SUMMARY = "Container signing, verification and storage in an OCI registry" HOMEPAGE = "https://github.com/sigstore/cosign" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${S}/src/${GO_IMPORT}/COPYRIGHT.txt;md5=3830a9ca4f9dc30be01bfa2e4042dd46 \ file://${S}/src/${GO_IMPORT}/LICENSE;md5=86d3f3a95c324c9479bd8986968f4327 \ " GO_IMPORT = "github.com/sigstore/cosign" SRC_URI = "git://github.com/sigstore/cosign.git;branch=main;name=cosign;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX}" PV = "3.0.6+git" SRCREV_cosign = "f1ad3ee952313be5d74a49d67ba0aa8d0d5e351f" SRCREV_FORMAT = "cosign" # go-mod-discovery configuration GO_MOD_DISCOVERY_SRCDIR = "${S}/src/${GO_IMPORT}" GO_MOD_DISCOVERY_BUILD_TARGET = "./cmd/cosign" GO_MOD_DISCOVERY_GIT_REPO = "https://github.com/sigstore/cosign.git" GO_MOD_DISCOVERY_GIT_REF = "${SRCREV_cosign}" # Modules that can't be fetched via git (no repo metadata or unreachable commits) # - buf.build/gen/go: generated protobuf module, no git repository # - software.sslmate.com/src/go-pkcs12: commit not reachable via shallow fetch SRC_URI += "gomod://buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go;version=v1.36.11-20260209202127-80ab13bee0bf.1;sha256sum=${COSIGN_BUF_BUILD_SHA}" SRC_URI += "gomod://software.sslmate.com/src/go-pkcs12;version=v0.4.0;sha256sum=${COSIGN_PKCS12_SHA}" GO_MOD_VCS_EXCLUDE = "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go software.sslmate.com/src/go-pkcs12" # Checksums — run bitbake cosign -c fetch to get correct values on first use COSIGN_BUF_BUILD_SHA ?= "907cb90a97d72b869a0f2f08e71ebdaaa5a0efa57ca72ebd7d14ed5a9922b541" COSIGN_PKCS12_SHA ?= "55019a391e5302a51ba62e98909e006224b81207866da90beaf582ec0dee036f" # GO_MOD_FETCH_MODE: "vcs" (all git://) or "hybrid" (gomod:// + git://) GO_MOD_FETCH_MODE ?= "hybrid" # VCS mode: all modules via git:// include ${@ "go-mod-git.inc" if d.getVar("GO_MOD_FETCH_MODE") == "vcs" else ""} include ${@ "go-mod-cache.inc" if d.getVar("GO_MOD_FETCH_MODE") == "vcs" else ""} # Hybrid mode: gomod:// for most, git:// for selected include ${@ "go-mod-hybrid-gomod.inc" if d.getVar("GO_MOD_FETCH_MODE") == "hybrid" else ""} include ${@ "go-mod-hybrid-git.inc" if d.getVar("GO_MOD_FETCH_MODE") == "hybrid" else ""} include ${@ "go-mod-hybrid-cache.inc" if d.getVar("GO_MOD_FETCH_MODE") == "hybrid" else ""} # Dependency license tracking (generated by oe-go-mod-fetcher --scan-licenses) require go-mod-licenses.inc inherit go goarch inherit go-mod-discovery BBCLASSEXTEND = "native nativesdk"