nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-26 06:44:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

fluxcd/update-script: add double quotes to prevent globbing and word splitting

Browse Source 
Eliminates tooling warnings.
This commit is contained in:
superherointj 2024-10-01 08:32:22 -03:00
parent e9fade465f
commit edfec4fee3
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkgs/by-name/fl/fluxcd/update.sh
View File

@ -8,30 +8,30 @@ FLUXCD_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
OLD_VERSION="$(nix-instantiate --eval -E "with import $NIXPKGS_PATH {}; fluxcd.version or (builtins.parseDrvName fluxcd.name).version" | tr -d '"')"
LATEST_TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} --silent https://api.github.com/repos/fluxcd/flux2/releases/latest | jq -r '.tag_name')
LATEST_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//')
LATEST_VERSION=$(echo "${LATEST_TAG}" | sed 's/^v//')
if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then
SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz)
SHA256=$(nix hash convert --hash-algo sha256 --to sri $SHA256)
SPEC_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz)
SPEC_SHA256=$(nix hash convert --hash-algo sha256 --to sri $SPEC_SHA256)
SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz")
SHA256=$(nix hash convert --hash-algo sha256 --to sri "$SHA256")
SPEC_SHA256=$(nix-prefetch-url --quiet --unpack "https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz")
SPEC_SHA256=$(nix hash convert --hash-algo sha256 --to sri "$SPEC_SHA256")
setKV () {
sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${FLUXCD_PATH}/package.nix"
}
setKV version ${LATEST_VERSION}
setKV sha256 ${SHA256}
setKV manifestsSha256 ${SPEC_SHA256}
setKV version "${LATEST_VERSION}"
setKV sha256 "${SHA256}"
setKV manifestsSha256 "${SPEC_SHA256}"
setKV vendorHash "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" # The same as lib.fakeHash
set +e
VENDOR_HASH=$(nix-build --no-out-link -A fluxcd $NIXPKGS_PATH 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')
VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri $VENDOR_HASH)
VENDOR_HASH=$(nix-build --no-out-link -A fluxcd "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')
VENDOR_HASH=$(nix hash convert --hash-algo sha256 --to sri "$VENDOR_HASH")
set -e
if [ -n "${VENDOR_HASH:-}" ]; then
setKV vendorHash ${VENDOR_HASH}
setKV vendorHash "${VENDOR_HASH}"
else
echo "Update failed. VENDOR_HASH is empty."
exit 1