diff options
| -rw-r--r-- | pkgs/tools/security/vault/update-bin.sh | 43 | ||||
| -rw-r--r-- | pkgs/tools/security/vault/vault-bin.nix | 90 |
2 files changed, 87 insertions, 46 deletions
diff --git a/pkgs/tools/security/vault/update-bin.sh b/pkgs/tools/security/vault/update-bin.sh new file mode 100644 index 00000000000..25f41e2aad1 --- /dev/null +++ b/pkgs/tools/security/vault/update-bin.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused gawk nix-prefetch + +set -euo pipefail + +ROOT="$(dirname "$(readlink -f "$0")")" +NIX_DRV="$ROOT/vault-bin.nix" +if [ ! -f "$NIX_DRV" ]; then + echo "ERROR: cannot find vault-bin in $ROOT" + exit 1 +fi + +fetch_arch() { + VER="$1"; ARCH="$2" + URL="https://releases.hashicorp.com/vault/${VER}/vault_${VER}_${ARCH}.zip" + nix-prefetch "{ stdenv, fetchzip }: +stdenv.mkDerivation rec { + pname = \"vault-bin\"; version = \"${VER}\"; + src = fetchzip { url = \"$URL\"; }; +} +" +} + +replace_sha() { + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" +} + +# https://releases.hashicorp.com/vault/1.9.4/vault_1.9.4_linux_arm64.zip +VAULT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/vault/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//') + +VAULT_LINUX_X86_SHA256=$(fetch_arch "$VAULT_VER" "linux_386") +VAULT_LINUX_X64_SHA256=$(fetch_arch "$VAULT_VER" "linux_amd64") +VAULT_DARWIN_X64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_amd64") +VAULT_LINUX_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "linux_arm64") +VAULT_DARWIN_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_arm64") + +sed -i "s/version = \".*\"/version = \"$VAULT_VER\"/" "$NIX_DRV" + +replace_sha "i686-linux" "$VAULT_LINUX_X86_SHA256" +replace_sha "x86_64-linux" "$VAULT_LINUX_X64_SHA256" +replace_sha "x86_64-darwin" "$VAULT_DARWIN_X64_SHA256" +replace_sha "aarch64-linux" "$VAULT_LINUX_AARCH64_SHA256" +replace_sha "aarch64-darwin" "$VAULT_DARWIN_AARCH64_SHA256" diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix index 1ffd793be8b..ebb70a1f629 100644 --- a/pkgs/tools/security/vault/vault-bin.nix +++ b/pkgs/tools/security/vault/vault-bin.nix @@ -1,63 +1,61 @@ -{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc }: +{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc, fetchzip }: -let - version = "1.9.1"; - - sources = let - base = "https://releases.hashicorp.com/vault/${version}"; - in { - x86_64-linux = fetchurl { - url = "${base}/vault_${version}_linux_amd64.zip"; - sha256 = "sha256-kP1wLbkktVCTZopVaT0h/WKqAG3Pd9g7qeruk4MIWJM="; - }; - i686-linux = fetchurl { - url = "${base}/vault_${version}_linux_386.zip"; - sha256 = "sha256-cTZ/hek8wQo9FxIRQ/cc23h7Nqjfonvprf492/lSzLw="; - }; - x86_64-darwin = fetchurl { - url = "${base}/vault_${version}_darwin_amd64.zip"; - sha256 = "sha256-uKW9Yl4PjxWJ886OVAHl1sbPhgYWoL6IJK44vczLQsY="; - }; - aarch64-darwin = fetchurl { - url = "${base}/vault_${version}_darwin_arm64.zip"; - sha256 = "sha256-J0qwUBcnZRZU5TTQB3K8wNE6rdQC1Boy/gKNQRvUYEI="; - }; - aarch64-linux = fetchurl { - url = "${base}/vault_${version}_linux_arm64.zip"; - sha256 = "sha256-eU5s15tBuZFThJGNtnjOV07tiBoVjSSHMS9sY2WqO1o="; - }; - }; - -in stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "vault-bin"; - inherit version; - - src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}"); - - nativeBuildInputs = [ makeWrapper unzip ]; + version = "1.10.0"; + + src = + let + inherit (stdenv.hostPlatform) system; + selectSystem = attrs: attrs.${system} or (throw "Unsupported system: ${system}"); + suffix = selectSystem { + x86_64-linux = "linux_amd64"; + aarch64-linux = "linux_arm64"; + i686-linux = "linux_386"; + x86_64-darwin = "darwin_amd64"; + aarch64-darwin = "darwin_arm64"; + }; + sha256 = selectSystem { + x86_64-linux = "sha256-enD/JcOmeavvUd/njbu7IksAqp9dKepVdYPkLJHA8OQ="; + aarch64-linux = "sha256-FDkgUqFEVJoSED/FWqOXa4BTO6AYwkLS2iZh+BkzlqA="; + i686-linux = "sha256-XUTWB5Ynu92SMP9Nt/0jAki6til4upKv1sdFzPbWxiw="; + x86_64-darwin = "sha256-QNCsbIza56NqSU7R6+Cx//WBXiEOz6CEMCjrx4AR1x8="; + aarch64-darwin = "sha256-LBgd8gqeU92336kypSIwMtKo7I1qB/RP2dNoIGJgq7k="; + }; + in + fetchzip { + url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip"; + inherit sha256; + }; - sourceRoot = "."; + dontConfigure = true; + dontBuild = true; + dontStrip = stdenv.isDarwin; installPhase = '' runHook preInstall - - mkdir -p $out/bin $out/share/bash-completion/completions - mv vault $out/bin - echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault - '' + lib.optionalString stdenv.isLinux '' - wrapProgram $out/bin/vault \ - --prefix PATH : ${lib.makeBinPath [ gawk glibc ]} - + install -D vault $out/bin/vault runHook postInstall ''; - dontStrip = stdenv.isDarwin; + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/vault --help + $out/bin/vault version + runHook postInstallCheck + ''; + + dontPatchELF = true; + dontPatchShebangs = true; + + passthru.updateScript = ./update-bin.sh; meta = with lib; { homepage = "https://www.vaultproject.io"; description = "A tool for managing secrets, this binary includes the UI"; platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; license = licenses.mpl20; - maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man ]; + maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man techknowlogick ]; }; } |