mirror of https://github.com/tailscale/tailscale/
update-flake.sh: tooling to keep Nix SRI hashes in sync.
Also fixes the Go toolchain SRI hash from a7f05c6bb0
,
it turns out I initialized the file with an SRI hash for an older
toolchain version, and because of the unique way fixed-output derivations
work in nix, nix didn't tell me about the mismatch because it just
cache-hit on the older toolchain and moved on. Sigh.
Updates #6845.
Signed-off-by: David Anderson <danderson@tailscale.com>
pull/6847/head
parent
3599364312
commit
d2beaea523
@ -1 +1 @@
|
|||||||
sha256-BvwZ/90izw0Ip3lh8eNkJvU46LKnOOhEXF0axkBi/Es=
|
sha256-imidcDJGVor43PqdTX7Js4/tjQ0JA2E1GdjuyLiPDHI=
|
||||||
|
@ -0,0 +1,25 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Updates SRI hashes for flake.nix.
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
REV=$(cat go.toolchain.rev)
|
||||||
|
|
||||||
|
OUT=$(mktemp -d -t nar-hash-XXXXXX)
|
||||||
|
rm -rf $OUT
|
||||||
|
|
||||||
|
mkdir $OUT
|
||||||
|
curl --silent -L https://github.com/tailscale/go/archive/refs/tags/build-$REV.tar.gz | tar -zx -C $OUT --strip-components 1
|
||||||
|
go run tailscale.com/cmd/nardump --sri $OUT >go.toolchain.sri
|
||||||
|
rm -rf $OUT
|
||||||
|
|
||||||
|
go mod vendor -o $OUT
|
||||||
|
go run tailscale.com/cmd/nardump --sri $OUT >go.mod.sri
|
||||||
|
rm -rf $OUT
|
||||||
|
|
||||||
|
# nix-direnv only watches the top-level nix file for changes. As a
|
||||||
|
# result, when we change a referenced SRI file, we have to cause some
|
||||||
|
# change to shell.nix and flake.nix as well, so that nix-direnv
|
||||||
|
# notices and reevaluates everything. Sigh.
|
||||||
|
perl -pi -e "s,# nix-direnv cache busting line:.*,# nix-direnv cache busting line: $(cat go.toolchain.sri) $(cat go.mod.sri)," shell.nix
|
||||||
|
perl -pi -e "s,# nix-direnv cache busting line:.*,# nix-direnv cache busting line: $(cat go.toolchain.sri) $(cat go.mod.sri)," flake.nix
|
Loading…
Reference in New Issue