NixOS · marsam · Dec 26, 2020 · Dec 22, 2020 · Dec 22, 2020 · SuperSandro2000
diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix
@@ -1,19 +1,35 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ stdenv
+, lib
+, fetchFromGitHub
+, buildGoModule
+, pcsclite
+, PCSC
+, pkg-config
+}:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "step-ca";
-  version = "0.13.3";
-
-  goPackagePath = "github.com/smallstep/certificates";
+  version = "0.15.6";
 
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "certificates";
     rev = "v${version}";
-    sha256 = "1i42j7v5a5qqqb9ng8irblfyzykhyws0394q3zac290ymjijxbnq";
+    sha256 = "0n26692ph4q4cmrqammfazmx1k9p2bydwqc57q4hz5ni6jd31zbz";
   };
 
-  goDeps = ./deps.nix;
+  vendorSha256 = "0w0phyqymcg2h2jjasxmkf4ryn4y1bqahcy94rs738cqr5ifyfbg";
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs =
+    lib.optional stdenv.isLinux (lib.getDev pcsclite)
+    ++ lib.optional stdenv.isDarwin PCSC;
+
+  # Tests fail on darwin with
+  # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered]
+  # probably some sandboxing issue
+  doCheck = stdenv.isLinux;
 
   meta = with lib; {
     description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH";

diff --git a/pkgs/tools/security/step-ca/deps.nix b/pkgs/tools/security/step-ca/deps.nix
diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix
@@ -1,19 +1,26 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ lib
+, buildGoModule
+, fetchFromGitHub
+, fetchpatch
+}:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "step-cli";
-  version = "0.13.3";
-
-  goPackagePath = "github.com/smallstep/cli";
+  version = "0.15.3-22-g3ddc5aa";
 
+  # 0.15.3 isn't enough, because we need https://github.com/smallstep/cli/pull/394
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "cli";
-    rev = "v${version}";
-    sha256 = "0b5hk9a8yq1nyh8m1gmf28yiha95xwsc4dk321g84hvai7g47pbr";
+    rev = "3ddc5aaafccb23ba9a20abfa70109a2923f298e3";
+    sha256 = "1kd04hi764xa3f9p6aw6k9f6wa4y6xsmzby5jxvvkhim4w78brw0";
   };
 
-  goDeps = ./deps.nix;
+  preCheck = ''
+    # Tries to connect to smallstep.com
+    rm command/certificate/remote_test.go
+  '';
+  vendorSha256 = "04hckq78g1p04b2q0rq4xw6d880hqhkabbx1pc3pf8r1m6jxwz10";
 
   meta = with lib; {
     description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc";