diff --git a/pkgs/by-name/ku/kube-bench/package.nix b/pkgs/by-name/ku/kube-bench/package.nix index d7b6b371184e..d0ea98761382 100644 --- a/pkgs/by-name/ku/kube-bench/package.nix +++ b/pkgs/by-name/ku/kube-bench/package.nix @@ -2,28 +2,33 @@ lib, buildGoModule, fetchFromGitHub, + installShellFiles, + + versionCheckHook, }: -buildGoModule rec { +buildGoModule (finalAttrs: { pname = "kube-bench"; - version = "0.10.7"; + version = "0.11.1"; + + __darwinAllowLocalNetworking = true; # required for tests src = fetchFromGitHub { owner = "aquasecurity"; repo = "kube-bench"; - tag = "v${version}"; - hash = "sha256-5QY7rDFv6UV5qIdgKUGkb1DYZYid3POgEzPwSPKtHDU="; + tag = "v${finalAttrs.version}"; + hash = "sha256-3P5Cgnq7a/02c8zE6Rx1CUSwaq9K9EjfF0/AwarO4UE="; }; - vendorHash = "sha256-fmhlqPizAIVVzJAIHfY2gtCpJZY5Sx1Uih/7m7YEM98="; + vendorHash = "sha256-xgvK6se9f0c6pI3+rcj0+/bogvSYJkyMzVGrwv2gi84="; nativeBuildInputs = [ installShellFiles ]; ldflags = [ "-s" "-w" - "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${version}" + "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${finalAttrs.version}" ]; postInstall = '' @@ -36,20 +41,16 @@ buildGoModule rec { --zsh <($out/bin/kube-bench completion zsh) ''; + nativeInstallCheckInputs = [ versionCheckHook ]; doInstallCheck = true; - installCheckPhase = '' - runHook preInstallCheck - $out/bin/kube-bench --help - $out/bin/kube-bench version | grep "v${version}" - runHook postInstallCheck - ''; + versionCheckProgramArg = "version"; meta = { homepage = "https://github.com/aquasecurity/kube-bench"; - changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${version}"; + changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${finalAttrs.version}"; description = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark"; mainProgram = "kube-bench"; license = lib.licenses.asl20; maintainers = with lib.maintainers; [ jk ]; }; -} +})