notary: drop; notation: cleanup (#461273)

- `mx-puppet-discord` was removed from Nixpkgs along with its NixOS module as it was unmaintained and was the only user of sha1 hashes in tree.

- `notary` has been removed because it was [archived upstream](https://github.com/notaryproject/.github/issues/70). Upstream recommends [`notation`](https://github.com/notaryproject/notation/) instead.

- `gradience` has been removed because it was archived upstream.

- `kbd` package's `outputs` now include a `man` and `scripts` outputs. The `unicode_start` and `unicode_stop` Bash scripts are now part of the `scripts` output, allowing most usages of the `kbd` package to not pull in `bash`.

{

  lib,

  fetchFromGitHub,

  buildGoModule,

}:

buildGoModule rec {

  pname = "notary";

  version = "0.6.1-unstable-2024-04-16";

  src = fetchFromGitHub {

    owner = "notaryproject";

    repo = "notary";

    rev = "9d2b3b35929392c9945d976b8bdecbe2f53a299e";

    hash = "sha256-u19BfTJwRWholK0b3BcgSmcMM9AR7OeXo64AOi87r0A=";

  };

  vendorHash = null;

  tags = [

    "pkcs11"

  ];

  ldflags = [

    "-X github.com/theupdateframework/notary/version.NotaryVersion=${version}"

  ];

  # Tests try to use network.

  doCheck = false;

  meta = {

    description = "Project that allows anyone to have trust over arbitrary collections of data";

    mainProgram = "notary";

    longDescription = ''

      The Notary project comprises a server and a client for running and

      interacting with trusted collections. See the service architecture

      documentation for more information.

      Notary aims to make the internet more secure by making it easy for people

      to publish and verify content. We often rely on TLS to secure our

      communications with a web server which is inherently flawed, as any

      compromise of the server enables malicious content to be substituted for

      the legitimate content.

      With Notary, publishers can sign their content offline using keys kept

      highly secure. Once the publisher is ready to make the content available,

      they can push their signed trusted collection to a Notary Server.

      Consumers, having acquired the publisher's public key through a secure

      channel, can then communicate with any notary server or (insecure) mirror,

      relying only on the publisher's key to determine the validity and

      integrity of the received content.

    '';

    license = lib.licenses.asl20;

    homepage = "https://github.com/theupdateframework/notary";

    maintainers = [ lib.maintainers.vdemeester ];

    platforms = lib.platforms.unix;

  };

}

{

  lib,

  stdenv,

  buildGoModule,

  fetchFromGitHub,

  installShellFiles,

  testers,

  stdenv,

  buildPackages,

  versionCheckHook,

}:

buildGoModule (finalAttrs: {

  ];

  # This is a Go sub-module and cannot be built directly (e2e tests).

  excludedPackages = [ "./test" ];

  excludedPackages = [

    "./test/e2e"

  ];

  # tests bind to localhost

  __darwinAllowLocalNetworking = true;

  ldflags = [

    "-s"

    "-X github.com/notaryproject/notation/internal/version.BuildMetadata="

  ];

  postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''

    installShellCompletion --cmd notation \

      --bash <($out/bin/notation completion bash) \

      --fish <($out/bin/notation completion fish) \

      --zsh <($out/bin/notation completion zsh)

  postInstall =

    let

      exe =

        if stdenv.buildPlatform.canExecute stdenv.hostPlatform then

          "${placeholder "out"}/bin/${finalAttrs.meta.mainProgram}"

        else

          lib.getExe buildPackages.notation;

    in

    ''

      installShellCompletion --cmd ${finalAttrs.meta.mainProgram} \

        --bash <(${exe} completion bash) \

        --fish <(${exe} completion fish) \

        --zsh <(${exe} completion zsh)

    '';

  passthru.tests.version = testers.testVersion {

    package = finalAttrs.finalPackage;

    command = "notation version";

  };

  nativeInstallCheckInputs = [

    versionCheckHook

  ];

  doInstallCheck = true;

  versionCheckProgramArg = "version";

  meta = {

    description = "CLI tool to sign and verify OCI artifacts and container images";

    homepage = "https://notaryproject.dev/";

    license = lib.licenses.asl20;

    maintainers = [ ];

    maintainers = with lib.maintainers; [

      jk

      vdemeester

    ];

    mainProgram = "notation";

  };

})

  nm-tray = throw "'nm-tray' has been removed, as it only works with Plasma 5"; # Added 2025-08-30

  nomacs-qt6 = nomacs; # Added 2025-08-30

  norouter = throw "norouter has been removed because it has been marked as broken since at least November 2024."; # Added 2025-09-29

  notary = throw "'notary' has been removed due to being archived upstream. Consider using 'notation' instead."; # Added 2025-11-13

  notes-up = throw "'notes-up' has been removed as it was unmaintained and depends on deprecated webkitgtk_4_0"; # Added 2025-10-09

  notify-sharp = throw "'notify-sharp' has been removed as it was unmaintained and depends on deprecated dbus-sharp versions"; # Added 2025-08-25

  noto-fonts-emoji = throw "'noto-fonts-emoji' has been renamed to/replaced by 'noto-fonts-color-emoji'"; # Converted to throw 2025-10-27