diff options
| author | Felix Schröter <dev@felschr.com> | 2023-05-13 23:54:14 +0200 |
|---|---|---|
| committer | Felix Schröter <dev@felschr.com> | 2023-05-31 14:42:11 +0200 |
| commit | e9d18d3644097041e634fdca7e4e956e684cb5aa (patch) | |
| tree | f9fde865f0b3e3f426c5b46c66350c772df5f5d9 /pkgs/applications/networking/browsers | |
| parent | 69867f9de40f0d24276eeaf957b36a34541214fe (diff) | |
| download | nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.tar nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.tar.gz nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.tar.bz2 nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.tar.lz nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.tar.xz nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.tar.zst nixpkgs-e9d18d3644097041e634fdca7e4e956e684cb5aa.zip | |
tor-browser-bundle-bin: add passthru.updateScript
Diffstat (limited to 'pkgs/applications/networking/browsers')
| -rw-r--r-- | pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix | 14 | ||||
| -rw-r--r-- | pkgs/applications/networking/browsers/tor-browser-bundle-bin/update.nix | 62 |
2 files changed, 73 insertions, 3 deletions
diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix index 9166dfde660..02186cc8ea2 100644 --- a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix +++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix @@ -2,6 +2,7 @@ , fetchurl , makeDesktopItem , writeText +, callPackage # Common run-time dependencies , zlib @@ -92,7 +93,7 @@ let lang = "ALL"; - srcs = { + sources = { x86_64-linux = fetchurl { urls = [ "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz" @@ -131,7 +132,7 @@ stdenv.mkDerivation rec { pname = "tor-browser-bundle-bin"; inherit version; - src = srcs.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); + src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); preferLocalBuild = true; allowSubstitutes = false; @@ -447,6 +448,13 @@ stdenv.mkDerivation rec { runHook postInstall ''; + passthru = { + inherit sources; + updateScript = callPackage ./update.nix { + inherit pname version meta; + }; + }; + meta = with lib; { description = "Tor Browser Bundle built by torproject.org"; longDescription = '' @@ -460,7 +468,7 @@ stdenv.mkDerivation rec { ''; homepage = "https://www.torproject.org/"; changelog = "https://gitweb.torproject.org/builders/tor-browser-build.git/plain/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt?h=maint-${version}"; - platforms = attrNames srcs; + platforms = attrNames sources; maintainers = with maintainers; [ offline matejc thoughtpolice joachifm hax404 KarlJoad ]; mainProgram = "tor-browser"; # MPL2.0+, GPL+, &c. While it's not entirely clear whether diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/update.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/update.nix new file mode 100644 index 00000000000..f169bd3c4ef --- /dev/null +++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/update.nix @@ -0,0 +1,62 @@ +{ lib +, writeShellScript +, coreutils +, gnused +, gnugrep +, curl +, gnupg +, nix +, common-updater-scripts + +# options +, pname +, version +, meta +, baseUrl ? "https://dist.torproject.org/torbrowser/" +# prefix used to match published archive +, prefix ? "tor-browser-" +# suffix used to match published archive +, suffix ? "_ALL.tar.xz" +}: + +writeShellScript "update-${pname}" '' + PATH="${lib.makeBinPath [ coreutils curl gnugrep gnused gnupg nix common-updater-scripts ]}" + set -euo pipefail + + trap + + url=${baseUrl} + version=$(curl -s $url \ + | sed -rne 's,^.*href="([0-9]+(\.[0-9]+)*)/".*,\1,p' \ + | sort --version-sort | tail -1) + + if [[ "${version}" = "$version" ]]; then + echo "The new version same as the old version." + exit 0 + fi + + HOME=$(mktemp -d) + export GNUPGHOME=$(mktemp -d) + trap 'rm -rf "$HOME" "$GNUPGHOME"' EXIT + + gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org + gpg --output $HOME/tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290 + + curl --silent --show-error --fail -o $HOME/shasums "$url$version/sha256sums-signed-build.txt" + curl --silent --show-error --fail -o $HOME/shasums.asc "$url$version/sha256sums-signed-build.txt.asc" + gpgv --keyring=$HOME/tor.keyring $HOME/shasums.asc $HOME/shasums + + declare -A platforms=( + ['x86_64-linux']='linux64' + ['i686-linux']='linux32' + ) + + for platform in ${lib.escapeShellArgs meta.platforms}; do + arch="''${platforms[$platform]}" + sha256=$(cat "$HOME/shasums" | grep "${prefix}""$arch-$version""${suffix}" | cut -d" " -f1) + hash=$(nix hash to-sri --type sha256 "$sha256") + + update-source-version "${pname}" "0" "sha256-${lib.fakeSha256}" --source-key="sources.$platform" + update-source-version "${pname}" "$version" "$hash" --source-key="sources.$platform" + done +'' |