tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / servers / nosql / cassandra / update-script.nix
at devShellTools-shell 61 lines 1.7 kB view raw
1{ 2 git, 3 lib, 4 runtimeShell, 5 writeScript, 6 generation, 7 gnupg, 8}: 9let 10 inherit (lib) makeBinPath; 11 filename = lib.strings.replaceStrings [ "_" ] [ "." ] generation + ".json"; 12 regex = lib.strings.replaceStrings [ "_" ] [ "[.]" ] generation; 13in 14writeScript "update-cassandra_${generation}" '' 15 #!${runtimeShell} 16 set -eux -o pipefail 17 test -d pkgs -a -d nixos -a -d lib || { 18 echo >&2 "$0 expects to be run in a nixpkgs checkout" 19 exit 1 20 } 21 cd pkgs/servers/nosql/cassandra 22 PATH="${ 23 makeBinPath [ 24 git 25 gnupg 26 ] 27 }:$PATH" 28 29 tmp="$(mktemp -d)" 30 cleanup() { 31 rm -rf "$tmp" 32 } 33 trap cleanup EXIT 34 35 # get numeric-only versions, sort them latest first 36 git ls-remote --tags https://github.com/apache/cassandra \ 37 | awk '{ if (match($0, /refs.tags.cassandra-([0-9.]*)$/, m)) print m[1] }' \ 38 | sort -V \ 39 | tac >$tmp/versions 40 41 version="$(grep -E '^${regex}' <$tmp/versions | head -n 1)" 42 path="cassandra/$version/apache-cassandra-$version-bin.tar.gz" 43 curl "https://downloads.apache.org/$path" >$tmp/src.tar.gz 44 curl "https://downloads.apache.org/$path.asc" >$tmp/src.tar.gz.asc 45 46 # See https://downloads.apache.org/cassandra/KEYS 47 # Make sure that any new key corresponds to someone on the project 48 for key in A4C465FEA0C552561A392A61E91335D77E3E87CB; do 49 gpg --trustdb-name "$tmp/trust.db" --batch --recv-keys "$key" 50 echo "$key:5:" | gpg --trustdb-name "$tmp/trust.db" --batch --import-ownertrust 51 done 52 gpg --trustdb-name "$tmp/trust.db" --batch --verify --trust-model direct $tmp/src.tar.gz.asc $tmp/src.tar.gz 53 54 hash="$(nix-prefetch-url "file://$tmp/src.tar.gz")" 55 cat >${filename} <<EOF 56 { 57 "version": "$version", 58 "sha256": "$hash" 59 } 60 EOF 61''