2020-08-31 02:08:25 +03:00
|
|
|
# Create a local hackage repo, we can use as a repository in a cabal config
|
2019-05-21 15:05:03 +03:00
|
|
|
#
|
|
|
|
# This will include:
|
|
|
|
# - 01-index.tar.gz (the index file)
|
|
|
|
# - root.json and
|
|
|
|
# - mirrors.json as metadata items.
|
|
|
|
# - snapshot.json that records the index, root and mirrors.
|
|
|
|
# - timestamp.json that will record the snapshot.json
|
|
|
|
#
|
|
|
|
# This is all part of The Update Framework (TUF) and the specific implementation
|
|
|
|
# cabal-install (via hackage-security) does of it.
|
|
|
|
#
|
|
|
|
# We will create a completely unsigned bare repository. Using signing keys within
|
|
|
|
# nix would be pointless as we'd have to hardcode them to produce the same output
|
2020-08-31 02:08:25 +03:00
|
|
|
# reproducibly.
|
2019-05-21 15:05:03 +03:00
|
|
|
#
|
2020-05-02 13:16:34 +03:00
|
|
|
pkgs:
|
|
|
|
{ name, index }:
|
|
|
|
|
2022-07-28 11:03:05 +03:00
|
|
|
pkgs.buildPackages.runCommand "hackage-repo-${name}" { preferLocalBuild = true; } ''
|
2019-05-21 15:05:03 +03:00
|
|
|
mkdir -p $out
|
|
|
|
export expires="4000-01-01T00:00:00Z"
|
|
|
|
|
|
|
|
ln -sf ${index} $out/01-index.tar.gz
|
2022-02-17 14:42:11 +03:00
|
|
|
export index_md5=$(md5sum ${index} | awk '{ print $1 }')
|
|
|
|
export index_sha256=$(sha256sum ${index} | awk '{ print $1 }')
|
2020-10-21 11:51:23 +03:00
|
|
|
${
|
|
|
|
# When possible check the hash we calculate here against the `outputHash`
|
|
|
|
# of the index derivation (when the `extra-hackages` feature is used the index
|
|
|
|
# may not have an outputHash).
|
|
|
|
pkgs.lib.optionalString (index ? outputHash) ''
|
|
|
|
if [[ "${index.outputHash}" != "$index_sha256" ]]; then
|
|
|
|
echo "ERROR See https://github.com/input-output-hk/haskell.nix/issues/884"
|
2021-02-07 17:13:31 +03:00
|
|
|
exit 1
|
2020-10-21 11:51:23 +03:00
|
|
|
fi
|
|
|
|
''}
|
2019-05-21 15:05:03 +03:00
|
|
|
export index_length=$(stat --printf="%s" ${index})
|
|
|
|
|
|
|
|
substituteAll ${./root.json} $out/root.json
|
2022-02-17 14:42:11 +03:00
|
|
|
export root_md5=$(md5sum $out/root.json | awk '{ print $1 }')
|
|
|
|
export root_sha256=$(sha256sum $out/root.json | awk '{ print $1 }')
|
2019-05-21 15:05:03 +03:00
|
|
|
export root_length=$(stat --printf="%s" $out/root.json)
|
|
|
|
|
|
|
|
substituteAll ${./mirrors.json} $out/mirrors.json
|
2022-02-17 14:42:11 +03:00
|
|
|
export mirrors_md5=$(md5sum $out/mirrors.json | awk '{ print $1 }')
|
|
|
|
export mirrors_sha256=$(sha256sum $out/mirrors.json | awk '{ print $1 }')
|
2019-05-21 15:05:03 +03:00
|
|
|
export mirrors_length=$(stat --printf="%s" $out/mirrors.json)
|
|
|
|
|
|
|
|
substituteAll ${./snapshot.json} $out/snapshot.json
|
2022-02-17 14:42:11 +03:00
|
|
|
export snapshot_md5=$(md5sum $out/snapshot.json | awk '{ print $1 }')
|
|
|
|
export snapshot_sha256=$(sha256sum $out/snapshot.json | awk '{ print $1 }')
|
2019-05-21 15:05:03 +03:00
|
|
|
export snapshot_length=$(stat --printf="%s" $out/snapshot.json)
|
|
|
|
|
|
|
|
substituteAll ${./timestamp.json} $out/timestamp.json
|
|
|
|
''
|