertions(+)
 create mode 100644 pkgs/tools/security/fulcio/default.nix

diff --git a/pkgs/tools/security/fulcio/default.nix b/pkgs/tools/security/fulcio/default.nix
new file mode 100644
index 000000000000..4539f10e50d2
--- /dev/null
+++ b/pkgs/tools/security/fulcio/default.nix
@@ -0,0 +1,41 @@
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "fulcio";
+  version = "0.1.0";
+
+  src = fetchFromGitHub {
+    owner = "sigstore";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-+HWzhg+LTKpr9VJ9mzQghwOuGgp3EBb4/zltaqp0zHw=";
+  };
+  vendorSha256 = "sha256-1tR1vUm5eFBS93kELQoKWEyFlfMF28GBI8VEHxTyeM4=";
+
+  ldflags = [ "-s" "-w" ];
+
+  # Install completions post-install
+  nativeBuildInputs = [ installShellFiles ];
+
+  postInstall = ''
+    installShellCompletion --cmd fulcio \
+      --bash <($out/bin/fulcio completion bash) \
+      --fish <($out/bin/fulcio completion fish) \
+      --zsh <($out/bin/fulcio completion zsh)
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/fulcio --help
+    runHook postInstallCheck
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/sigstore/fulcio";
+    changelog = "https://github.com/sigstore/fulcio/releases/tag/${version}";
+    description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ lesuisse jk ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index be0b60596998..06e757e59e72 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4946,6 +4946,8 @@ in
 
   fswebcam = callPackage ../os-specific/linux/fswebcam { };
 
+  fulcio = callPackage ../tools/security/fulcio { };
+
   fuseiso = callPackage ../tools/filesystems/fuseiso { };
 
   fusuma = callPackage ../tools/inputmethods/fusuma {};