_1password-gui: Refactor update.sh to decrease manual work burden

let

  pname = "1password";

  version = if channel == "stable" then "8.10.60" else "8.10.68-12.BETA";

  sources = {

    stable = {

      x86_64-linux = {

        url = "https://downloads.1password.com/linux/tar/stable/x86_64/1password-${version}.x64.tar.gz";

        hash = "sha256-QCoV66LvGo6vA5fjuE3fG+LwehKVMPmgaDghh9YEvmA=";

      };

      aarch64-linux = {

        url = "https://downloads.1password.com/linux/tar/stable/aarch64/1password-${version}.arm64.tar.gz";

        hash = "sha256-E5TniXur9ATJ3ER/zTFc6EiBrH/kbNvIao0ADLyBZZE=";

      };

      x86_64-darwin = {

        url = "https://downloads.1password.com/mac/1Password-${version}-x86_64.zip";

        hash = "sha256-2Nv4CHKLgCFbU1TeJQhIq8YdkJSQJXtUw2S17B8cS4s=";

      };

      aarch64-darwin = {

        url = "https://downloads.1password.com/mac/1Password-${version}-aarch64.zip";

        hash = "sha256-drJiM8EiUM3M54+KPQdLvAmSfBH5YPqQk14yjHzoBtM=";

      };

    };

    beta = {

      x86_64-linux = {

        url = "https://downloads.1password.com/linux/tar/beta/x86_64/1password-${version}.x64.tar.gz";

        hash = "sha256-/0Y1qnCI/gXGKTHk9EIaUVbHTwRkOvwOOiMif6sRkqw=";

      };

      aarch64-linux = {

        url = "https://downloads.1password.com/linux/tar/beta/aarch64/1password-${version}.arm64.tar.gz";

        hash = "sha256-4J6a10r5n8ffqC5Y2pjO/GJLXY5AQDkQWmFNLYeK/Xw=";

      };

      x86_64-darwin = {

        url = "https://downloads.1password.com/mac/1Password-${version}-x86_64.zip";

        hash = "sha256-XvflRqqUI59ekuSiQXyACzS94VIrl8wJjemi0xAznZU=";

      };

      aarch64-darwin = {

        url = "https://downloads.1password.com/mac/1Password-${version}-aarch64.zip";

        hash = "sha256-UErp3pcSXz/C5s3JraLoBN89tL8ghgJ3XLpg7KtU8Sc=";

      };

    };

  };

  versions = builtins.fromJSON (builtins.readFile ./versions.json);

  inherit (versions.${channel} or (throw "unknown channel ${channel}")) version;

  sources = builtins.fromJSON (builtins.readFile ./sources.json);

  src = fetchurl {

    inherit

{

  "stable": {

    "x86_64-linux": {

      "url": "https://downloads.1password.com/linux/tar/stable/x86_64/1password-8.10.60.x64.tar.gz",

      "hash": "sha256-QCoV66LvGo6vA5fjuE3fG+LwehKVMPmgaDghh9YEvmA="

    },

    "aarch64-linux": {

      "url": "https://downloads.1password.com/linux/tar/stable/aarch64/1password-8.10.60.arm64.tar.gz",

      "hash": "sha256-E5TniXur9ATJ3ER/zTFc6EiBrH/kbNvIao0ADLyBZZE="

    },

    "x86_64-darwin": {

      "url": "https://downloads.1password.com/mac/1Password-8.10.60-x86_64.zip",

      "hash": "sha256-2Nv4CHKLgCFbU1TeJQhIq8YdkJSQJXtUw2S17B8cS4s="

    },

    "aarch64-darwin": {

      "url": "https://downloads.1password.com/mac/1Password-8.10.60-aarch64.zip",

      "hash": "sha256-drJiM8EiUM3M54+KPQdLvAmSfBH5YPqQk14yjHzoBtM="

    }

  },

  "beta": {

    "x86_64-linux": {

      "url": "https://downloads.1password.com/linux/tar/beta/x86_64/1password-8.10.68-12.BETA.x64.tar.gz",

      "hash": "sha256-/0Y1qnCI/gXGKTHk9EIaUVbHTwRkOvwOOiMif6sRkqw="

    },

    "aarch64-linux": {

      "url": "https://downloads.1password.com/linux/tar/beta/aarch64/1password-8.10.68-12.BETA.arm64.tar.gz",

      "hash": "sha256-4J6a10r5n8ffqC5Y2pjO/GJLXY5AQDkQWmFNLYeK/Xw="

    },

    "x86_64-darwin": {

      "url": "https://downloads.1password.com/mac/1Password-8.10.68-12.BETA-x86_64.zip",

      "hash": "sha256-XvflRqqUI59ekuSiQXyACzS94VIrl8wJjemi0xAznZU="

    },

    "aarch64-darwin": {

      "url": "https://downloads.1password.com/mac/1Password-8.10.68-12.BETA-aarch64.zip",

      "hash": "sha256-UErp3pcSXz/C5s3JraLoBN89tL8ghgJ3XLpg7KtU8Sc="

    }

  }

}

#!/usr/bin/env nix-shell

#!nix-shell -i bash -p jq

#!nix-shell -i bash -p jq gnupg

#shellcheck shell=bash

CURRENT_HASH=""

set -euo pipefail

print_hash() {

    OS="$1"

    CHANNEL="$2"

    ARCH="$3"

    VERSION="$4"

cd -- "$(dirname "${BASH_SOURCE[0]}")"

    if [[ "$OS" == "linux" ]]; then

        if [[ "$ARCH" == "x86_64" ]]; then

            EXT="x64.tar.gz"

mk_url() {

  local \

    base_url="https://downloads.1password.com" \

    os="$1" \

    channel="$2" \

    arch="$3" \

    version="$4"

  if [[ ${os} == "linux" ]]; then

    if [[ ${arch} == "x86_64" ]]; then

      ext="x64.tar.gz"

    else

            EXT="arm64.tar.gz"

      ext="arm64.tar.gz"

    fi

        URL="https://downloads.1password.com/${OS}/tar/${CHANNEL}/${ARCH}/1password-${VERSION}.${EXT}"

    url="${base_url}/${os}/tar/${channel}/${arch}/1password-${version}.${ext}"

  else

        EXT="$ARCH.zip"

        URL="https://downloads.1password.com/${OS}/1Password-${VERSION}-${EXT}"

    ext="${arch}.zip"

    url="${base_url}/mac/1Password-${version}-${ext}"

  fi

    CURRENT_HASH=$(nix store prefetch-file "$URL" --json | jq -r '.hash')

    echo "$CHANNEL ${ARCH}-${OS}: $CURRENT_HASH"

  echo "${url}"

}

if [[ -z "$STABLE_VER" && -n "$1" ]]; then

    STABLE_VER="$1"

cleanup() {

  if [[ -f ${GPG_KEYRING-} ]]; then

    rm "${GPG_KEYRING}"

  fi

if [[ -z "$BETA_VER" && -n "$2" ]]; then

    BETA_VER="$2"

  if [[ -f ${JSON_HEAP-} ]]; then

    rm "${JSON_HEAP}"

  fi

}

if [[ "${BETA_VER: -4}" != "BETA" ]]; then

    BETA_VER="$BETA_VER.BETA"

fi

trap cleanup EXIT

if [[ -z "$STABLE_VER" ]]; then

    echo "No 'STABLE_VER' environment variable provided, skipping"

else

    print_hash "linux" "stable" "x86_64" "$STABLE_VER"

    print_hash "linux" "stable" "aarch64" "$STABLE_VER"

    print_hash "mac" "stable" "x86_64" "$STABLE_VER"

    print_hash "mac" "stable" "aarch64" "$STABLE_VER"

fi

# Get channel versions from versions.json

declare -A version=(

  ["stable"]=$(jq -r '.stable.version' versions.json)

  ["beta"]=$(jq -r '.beta.version' versions.json)

)

if [[ -z "$BETA_VER" ]]; then

    echo "No 'BETA_VER' environment variable provided, skipping"

else

    print_hash "linux" "beta" "x86_64" "$BETA_VER"

    print_hash "linux" "beta" "aarch64" "$BETA_VER"

    print_hash "mac" "beta" "x86_64" "$BETA_VER"

    print_hash "mac" "beta" "aarch64" "$BETA_VER"

#

GPG_KEYRING=$(mktemp -t 1password.kbx.XXXXXX)

gpg --no-default-keyring --keyring "${GPG_KEYRING}" \

  --keyserver keyserver.ubuntu.com \

  --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

JSON_HEAP=$(mktemp -t 1password-gui.jsonheap.XXXXXX)

for channel in stable beta; do

  for os in linux darwin; do

    for arch in x86_64 aarch64; do

      url=$(mk_url ${os} ${channel} ${arch} "${version[${channel}]}")

      nix store prefetch-file --json "${url}" | jq "

        {

          \"${channel}\": {

             \"${arch}-${os}\": {

               \"url\": \"${url}\",

               \"hash\": .hash,

               \"storePath\": .storePath

             }

           }

        }" >> "${JSON_HEAP}"

      # For some reason 1Password PGP signs only Linux binaries.

      if [[ ${os} == "linux" ]]; then

         gpgv --keyring "${GPG_KEYRING}" \

           $(nix store prefetch-file --json "${url}.sig" | jq -r .storePath) \

           $(jq -r --slurp ".[-1].[].[].storePath" "${JSON_HEAP}")

      fi

    done

  done

done

# Combine heap of hash+url objects into a single JSON object.

jq --slurp 'reduce .[] as $x ({}; . * $x) | del (.[].[].storePath)' "${JSON_HEAP}" > sources.json

{

  "stable": {

    "version": "8.10.60"

  },

  "beta": {

    "version": "8.10.68-12.BETA"

  }

}