witness 0.2.0 -> 0.3.0 https://github.com/in-toto/witness/releases
attrpath: witness
Checking auto update branch...
No auto update branch exists
[version]
[version] generic version rewriter does not support multiple hashes
[rustCrateVersion]
[rustCrateVersion] No cargoSha256 or cargoHash found
[golangModuleVersion]
[golangModuleVersion] Found old vendorHash = "sha256-pjcyAGdR8TsU9YBy5zd6u575vDKPwy8s85TXUsuxZiU="
[golangModuleVersion] Replaced vendorHash with sha256-ktBpv2NDsha2mN3OtZWIDkneR8zi1RZkVQdvi9XPSLY=
[golangModuleVersion] Finished updating vendorHash
[npmDepsVersion]
[npmDepsVersion] No npmDepsHash
[updateScript]
[updateScript] skipping because derivation has no updateScript
Diff after rewrites:
diff --git a/pkgs/tools/security/witness/default.nix b/pkgs/tools/security/witness/default.nix
index 42e6455ae7dd..2b600f4a8617 100644
--- a/pkgs/tools/security/witness/default.nix
+++ b/pkgs/tools/security/witness/default.nix
@@ -10,15 +10,15 @@
buildGoModule rec {
pname = "witness";
- version = "0.2.0";
+ version = "0.3.0";
src = fetchFromGitHub {
owner = "in-toto";
repo = "witness";
rev = "v${version}";
- sha256 = "sha256-U+dcaPi9Drg4I2SZlZPaR3Ryb+Dz27nyPI2XJPG/LWc=";
+ sha256 = "sha256-uwps/sHPgOdVhjaFxATVL5A/BGw6zPX/GSkYm802jmU=";
};
- vendorHash = "sha256-pjcyAGdR8TsU9YBy5zd6u575vDKPwy8s85TXUsuxZiU=";
+ vendorHash = "sha256-ktBpv2NDsha2mN3OtZWIDkneR8zi1RZkVQdvi9XPSLY=";
nativeBuildInputs = [ installShellFiles ];
Successfully finished processing
cachix "/nix/store/viqqvd7r8lw3ww0zj0x1a6jdffhjkmlk-witness-0.3.0"
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 15
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 15
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 10
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 17
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 17
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 17
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 17
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 17
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 17
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 16
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 16
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 16
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 15
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 15
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 14
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 11
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 12
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 13
Waiting for OfBorg: https://events.ofborg.org/stats.php's evaluator.messages.waiting = 15
[check][nixpkgs-review]
Result of `nixpkgs-review` run on x86_64-linux [1](https://github.com/Mic92/nixpkgs-review)
1 package built:
Automatic update generated by [nixpkgs-update](https://github.com/ryantm/nixpkgs-update) tools. This update was made based on information from https://github.com/in-toto/witness/releases.
meta.description for witness is: A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target
meta.homepage for witness is: https://github.com/testifysec/witness
meta.changelog for witness is: https://github.com/testifysec/witness/releases/tag/v0.3.0
###### Updates performed
- Golang update
###### To inspect upstream changes
- [Release on GitHub](https://github.com/in-toto/witness/releases/tag/v0.3.0)
- [Compare changes on GitHub](https://github.com/in-toto/witness/compare/v0.2.0...v0.3.0)
###### Impact
Checks done
---
- built on NixOS
- The tests defined in `passthru.tests`, if any, passed
- found 0.3.0 with grep in /nix/store/viqqvd7r8lw3ww0zj0x1a6jdffhjkmlk-witness-0.3.0
- found 0.3.0 in filename of file in /nix/store/viqqvd7r8lw3ww0zj0x1a6jdffhjkmlk-witness-0.3.0
---
Rebuild report (if merged into master) (click to expand)
```
1 total rebuild path(s)
1 package rebuild(s)
First fifty rebuilds by attrpath
witness
```
Instructions to test this update (click to expand)
---
Either **download from Cachix**:
```
nix-store -r /nix/store/viqqvd7r8lw3ww0zj0x1a6jdffhjkmlk-witness-0.3.0 \
--option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
--option trusted-public-keys '
nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
'
```
(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the `trusted-users` list or you can use `sudo` since root is effectively trusted.
Or, **build yourself**:
```
nix-build -A witness https://github.com/r-ryantm/nixpkgs/archive/fa1a13caaa73092ddda8cc7623b0644e45ba4238.tar.gz
```
Or:
```
nix build github:r-ryantm/nixpkgs/fa1a13caaa73092ddda8cc7623b0644e45ba4238#witness
```
After you've downloaded or built it, look at the files and if there are any, run the binaries:
```
ls -la /nix/store/viqqvd7r8lw3ww0zj0x1a6jdffhjkmlk-witness-0.3.0
ls -la /nix/store/viqqvd7r8lw3ww0zj0x1a6jdffhjkmlk-witness-0.3.0/bin
```
---
### Pre-merge build results
We have automatically built all packages that will get rebuilt due to
this change.
This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as _failed to build_ independent of the
change, simply because they are already broken on the target branch.
Result of `nixpkgs-review` run on x86_64-linux [1](https://github.com/Mic92/nixpkgs-review)
1 package built:
---
###### Maintainer pings
cc @fkautz @06kellyjac for [testing](https://github.com/ryantm/nixpkgs-update/blob/master/doc/nixpkgs-maintainer-faq.md#r-ryantm-opened-a-pr-for-my-package-what-do-i-do).
https://api.github.com/repos/NixOS/nixpkgs/pulls/290183