internal scripts: use pinned, cached pkgs
Instead of setting up the script PATH via nix-shell, use
`nix shell` with inputs from the nix-bitcoin flake.
Advantages:
- Uses the nixpkgs version from the nix-bitcoin flake instead of
`<nixpkgs>` from the user env (NIX_PATH), so the script runtime
env is reproducible.
- The pkg derivations for the runtime env are cached, which greatly
increases script startup speed.
This commit was generated by running the following script inside the
repo root dir:
def transform(path, src)
if src =~ /#! *nix-shell +-i +bash +-p +(.*)/
pkgs = $1
if src =~ /^.*?(set -e.*?pipefail)\n/
set_statement = $1
src.sub!($&, '')
end
src.sub!(/\A.*?#! *nix-shell.*?\n/m, '')
parents = ([ '..' ] * (path.split('/').count - 1)).join('/')
[
'#!/usr/bin/env bash',
*set_statement,
%(. "${BASH_SOURCE[0]%/*}/#{parents}/helper/run-in-nix-env" "#{pkgs}" "$@"),
nil,
src
].join("\n")
end
end
Dir['**/*.sh'].each do |f|
src = File.read(f)
if new_src = transform(f, src)
puts "Changed file #{f}"
File.write(f, new_src)
end
end
2022-08-22 15:57:39 +03:00
|
|
|
#!/usr/bin/env bash
|
2019-08-05 10:50:55 +03:00
|
|
|
set -euo pipefail
|
internal scripts: use pinned, cached pkgs
Instead of setting up the script PATH via nix-shell, use
`nix shell` with inputs from the nix-bitcoin flake.
Advantages:
- Uses the nixpkgs version from the nix-bitcoin flake instead of
`<nixpkgs>` from the user env (NIX_PATH), so the script runtime
env is reproducible.
- The pkg derivations for the runtime env are cached, which greatly
increases script startup speed.
This commit was generated by running the following script inside the
repo root dir:
def transform(path, src)
if src =~ /#! *nix-shell +-i +bash +-p +(.*)/
pkgs = $1
if src =~ /^.*?(set -e.*?pipefail)\n/
set_statement = $1
src.sub!($&, '')
end
src.sub!(/\A.*?#! *nix-shell.*?\n/m, '')
parents = ([ '..' ] * (path.split('/').count - 1)).join('/')
[
'#!/usr/bin/env bash',
*set_statement,
%(. "${BASH_SOURCE[0]%/*}/#{parents}/helper/run-in-nix-env" "#{pkgs}" "$@"),
nil,
src
].join("\n")
end
end
Dir['**/*.sh'].each do |f|
src = File.read(f)
if new_src = transform(f, src)
puts "Changed file #{f}"
File.write(f, new_src)
end
end
2022-08-22 15:57:39 +03:00
|
|
|
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@"
|
2019-08-05 10:50:55 +03:00
|
|
|
|
|
|
|
TMPDIR="$(mktemp -d -p /tmp)"
|
2022-08-16 22:00:00 +03:00
|
|
|
trap 'rm -rf $TMPDIR' EXIT
|
|
|
|
cd "$TMPDIR"
|
2019-08-05 10:50:55 +03:00
|
|
|
|
|
|
|
echo "Fetching latest release"
|
|
|
|
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
|
|
|
|
cd joinmarket-clientserver
|
2022-08-16 22:00:00 +03:00
|
|
|
latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
|
|
|
|
echo "Latest release is $latest"
|
2019-08-05 10:50:55 +03:00
|
|
|
|
|
|
|
# GPG verification
|
|
|
|
export GNUPGHOME=$TMPDIR
|
|
|
|
echo "Fetching Adam Gibson's key"
|
|
|
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
|
|
|
|
echo "Verifying latest release"
|
2022-08-16 22:00:00 +03:00
|
|
|
git verify-tag "$latest"
|
2019-08-05 10:50:55 +03:00
|
|
|
|
2022-08-16 22:00:00 +03:00
|
|
|
echo "tag: $latest"
|
2019-08-05 10:50:55 +03:00
|
|
|
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
|
|
|
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
|
2022-08-16 22:00:00 +03:00
|
|
|
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
|