From 14607b352c6d8848666a071b655ea5feb36a73ea Mon Sep 17 00:00:00 2001
From: Vanessasaurus <814322+vsoch@users.noreply.github.com>
Date: Tue, 23 Nov 2021 10:56:45 -0700
Subject: adding new package go cosign (#27606)

Signed-off-by: vsoch <vsoch@users.noreply.github.com>

Co-authored-by: vsoch <vsoch@users.noreply.github.com>
---
 var/spack/repos/builtin/packages/cosign/package.py | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 var/spack/repos/builtin/packages/cosign/package.py

diff --git a/var/spack/repos/builtin/packages/cosign/package.py b/var/spack/repos/builtin/packages/cosign/package.py
new file mode 100644
index 0000000000..2ebc71b5bc
--- /dev/null
+++ b/var/spack/repos/builtin/packages/cosign/package.py
@@ -0,0 +1,34 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+import os
+
+from spack import *
+
+
+class Cosign(Package):
+    """
+    Cosign is a go package for container Signing, verification and storage
+    in an OCI registry.
+    """
+
+    homepage = "https://github.com/sigstore/cosign"
+    url      = "https://github.com/sigstore/cosign/archive/refs/tags/v1.3.1.tar.gz"
+    git      = "https://github.com/sigstore/cosign.git"
+
+    version('main', branch='main')
+    version('1.3.1', sha256='7f7e0af52ee8d795440e66dcc1a7a25783e22d30935f4f957779628b348f38af')
+
+    depends_on("go", type='build')
+
+    def setup_build_environment(self, env):
+        # Point GOPATH at the top of the staging dir for the build step.
+        env.prepend_path('GOPATH', self.stage.path)
+
+    def install(self, spec, prefix):
+        go = which("go")
+        go("build", "-o", "cosign", os.path.join("cmd", "cosign", "main.go"))
+        mkdirp(prefix.bin)
+        install("cosign", prefix.bin)
-- 
cgit v1.2.3-60-g2f50