nodejs: update update script (#401879) (4823eef5) · Commits · nix / nixpkgs

pkgs/development/web/nodejs/nodejs-release-keys.asc

deleted100644 → 0

+0 −776

File deleted.

Preview size limit exceeded, changes collapsed.

pkgs/development/web/nodejs/nodejs.nix

+4 −5

Original line number	Diff line number	Diff line
		@@ -25,7 +25,6 @@
		jq,
		curl,
		common-updater-scripts,
		nix,
		runtimeShell,
		gnupg,
		installShellFiles,
		@@ -520,13 +519,13 @@ let
		passthru.updateScript = import ./update.nix {
		inherit
		writeScript
		common-updater-scripts
		coreutils
		gnugrep
		jq
		curl
		common-updater-scripts
		fetchurl
		gnugrep
		gnupg
		nix
		jq
		runtimeShell
		;
		inherit lib;

pkgs/development/web/nodejs/update-keyring

deleted100755 → 0

+0 −18

Original line number	Diff line number	Diff line
		#!/usr/bin/env nix-shell
		#! nix-shell --pure -i bash -p coreutils findutils gnupg curl

		# https://github.com/nodejs/node#release-team
		HOME=`mktemp -d`
		keyserver="pool.sks-keyservers.net"
		cat << EOF \| xargs -P 4 -n 1 gpg --keyserver $keyserver --recv-keys
		94AE36675C464D64BAFA68DD7434390BDBE9B9C5
		FD3A5288F042B6850C66B31F09FE44734EB7990E
		71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
		DD8F2338BAE7501E3DD5AC78C273792F7D83545D
		C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
		B9AE9905FFD7803F25714661B63B535A4C206CA9
		56730D5401028683275BD23C23EFEFE93C4CFFFE
		77984A986EBC2AA786BC0F66B01FBB92821C587A
		EOF

		gpg -a --export > nodejs-release-keys.asc

pkgs/development/web/nodejs/update.nix

+26 −14

Original line number	Diff line number	Diff line
		{
		lib,
		writeScript,
		common-updater-scripts,
		coreutils,
		curl,
		fetchurl,
		gnugrep,
		jq,
		gnupg,
		common-updater-scripts,
		jq,
		majorVersion,
		nix,
		runtimeShell,
		}:

		let
		rev = "08bb3693621796b22511e56b8418737bd116d70b"; # should be the HEAD of nodejs/release-keys
		pubring = fetchurl {
		url = "https://github.com/nodejs/release-keys/raw/${rev}/gpg/pubring.kbx";
		hash = "sha256-j7auIjCzRV7GoX8jdtqHFniwmWWTBoRNmRYWWPFSJ/k=";
		};
		in
		writeScript "update-nodejs" ''
		#!${runtimeShell}

		set -e
		set -o pipefail

		PATH=${
		lib.makeBinPath [
		common-updater-scripts
		coreutils
		curl
		gnugrep
		jq
		gnupg
		nix
		jq
		]
		}

		HOME=`mktemp -d`
		cat ${./nodejs-release-keys.asc} \| gpg --import

		tags=`curl --silent https://api.github.com/repos/nodejs/node/git/refs/tags`
		version=`echo $tags \| jq -r '.[] \| select(.ref \| startswith("refs/tags/v${majorVersion}")) \| .ref' \| sort --version-sort \| tail -1 \| grep -oP "^refs/tags/v\K.*"`
		version=`\
		curl --silent https://api.github.com/repos/nodejs/node/git/refs/tags \| \
		jq -r '.[] \| select(.ref \| startswith("refs/tags/v${majorVersion}")) \| .ref' \| \
		sort --version-sort \| \
		tail -1 \| \
		grep -oP "^refs/tags/v\K.*"`

		curl --silent -o $HOME/SHASUMS256.txt.asc https://nodejs.org/dist/v''${version}/SHASUMS256.txt.asc
		hash_hex=`gpgv --keyring=$HOME/.gnupg/pubring.kbx --output - $HOME/SHASUMS256.txt.asc \| grep -oP "^([0-9a-f]{64})(?=\s+node-v''${version}.tar.xz$)"`
		hash=`nix-hash --type sha256 --to-base32 ''${hash_hex}`
		hash_hex=`
		curl --silent "https://nodejs.org/dist/v''${version}/SHASUMS256.txt.asc" \| \
		gpgv --keyring="${pubring}" --output - \| \
		grep -oP "^([0-9a-f]{64})(?=\s+node-v''${version}.tar.xz$)"`

		update-source-version nodejs_${majorVersion} "''${version}" "''${hash}"
		update-source-version nodejs_${majorVersion} "''${version}" "''${hash_hex}"
		''