tjh.dev
1{ git
2, lib
3, runtimeShell
4, writeScript
5, generation
6, gnupg
7}:
8let
9 inherit (lib) makeBinPath;
10 filename = lib.strings.replaceStrings [ "_" ] [ "." ] generation + ".json";
11 regex = lib.strings.replaceStrings [ "_" ] [ "[.]" ] generation;
12in
13writeScript "update-cassandra_${generation}" ''
14 #!${runtimeShell}
15 set -eux -o pipefail
16 test -d pkgs -a -d nixos -a -d lib || {
17 echo >&2 "$0 expects to be run in a nixpkgs checkout"
18 exit 1
19 }
20 cd pkgs/servers/nosql/cassandra
21 PATH="${makeBinPath [git gnupg]}:$PATH"
22
23 tmp="$(mktemp -d)"
24 cleanup() {
25 rm -rf "$tmp"
26 }
27 trap cleanup EXIT
28
29 # get numeric-only versions, sort them latest first
30 git ls-remote --tags https://github.com/apache/cassandra \
31 | awk '{ if (match($0, /refs.tags.cassandra-([0-9.]*)$/, m)) print m[1] }' \
32 | sort -V \
33 | tac >$tmp/versions
34
35 version="$(grep -E '^${regex}' <$tmp/versions | head -n 1)"
36 path="cassandra/$version/apache-cassandra-$version-bin.tar.gz"
37 curl "https://downloads.apache.org/$path" >$tmp/src.tar.gz
38 curl "https://downloads.apache.org/$path.asc" >$tmp/src.tar.gz.asc
39
40 # See https://downloads.apache.org/cassandra/KEYS
41 # Make sure that any new key corresponds to someone on the project
42 for key in A4C465FEA0C552561A392A61E91335D77E3E87CB; do
43 gpg --trustdb-name "$tmp/trust.db" --batch --recv-keys "$key"
44 echo "$key:5:" | gpg --trustdb-name "$tmp/trust.db" --batch --import-ownertrust
45 done
46 gpg --trustdb-name "$tmp/trust.db" --batch --verify --trust-model direct $tmp/src.tar.gz.asc $tmp/src.tar.gz
47
48 hash="$(nix-prefetch-url "file://$tmp/src.tar.gz")"
49 cat >${filename} <<EOF
50 {
51 "version": "$version",
52 "sha256": "$hash"
53 }
54 EOF
55''