Unverified Commit 7d7fedce authored Apr 15, 2024 by superherointj Committed by GitHub Apr 15, 2024

Merge pull request #304318 from superherointj/fluxcd-update-script-use-sri-hash

fluxcd: use SRI hash in update script

parents 8c874a07 7801483a

pkgs/applications/networking/cluster/fluxcd/default.nix

+2 −2

Original line number	Diff line number	Diff line
		@@ -8,8 +8,8 @@

		let
		version = "2.2.3";
		sha256 = "12rrai56hl86213lsi8i4qrah0v7a36nks38g5373imyl9g497ym";
		manifestsSha256 = "1hmzmzijpx49hh2ykv7vw3jp02dxr4qn3r1dma56g7b4nbk7aa8x";
		sha256 = "sha256-1Z9EXqK+xnFGeWjoac1QZwOoMiYRRU1HEAZRaEpUOYs=";
		manifestsSha256 = "sha256-HSl15rJknWeKqi3kYTHJvQlw5eD77OkFhIn0K+Ovv8I=";

		manifests = fetchzip {
		url =

pkgs/applications/networking/cluster/fluxcd/update.sh

+2 −0

Original line number	Diff line number	Diff line
		@@ -12,7 +12,9 @@ LATEST_VERSION=$(echo ${LATEST_TAG} \| sed 's/^v//')

		if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then
		SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz)
		SHA256=$(nix hash to-sri --type sha256 $SHA256)
		SPEC_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz)
		SPEC_SHA256=$(nix hash to-sri --type sha256 $SPEC_SHA256)

		setKV () {
		sed -i "s\|$1 = \".*\"\|$1 = \"${2:-}\"\|" "${FLUXCD_PATH}/default.nix"