From 03822d7864c8f1c45ed6d1e0af67d384ee59ddca Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Mon, 8 Jun 2026 14:10:32 +0200 Subject: pkgs/tails-iso: Add update script --- pkgs/by-name/ta/tails-iso/files.json | 7 ++++ pkgs/by-name/ta/tails-iso/package.nix | 10 +++--- pkgs/by-name/ta/tails-iso/update.sh | 66 +++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 5 deletions(-) create mode 100644 pkgs/by-name/ta/tails-iso/files.json create mode 100755 pkgs/by-name/ta/tails-iso/update.sh (limited to 'pkgs/by-name/ta') diff --git a/pkgs/by-name/ta/tails-iso/files.json b/pkgs/by-name/ta/tails-iso/files.json new file mode 100644 index 00000000..0e42badf --- /dev/null +++ b/pkgs/by-name/ta/tails-iso/files.json @@ -0,0 +1,7 @@ +{ + "version": "7.8.1", + "files": { + "iso.sig": "sha256-DQm+EHe0KllmzLQzGU61cqaRDNjhU3KUCtDzHKDwWck=", + "iso": "sha256-Y4Sch1ZgWUODi9rxcXimVrFvicXPCN6SgLvINvJGcvw=" + } +} diff --git a/pkgs/by-name/ta/tails-iso/package.nix b/pkgs/by-name/ta/tails-iso/package.nix index d790befd..b74e4023 100644 --- a/pkgs/by-name/ta/tails-iso/package.nix +++ b/pkgs/by-name/ta/tails-iso/package.nix @@ -13,20 +13,20 @@ sequoia-sq, libarchive, # for bsdtar }: let - version = "7.8.1"; + files = builtins.fromJSON (builtins.readFile (./files.json)); checked_iso = stdenv.mkDerivation (finalAttrs: { pname = "tails-iso"; - version = "amd64-${version}"; + version = "amd64-${files.version}"; srcs = [ (fetchurl { url = "https://tails.net/torrents/files/tails-${finalAttrs.version}.iso.sig"; - hash = "sha256-DQm+EHe0KllmzLQzGU61cqaRDNjhU3KUCtDzHKDwWck="; + hash = files.files."iso.sig"; }) (fetchurl { url = "https://download.tails.net/tails/stable/tails-${finalAttrs.version}/tails-${finalAttrs.version}.iso"; - hash = "sha256-Y4Sch1ZgWUODi9rxcXimVrFvicXPCN6SgLvINvJGcvw="; + hash = files.files."iso"; }) (fetchurl { url = "https://tails.net/tails-signing.key"; @@ -77,7 +77,7 @@ in ''; passthru = { - inherit version; + inherit (files) version; }; installPhase = '' diff --git a/pkgs/by-name/ta/tails-iso/update.sh b/pkgs/by-name/ta/tails-iso/update.sh new file mode 100755 index 00000000..5a2a81cd --- /dev/null +++ b/pkgs/by-name/ta/tails-iso/update.sh @@ -0,0 +1,66 @@ +#! /usr/bin/env sh + +set -e + +tmpHomePath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-url-XXXXXXXXXX")" +cleanup() { + chmod -R u+w "$tmpHomePath" + rm -rf "$tmpHomePath" +} +trap cleanup EXIT + +info() { + echo "$1" 1>&2 +} + +# Returns a name based on the url and reference +# +# This function needs to be in sync with nix's fetchgit implementation +# of urlToName() to re-use the same nix store paths. +url_to_name() { + url=$1 + + basename "$url" .git | cut -d: -f2 +} + +get_sha256() { + url="$1" + storePathName="$(url_to_name "$url")" + hashType="sha256" + + tmpOut="$tmpHomePath/$storePathName" + info "Prefetching '$url'..." + + curl --follow "$url" >"$tmpOut" + + # Compute the hash. + hash=$(nix-hash --flat --type "$hashType" --sri "$tmpOut") + + # Add the downloaded file to the Nix store. + finalPath=$(nix-store --add-fixed "$hashType" "$tmpOut") + + info " -> Downloaded to '$finalPath'" + echo "$hash" +} + +old_version="$(jq .version --raw-output <./files.json)" +new_version="$(curl --follow https://download.tails.net/tails/stable/ 2>/dev/null | html2text -links | grep --regexp='\s*[0-9]\. tails-amd64-' | sed 's/\s*[0-9]\. tails-amd64-\(.*\)\//\1/')" + +if [ "$old_version" = "$new_version" ]; then + # No need to update. + info exit 0 +fi + +final_version="amd64-$new_version" + +cat <