{ lib, buildGoModule, fetchFromGitHub, stdenv, makeWrapper, gitMinimal, testers, gitsign }: buildGoModule rec { pname = "gitsign"; version = "0.8.0"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; hash = "sha256-COgoj5MrX7VBwjgfH+Ud7gp0gE7gpsYoyd0Jv4uXoec="; }; vendorHash = "sha256-btvFro0K0+9potwForIj/7h41l+LbUE0Gym9aHaWtEE="; subPackages = [ "." "cmd/gitsign-credential-cache" ]; nativeBuildInputs = [ makeWrapper ]; ldflags = [ "-s" "-w" "-X github.com/sigstore/gitsign/pkg/version.gitVersion=${version}" ]; preCheck = '' # test all paths unset subPackages ''; postInstall = '' for f in $out/bin/*; do wrapProgram $f --prefix PATH : ${lib.makeBinPath [ gitMinimal ]} done ''; passthru.tests.version = testers.testVersion { package = gitsign; }; meta = { homepage = "https://github.com/sigstore/gitsign"; changelog = "https://github.com/sigstore/gitsign/releases/tag/v${version}"; description = "Keyless Git signing using Sigstore"; license = lib.licenses.asl20; maintainers = with lib.maintainers; [ lesuisse developer-guy ]; }; }