From e9fade465fa856d80c47ac1a3ecc61c19c907cf4 Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Tue, 1 Oct 2024 08:16:58 -0300 Subject: [PATCH 1/4] fluxcd/update-script: use nix hash convert Eliminates deprecation warning of former pattern. --- pkgs/by-name/fl/fluxcd/update.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/fl/fluxcd/update.sh b/pkgs/by-name/fl/fluxcd/update.sh index 218eba0be91a..d81089203867 100755 --- a/pkgs/by-name/fl/fluxcd/update.sh +++ b/pkgs/by-name/fl/fluxcd/update.sh @@ -12,9 +12,9 @@ LATEST_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//') if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz) - SHA256=$(nix hash to-sri --type sha256 $SHA256) + SHA256=$(nix hash convert --hash-algo sha256 --to sri $SHA256) SPEC_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz) - SPEC_SHA256=$(nix hash to-sri --type sha256 $SPEC_SHA256) + SPEC_SHA256=$(nix hash convert --hash-algo sha256 --to sri $SPEC_SHA256) setKV () { sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${FLUXCD_PATH}/package.nix" @@ -27,7 +27,7 @@ if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then set +e VENDOR_HASH=$(nix-build --no-out-link -A fluxcd $NIXPKGS_PATH 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') - VENDOR_HASH=$(nix hash to-sri --type sha256 $VENDOR_HASH) + VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri $VENDOR_HASH) set -e if [ -n "${VENDOR_HASH:-}" ]; then From edfec4fee30e4c241f46e8da2a5ebee674aa57a6 Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Tue, 1 Oct 2024 08:32:22 -0300 Subject: [PATCH 2/4] fluxcd/update-script: add double quotes to prevent globbing and word splitting Eliminates tooling warnings. --- pkgs/by-name/fl/fluxcd/update.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pkgs/by-name/fl/fluxcd/update.sh b/pkgs/by-name/fl/fluxcd/update.sh index d81089203867..c8cc8901b9f1 100755 --- a/pkgs/by-name/fl/fluxcd/update.sh +++ b/pkgs/by-name/fl/fluxcd/update.sh @@ -8,30 +8,30 @@ FLUXCD_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" OLD_VERSION="$(nix-instantiate --eval -E "with import $NIXPKGS_PATH {}; fluxcd.version or (builtins.parseDrvName fluxcd.name).version" | tr -d '"')" LATEST_TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} --silent https://api.github.com/repos/fluxcd/flux2/releases/latest | jq -r '.tag_name') -LATEST_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//') +LATEST_VERSION=$(echo "${LATEST_TAG}" | sed 's/^v//') if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then - SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz) - SHA256=$(nix hash convert --hash-algo sha256 --to sri $SHA256) - SPEC_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz) - SPEC_SHA256=$(nix hash convert --hash-algo sha256 --to sri $SPEC_SHA256) + SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz") + SHA256=$(nix hash convert --hash-algo sha256 --to sri "$SHA256") + SPEC_SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz") + SPEC_SHA256=$(nix hash convert --hash-algo sha256 --to sri "$SPEC_SHA256") setKV () { sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${FLUXCD_PATH}/package.nix" } - setKV version ${LATEST_VERSION} - setKV sha256 ${SHA256} - setKV manifestsSha256 ${SPEC_SHA256} + setKV version "${LATEST_VERSION}" + setKV sha256 "${SHA256}" + setKV manifestsSha256 "${SPEC_SHA256}" setKV vendorHash "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" # The same as lib.fakeHash set +e - VENDOR_HASH=$(nix-build --no-out-link -A fluxcd $NIXPKGS_PATH 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') - VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri $VENDOR_HASH) + VENDOR_HASH=$(nix-build --no-out-link -A fluxcd "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') + VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri "$VENDOR_HASH") set -e if [ -n "${VENDOR_HASH:-}" ]; then - setKV vendorHash ${VENDOR_HASH} + setKV vendorHash "${VENDOR_HASH}" else echo "Update failed. VENDOR_HASH is empty." exit 1 From b1332733d4e5c97f6cab8d0ec32cd1fcbab4fb9a Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Tue, 1 Oct 2024 08:24:03 -0300 Subject: [PATCH 3/4] fluxcd: 2.3.0 -> 2.4.0 Release: https://github.com/fluxcd/flux2/releases/tag/v2.4.0 --- pkgs/by-name/fl/fluxcd/package.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/pkgs/by-name/fl/fluxcd/package.nix b/pkgs/by-name/fl/fluxcd/package.nix index a1b520e5fe84..3e42a7c7763d 100644 --- a/pkgs/by-name/fl/fluxcd/package.nix +++ b/pkgs/by-name/fl/fluxcd/package.nix @@ -8,9 +8,10 @@ }: let - version = "2.3.0"; - hash = "sha256-ZQs1rWI31qDo/BgjrmiNnEdR2OL8bUHVz+j5VceEp2k="; - manifestsSha256 = "sha256-PdhR+UDquIJWtpSymtT6V7qO5fVJOkFz6RGzAx7xeb4="; + version = "2.4.0"; + hash = "sha256-b4mu/iijfALBm+7OIdKgZs55fR6xWfPgL6OMOgIOi3w="; + vendorHash = "sha256-rVyirt6+D1qedbTvPZjLog16sMAq+zyFUmbjnJIieRg="; + manifestsSha256 = "sha256-85Ykc6B+DP9PVqwGbvqsQCUHpx/IzIP9TgOt3id7P5g="; manifests = fetchzip { url = "https://github.com/fluxcd/flux2/releases/download/v${version}/manifests.tar.gz"; @@ -21,7 +22,7 @@ in buildGoModule rec { pname = "fluxcd"; - inherit version; + inherit vendorHash version; src = fetchFromGitHub { owner = "fluxcd"; @@ -30,8 +31,6 @@ buildGoModule rec { inherit hash; }; - vendorHash = "sha256-0YH3pgFrsnh5jIsZpj/sIgfiOCTtIlPltMS5mdGz1eM="; - postUnpack = '' cp -r ${manifests} source/cmd/flux/manifests From 477fb8c931d455e2fa3d3e5f235c8414ee33c1d8 Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Tue, 1 Oct 2024 08:49:20 -0300 Subject: [PATCH 4/4] fluxcd: fix update script breakage caused by #341924 --- pkgs/by-name/fl/fluxcd/package.nix | 8 ++++---- pkgs/by-name/fl/fluxcd/update.sh | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pkgs/by-name/fl/fluxcd/package.nix b/pkgs/by-name/fl/fluxcd/package.nix index 3e42a7c7763d..89786cf45ea8 100644 --- a/pkgs/by-name/fl/fluxcd/package.nix +++ b/pkgs/by-name/fl/fluxcd/package.nix @@ -9,13 +9,13 @@ let version = "2.4.0"; - hash = "sha256-b4mu/iijfALBm+7OIdKgZs55fR6xWfPgL6OMOgIOi3w="; + srcHash = "sha256-b4mu/iijfALBm+7OIdKgZs55fR6xWfPgL6OMOgIOi3w="; vendorHash = "sha256-rVyirt6+D1qedbTvPZjLog16sMAq+zyFUmbjnJIieRg="; - manifestsSha256 = "sha256-85Ykc6B+DP9PVqwGbvqsQCUHpx/IzIP9TgOt3id7P5g="; + manifestsHash = "sha256-85Ykc6B+DP9PVqwGbvqsQCUHpx/IzIP9TgOt3id7P5g="; manifests = fetchzip { url = "https://github.com/fluxcd/flux2/releases/download/v${version}/manifests.tar.gz"; - hash = manifestsSha256; + hash = manifestsHash; stripRoot = false; }; in @@ -28,7 +28,7 @@ buildGoModule rec { owner = "fluxcd"; repo = "flux2"; rev = "v${version}"; - inherit hash; + hash = srcHash; }; postUnpack = '' diff --git a/pkgs/by-name/fl/fluxcd/update.sh b/pkgs/by-name/fl/fluxcd/update.sh index c8cc8901b9f1..bc229dd6c72e 100755 --- a/pkgs/by-name/fl/fluxcd/update.sh +++ b/pkgs/by-name/fl/fluxcd/update.sh @@ -11,23 +11,23 @@ LATEST_TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} --silent https://api LATEST_VERSION=$(echo "${LATEST_TAG}" | sed 's/^v//') if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then - SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz") - SHA256=$(nix hash convert --hash-algo sha256 --to sri "$SHA256") - SPEC_SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz") - SPEC_SHA256=$(nix hash convert --hash-algo sha256 --to sri "$SPEC_SHA256") + SRC_SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz") + SRC_HASH=$(nix hash convert --hash-algo sha256 --to sri "$SRC_SHA256") + MANIFESTS_SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz") + MANIFESTS_HASH=$(nix hash convert --hash-algo sha256 --to sri "$MANIFESTS_SHA256") setKV () { sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${FLUXCD_PATH}/package.nix" } setKV version "${LATEST_VERSION}" - setKV sha256 "${SHA256}" - setKV manifestsSha256 "${SPEC_SHA256}" + setKV srcHash "${SRC_HASH}" + setKV manifestsHash "${MANIFESTS_HASH}" setKV vendorHash "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" # The same as lib.fakeHash set +e - VENDOR_HASH=$(nix-build --no-out-link -A fluxcd "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') - VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri "$VENDOR_HASH") + VENDOR_SHA256=$(nix-build --no-out-link -A fluxcd "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g') + VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri "$VENDOR_SHA256") set -e if [ -n "${VENDOR_HASH:-}" ]; then