public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #78913 from jtojnar/cus-fixes

Browse Source 
common-updater-scripts: Support SRI-style hash
This commit is contained in:
Jan Tojnar 2020-02-05 00:47:35 +01:00 committed by GitHub
commit f40a8a09fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/common-updater/scripts.nix
View File

@ -1,4 +1,4 @@
{ stdenv, makeWrapper, coreutils, gawk, gnused, gnugrep, diffutils, nix }: { stdenv, makeWrapper, coreutils, gnused, gnugrep, diffutils, nix }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "common-updater-scripts"; name = "common-updater-scripts";
@ -12,7 +12,7 @@ stdenv.mkDerivation {
cp ${./scripts}/* $out/bin cp ${./scripts}/* $out/bin
for f in $out/bin/*; do for f in $out/bin/*; do
wrapProgram $f --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gawk gnused gnugrep nix diffutils ]} wrapProgram $f --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnused gnugrep nix diffutils ]}
done done
''; '';
} }

80
pkgs/common-updater/scripts/update-source-version
View File

@ -11,6 +11,7 @@ die() {
usage() { usage() {
echo "Usage: $scriptName <attr> <version> [<new-source-hash>] [<new-source-url>]" echo "Usage: $scriptName <attr> <version> [<new-source-hash>] [<new-source-url>]"
echo " [--version-key=<version-key>] [--system=<system>] [--file=<file-to-update>]" echo " [--version-key=<version-key>] [--system=<system>] [--file=<file-to-update>]"
echo " [--ignore-same-hash]"
} }
args=() args=()
@ -25,7 +26,7 @@ for arg in "$@"; do
;; ;;
--file=*) --file=*)
nixFile="${arg#*=}" nixFile="${arg#*=}"
if [ ! -f "$nixFile" ]; then if [[ ! -f "$nixFile" ]]; then
die "Could not find provided file $nixFile" die "Could not find provided file $nixFile"
fi fi
;; ;;
@ -37,7 +38,7 @@ for arg in "$@"; do
exit 0 exit 0
;; ;;
--*) --*)
echo "$scriptName: Unknown argument: " $arg echo "$scriptName: Unknown argument: $arg"
usage usage
exit 1 exit 1
;; ;;
@ -52,25 +53,25 @@ newVersion=${args[1]}
newHash=${args[2]} newHash=${args[2]}
newUrl=${args[3]} newUrl=${args[3]}
if [ "${#args[*]}" -lt 2 ]; then if (( "${#args[*]}" < 2 )); then
echo "$scriptName: Too few arguments" echo "$scriptName: Too few arguments"
usage usage
exit 1 exit 1
fi fi
if [ "${#args[*]}" -gt 4 ]; then if (( "${#args[*]}" > 4 )); then
echo "$scriptName: Too many arguments" echo "$scriptName: Too many arguments"
usage usage
exit 1 exit 1
fi fi
if [ -z "$versionKey" ]; then if [[ -z "$versionKey" ]]; then
versionKey=version versionKey=version
fi fi
if [ -z "$nixFile" ]; then if [[ -z "$nixFile" ]]; then
nixFile=$(nix-instantiate $systemArg --eval --strict -A "$attr.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/') nixFile=$(nix-instantiate $systemArg --eval --strict -A "$attr.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/')
if [ ! -f "$nixFile" ]; then if [[ ! -f "$nixFile" ]]; then
die "Couldn't evaluate '$attr.meta.position' to locate the .nix file!" die "Couldn't evaluate '$attr.meta.position' to locate the .nix file!"
fi fi
fi fi
@ -78,28 +79,28 @@ fi
oldHashAlgo=$(nix-instantiate $systemArg --eval --strict -A "$attr.src.drvAttrs.outputHashAlgo" | tr -d '"') oldHashAlgo=$(nix-instantiate $systemArg --eval --strict -A "$attr.src.drvAttrs.outputHashAlgo" | tr -d '"')
oldHash=$(nix-instantiate $systemArg --eval --strict -A "$attr.src.drvAttrs.outputHash" | tr -d '"') oldHash=$(nix-instantiate $systemArg --eval --strict -A "$attr.src.drvAttrs.outputHash" | tr -d '"')
if [ -z "$oldHashAlgo" -o -z "$oldHash" ]; then if [[ -z "$oldHashAlgo" || -z "$oldHash" ]]; then
die "Couldn't evaluate old source hash from '$attr.src'!" die "Couldn't evaluate old source hash from '$attr.src'!"
fi fi
if [ $(grep -c "$oldHash" "$nixFile") != 1 ]; then if [[ $(grep --count "$oldHash" "$nixFile") != 1 ]]; then
die "Couldn't locate old source hash '$oldHash' (or it appeared more than once) in '$nixFile'!" die "Couldn't locate old source hash '$oldHash' (or it appeared more than once) in '$nixFile'!"
fi fi
oldUrl=$(nix-instantiate $systemArg --eval -E "with import ./. {}; builtins.elemAt ($attr.src.drvAttrs.urls or [ $attr.src.url ]) 0" | tr -d '"') oldUrl=$(nix-instantiate $systemArg --eval -E "with import ./. {}; builtins.elemAt ($attr.src.drvAttrs.urls or [ $attr.src.url ]) 0" | tr -d '"')
if [ -z "$oldUrl" ]; then if [[ -z "$oldUrl" ]]; then
die "Couldn't evaluate source url from '$attr.src'!" die "Couldn't evaluate source url from '$attr.src'!"
fi fi
drvName=$(nix-instantiate $systemArg --eval -E "with import ./. {}; lib.getName $attr" | tr -d '"') drvName=$(nix-instantiate $systemArg --eval -E "with import ./. {}; lib.getName $attr" | tr -d '"')
oldVersion=$(nix-instantiate $systemArg --eval -E "with import ./. {}; $attr.${versionKey} or (lib.getVersion $attr)" | tr -d '"') oldVersion=$(nix-instantiate $systemArg --eval -E "with import ./. {}; $attr.${versionKey} or (lib.getVersion $attr)" | tr -d '"')
if [ -z "$drvName" -o -z "$oldVersion" ]; then if [[ -z "$drvName" || -z "$oldVersion" ]]; then
die "Couldn't evaluate name and version from '$attr.name'!" die "Couldn't evaluate name and version from '$attr.name'!"
fi fi
if [ "$oldVersion" = "$newVersion" ]; then if [[ "$oldVersion" = "$newVersion" ]]; then
echo "$scriptName: New version same as old version, nothing to do." >&2 echo "$scriptName: New version same as old version, nothing to do." >&2
exit 0 exit 0
fi fi
@ -108,14 +109,41 @@ fi
oldVersionEscaped=$(echo "$oldVersion" | sed -re 's|[.+]|\\&|g') oldVersionEscaped=$(echo "$oldVersion" | sed -re 's|[.+]|\\&|g')
oldUrlEscaped=$(echo "$oldUrl" | sed -re 's|[${}.+]|\\&|g') oldUrlEscaped=$(echo "$oldUrl" | sed -re 's|[${}.+]|\\&|g')
if [ $(grep -c -E "^\s*(let\b)?\s*$versionKey\s*=\s*\"$oldVersionEscaped\"" "$nixFile") = 1 ]; then if [[ $(grep --count --extended-regexp "^\s*(let\b)?\s*$versionKey\s*=\s*\"$oldVersionEscaped\"" "$nixFile") = 1 ]]; then
pattern="/\b$versionKey\b\s*=/ s|\"$oldVersionEscaped\"|\"$newVersion\"|" pattern="/\b$versionKey\b\s*=/ s|\"$oldVersionEscaped\"|\"$newVersion\"|"
elif [ $(grep -c -E "^\s*(let\b)?\s*name\s*=\s*\"[^\"]+-$oldVersionEscaped\"" "$nixFile") = 1 ]; then elif [[ $(grep --count --extended-regexp "^\s*(let\b)?\s*name\s*=\s*\"[^\"]+-$oldVersionEscaped\"" "$nixFile") = 1 ]]; then
pattern="/\bname\b\s*=/ s|-$oldVersionEscaped\"|-$newVersion\"|" pattern="/\bname\b\s*=/ s|-$oldVersionEscaped\"|-$newVersion\"|"
else else
die "Couldn't figure out where out where to patch in new version in '$attr'!" die "Couldn't figure out where out where to patch in new version in '$attr'!"
fi fi
if [[ "$oldHash" =~ ^(sha256|sha512)[:-] ]]; then
# Handle the possible SRI-style hash attribute (in the form ${type}${separator}${hash})
# True SRI uses dash as a separator and only supports base64, whereas Nixs SRI-style format uses a colon and supports all the same encodings like regular hashes (16/32/64).
# To keep this program reasonably simple, we will upgrade Nixs format to SRI.
oldHashAlgo="${BASH_REMATCH[1]}"
sri=true
elif [[ "$oldHashAlgo" = "null" ]]; then
# Some fetcher functions support SRI-style `hash` attribute in addition to legacy type-specific attributes. When `hash` is used `outputHashAlgo` is null so lets complain when SRI-style hash value was not detected.
die "Unable to figure out hashing scheme from '$oldHash' in '$attr'!"
fi
case "$oldHashAlgo" in
# Lengths of hex-encoded hashes
sha256) hashLength=64 ;;
sha512) hashLength=128 ;;
*) die "Unhandled hash algorithm '$oldHashAlgo' in '$attr'!" ;;
esac
# Make a temporary all-zeroes hash of $hashLength characters
tempHash=$(printf '%0*d' "$hashLength" 0)
if [[ -n "$sri" ]]; then
# SRI hashes only support base64
# SRI hashes need to declare the hash type as part of the hash
tempHash="$(nix to-sri --type "$oldHashAlgo" "$tempHash")"
fi
# Replace new version # Replace new version
sed -i.bak "$nixFile" -re "$pattern" sed -i.bak "$nixFile" -re "$pattern"
if cmp -s "$nixFile" "$nixFile.bak"; then if cmp -s "$nixFile" "$nixFile.bak"; then
@ -123,7 +151,7 @@ if cmp -s "$nixFile" "$nixFile.bak"; then
fi fi
# Replace new URL # Replace new URL
if [ -n "$newUrl" ]; then if [[ -n "$newUrl" ]]; then
sed -i "$nixFile" -re "s|\"$oldUrlEscaped\"|\"$newUrl\"|" sed -i "$nixFile" -re "s|\"$oldUrlEscaped\"|\"$newUrl\"|"
if cmp -s "$nixFile" "$nixFile.bak"; then if cmp -s "$nixFile" "$nixFile.bak"; then
@ -131,33 +159,29 @@ if [ -n "$newUrl" ]; then
fi fi
fi fi
case "$oldHashAlgo" in
sha256) hashLength=64 ;;
sha512) hashLength=128 ;;
*) die "Unhandled hash algorithm '$oldHashAlgo' in '$attr'!" ;;
esac
# Make a temporary all-zeroes hash of $hashLength characters
tempHash=$(printf '%0*d' "$hashLength" 0)
sed -i "$nixFile" -re "s|\"$oldHash\"|\"$tempHash\"|" sed -i "$nixFile" -re "s|\"$oldHash\"|\"$tempHash\"|"
if cmp -s "$nixFile" "$nixFile.bak"; then if cmp -s "$nixFile" "$nixFile.bak"; then
die "Failed to replace source hash of '$attr' to a temporary hash!" die "Failed to replace source hash of '$attr' to a temporary hash!"
fi fi
# If new hash not given on the command line, recalculate it ourselves. # If new hash not given on the command line, recalculate it ourselves.
if [ -z "$newHash" ]; then if [[ -z "$newHash" ]]; then
nix-build $systemArg --no-out-link -A "$attr.src" 2>"$attr.fetchlog" >/dev/null || true nix-build $systemArg --no-out-link -A "$attr.src" 2>"$attr.fetchlog" >/dev/null || true
# FIXME: use nix-build --hash here once https://github.com/NixOS/nix/issues/1172 is fixed # FIXME: use nix-build --hash here once https://github.com/NixOS/nix/issues/1172 is fixed
newHash=$(egrep -v "killing process|dependencies couldn't be built|wanted: " "$attr.fetchlog" | tail -n2 | sed "s~output path .* has .* hash \(.*\) when .* was expected\|fixed-output derivation produced path '.*' with .* hash '\(.*\)' instead of the expected hash '.*'\| got: .*:\(.*\)~\1\2\3~" | head -n1) newHash=$(grep --extended-regexp --invert-match "killing process|dependencies couldn't be built|wanted: " "$attr.fetchlog" | tail -n2 | sed "s~output path .* has .* hash \(.*\) when .* was expected\|fixed-output derivation produced path '.*' with .* hash '\(.*\)' instead of the expected hash '.*'\| got: .*:\(.*\)~\1\2\3~" | head -n1)
fi fi
if [ -z "$newHash" ]; then if [[ -n "$sri" ]]; then
# nix-build preserves the hashing scheme so we can just convert the result to SRI using the old type
newHash="$(nix to-sri --type "$oldHashAlgo" "$newHash")"
fi
if [[ -z "$newHash" ]]; then
cat "$attr.fetchlog" >&2 cat "$attr.fetchlog" >&2
die "Couldn't figure out new hash of '$attr.src'!" die "Couldn't figure out new hash of '$attr.src'!"
fi fi
if [ -z "${ignoreSameHash}" ] && [ "$oldVersion" != "$newVersion" ] && [ "$oldHash" = "$newHash" ]; then if [[ -z "${ignoreSameHash}" && "$oldVersion" != "$newVersion" && "$oldHash" = "$newHash" ]]; then
mv "$nixFile.bak" "$nixFile" mv "$nixFile.bak" "$nixFile"
die "Both the old and new source hashes of '$attr.src' were equivalent. Please fix the package's source URL to be dependent on '\${version}'!" die "Both the old and new source hashes of '$attr.src' were equivalent. Please fix the package's source URL to be dependent on '\${version}'!"
fi fi