tjh.dev
1#!/usr/bin/env bash
2set -e
3
4scriptName=update-source-version # do not use the .wrapped name
5
6die() {
7 echo "$scriptName: error: $1" >&2
8 exit 1
9}
10
11usage() {
12 echo "Usage: $scriptName <attr> <version> [<new-source-hash>] [<new-source-url>]"
13 echo " [--version-key=<version-key>] [--source-key=<source-key>]"
14 echo " [--system=<system>] [--file=<file-to-update>] [--rev=<revision>]"
15 echo " [--ignore-same-hash] [--print-changes]"
16}
17
18args=()
19
20for arg in "$@"; do
21 case $arg in
22 --system=*)
23 system="${arg#*=}"
24 systemArg="--system ${arg#*=}"
25 ;;
26 --version-key=*)
27 versionKey="${arg#*=}"
28 ;;
29 --source-key=*)
30 sourceKey="${arg#*=}"
31 ;;
32 --file=*)
33 nixFile="${arg#*=}"
34 if [[ ! -f "$nixFile" ]]; then
35 die "Could not find provided file $nixFile"
36 fi
37 ;;
38 --rev=*)
39 newRevision="${arg#*=}"
40 ;;
41 --ignore-same-hash)
42 ignoreSameHash="true"
43 ;;
44 --print-changes)
45 printChanges="true"
46 ;;
47 --help)
48 usage
49 exit 0
50 ;;
51 --*)
52 echo "$scriptName: Unknown argument: $arg"
53 usage
54 exit 1
55 ;;
56 *)
57 args["${#args[*]}"]=$arg
58 ;;
59 esac
60done
61
62attr=${args[0]}
63newVersion=${args[1]}
64newHash=${args[2]}
65newUrl=${args[3]}
66
67# Third-party repositories might not accept arguments in their default.nix.
68importTree="(let tree = import ./.; in if builtins.isFunction tree then tree {} else tree)"
69
70if (( "${#args[*]}" < 2 )); then
71 echo "$scriptName: Too few arguments"
72 usage
73 exit 1
74fi
75
76if (( "${#args[*]}" > 4 )); then
77 echo "$scriptName: Too many arguments"
78 usage
79 exit 1
80fi
81
82if [[ -z "$versionKey" ]]; then
83 versionKey=version
84fi
85
86if [[ -z "$sourceKey" ]]; then
87 sourceKey=src
88fi
89
90# Allow finding packages among flake outputs in repos using flake-compat.
91pname=$(nix-instantiate $systemArg --eval --strict -A "$attr.name" || echo)
92if [[ -z "$pname" ]]; then
93 if [[ -z "$system" ]]; then
94 system=$(nix-instantiate --eval -E 'builtins.currentSystem' | tr -d '"')
95 fi
96
97 pname=$(nix-instantiate $systemArg --eval --strict -A "packages.$system.$attr.name" || echo)
98 if [[ -n "$pname" ]]; then
99 attr="packages.$system.$attr"
100 else
101 pname=$(nix-instantiate $systemArg --eval --strict -A "legacyPackages.$system.$attr.name" || echo)
102 if [[ -n "$pname" ]]; then
103 attr="legacyPackages.$system.$attr"
104 else
105 die "Could not find attribute '$attr'!"
106 fi
107 fi
108fi
109
110if [[ -z "$nixFile" ]]; then
111 nixFile=$(nix-instantiate $systemArg --eval --strict -A "$attr.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/')
112 if [[ ! -f "$nixFile" ]]; then
113 die "Couldn't evaluate '$attr.meta.position' to locate the .nix file!"
114 fi
115
116 # flake-compat will return paths in the Nix store, we need to correct for that.
117 possiblyOutPath=$(nix-instantiate $systemArg --eval -E "with $importTree; outPath" 2>/dev/null | tr -d '"')
118 if [[ -n "$possiblyOutPath" ]]; then
119 outPathEscaped=$(echo "$possiblyOutPath" | sed 's#[$^*\\.[|]#\\&#g')
120 pwdEscaped=$(echo "$PWD" | sed 's#[$^*\\.[|]#\\&#g')
121 nixFile=$(echo "$nixFile" | sed "s|^$outPathEscaped|$pwdEscaped|")
122 fi
123fi
124
125oldHashAlgo=$(nix-instantiate $systemArg --eval --strict -A "$attr.$sourceKey.drvAttrs.outputHashAlgo" | tr -d '"')
126oldHash=$(nix-instantiate $systemArg --eval --strict -A "$attr.$sourceKey.drvAttrs.outputHash" | tr -d '"')
127
128if [[ -z "$oldHashAlgo" || -z "$oldHash" ]]; then
129 die "Couldn't evaluate old source hash from '$attr.$sourceKey'!"
130fi
131
132if [[ $(grep --count "$oldHash" "$nixFile") != 1 ]]; then
133 die "Couldn't locate old source hash '$oldHash' (or it appeared more than once) in '$nixFile'!"
134fi
135
136oldUrl=$(nix-instantiate $systemArg --eval -E "with $importTree; builtins.elemAt ($attr.$sourceKey.drvAttrs.urls or [ $attr.$sourceKey.url ]) 0" | tr -d '"')
137
138if [[ -z "$oldUrl" ]]; then
139 die "Couldn't evaluate source url from '$attr.$sourceKey'!"
140fi
141
142oldVersion=$(nix-instantiate $systemArg --eval -E "with $importTree; $attr.${versionKey} or (builtins.parseDrvName $attr.name).version" | tr -d '"')
143
144if [[ -z "$oldVersion" ]]; then
145 die "Couldn't find out the old version of '$attr'!"
146fi
147
148if [[ "$oldVersion" = "$newVersion" ]]; then
149 echo "$scriptName: New version same as old version, nothing to do." >&2
150 if [ -n "$printChanges" ]; then
151 printf '[]\n'
152 fi
153 exit 0
154fi
155
156if [[ -n "$newRevision" ]]; then
157 oldRevision=$(nix-instantiate $systemArg --eval -E "with $importTree; $attr.$sourceKey.rev" | tr -d '"')
158 if [[ -z "$oldRevision" ]]; then
159 die "Couldn't evaluate source revision from '$attr.$sourceKey'!"
160 fi
161fi
162
163# Escape regex metacharacter that are allowed in store path names
164oldVersionEscaped=$(echo "$oldVersion" | sed -re 's|[.+]|\\&|g')
165oldUrlEscaped=$(echo "$oldUrl" | sed -re 's|[${}.+]|\\&|g')
166
167if [[ $(grep --count --extended-regexp "^\s*(let\b)?\s*$versionKey\s*=\s*\"$oldVersionEscaped\"" "$nixFile") = 1 ]]; then
168 pattern="/\b$versionKey\b\s*=/ s|\"$oldVersionEscaped\"|\"$newVersion\"|"
169elif [[ $(grep --count --extended-regexp "^\s*(let\b)?\s*name\s*=\s*\"[^\"]+-$oldVersionEscaped\"" "$nixFile") = 1 ]]; then
170 pattern="/\bname\b\s*=/ s|-$oldVersionEscaped\"|-$newVersion\"|"
171else
172 die "Couldn't figure out where out where to patch in new version in '$attr'!"
173fi
174
175if [[ "$oldHash" =~ ^(sha256|sha512)[:-] ]]; then
176 # Handle the possible SRI-style hash attribute (in the form ${type}${separator}${hash})
177 # True SRI uses dash as a separator and only supports base64, whereas Nix’s SRI-style format uses a colon and supports all the same encodings like regular hashes (16/32/64).
178 # To keep this program reasonably simple, we will upgrade Nix’s format to SRI.
179 oldHashAlgo="${BASH_REMATCH[1]}"
180 sri=true
181elif [[ "$oldHashAlgo" = "null" ]]; then
182 # Some fetcher functions support SRI-style `hash` attribute in addition to legacy type-specific attributes. When `hash` is used `outputHashAlgo` is null so let’s complain when SRI-style hash value was not detected.
183 die "Unable to figure out hashing scheme from '$oldHash' in '$attr'!"
184fi
185
186case "$oldHashAlgo" in
187 # Lengths of hex-encoded hashes
188 sha256) hashLength=64 ;;
189 sha512) hashLength=128 ;;
190 *) die "Unhandled hash algorithm '$oldHashAlgo' in '$attr'!" ;;
191esac
192
193# Make a temporary all-zeroes hash of $hashLength characters
194tempHash=$(printf '%0*d' "$hashLength" 0)
195
196if [[ -n "$sri" ]]; then
197 # SRI hashes only support base64
198 # SRI hashes need to declare the hash type as part of the hash
199 tempHash="$(nix hash to-sri --type "$oldHashAlgo" "$tempHash" 2>/dev/null \
200 || nix to-sri --type "$oldHashAlgo" "$tempHash" 2>/dev/null)" \
201 || die "Failed to convert hash to SRI representation!"
202fi
203
204# Escape regex metacharacter that are allowed in hashes (+)
205oldHashEscaped=$(echo "$oldHash" | sed -re 's|[+]|\\&|g')
206tempHashEscaped=$(echo "$tempHash" | sed -re 's|[+]|\\&|g')
207
208# Replace new version
209sed -i.bak "$nixFile" -re "$pattern"
210if cmp -s "$nixFile" "$nixFile.bak"; then
211 die "Failed to replace version '$oldVersion' to '$newVersion' in '$attr'!"
212fi
213
214# Replace new URL
215if [[ -n "$newUrl" ]]; then
216 sed -i "$nixFile" -re "s|\"$oldUrlEscaped\"|\"$newUrl\"|"
217
218 if cmp -s "$nixFile" "$nixFile.bak"; then
219 die "Failed to replace source URL '$oldUrl' to '$newUrl' in '$attr'!"
220 fi
221fi
222
223sed -i "$nixFile" -re "s|\"$oldHashEscaped\"|\"$tempHash\"|"
224if cmp -s "$nixFile" "$nixFile.bak"; then
225 die "Failed to replace source hash of '$attr' to a temporary hash!"
226fi
227
228# Replace new revision, if given
229if [[ -n "$newRevision" ]]; then
230 sed -i "$nixFile" -re "s|\"$oldRevision\"|\"$newRevision\"|"
231
232 if cmp -s "$nixFile" "$nixFile.bak"; then
233 die "Failed to replace source revision '$oldRevision' to '$newRevision' in '$attr'!"
234 fi
235fi
236
237# If new hash not given on the command line, recalculate it ourselves.
238if [[ -z "$newHash" ]]; then
239 nix-build $systemArg --no-out-link -A "$attr.$sourceKey" 2>"$attr.fetchlog" >/dev/null || true
240 # FIXME: use nix-build --hash here once https://github.com/NixOS/nix/issues/1172 is fixed
241 newHash=$(sed '1,/hash mismatch in fixed-output derivation/d' "$attr.fetchlog" | grep --perl-regexp --only-matching 'got: +.+[:-]\K.+')
242
243 if [[ -n "$sri" ]]; then
244 # nix-build preserves the hashing scheme so we can just convert the result to SRI using the old type
245 newHash="$(nix hash to-sri --type "$oldHashAlgo" "$newHash" 2>/dev/null \
246 || nix to-sri --type "$oldHashAlgo" "$newHash" 2>/dev/null)" \
247 || die "Failed to convert hash to SRI representation!"
248 fi
249fi
250
251if [[ -z "$newHash" ]]; then
252 cat "$attr.fetchlog" >&2
253 die "Couldn't figure out new hash of '$attr.$sourceKey'!"
254fi
255
256if [[ -z "${ignoreSameHash}" && "$oldVersion" != "$newVersion" && "$oldHash" = "$newHash" ]]; then
257 mv "$nixFile.bak" "$nixFile"
258 die "Both the old and new source hashes of '$attr.$sourceKey' were equivalent. Please fix the package's source URL to be dependent on '\${version}'!"
259fi
260
261sed -i "$nixFile" -re "s|\"$tempHashEscaped\"|\"$newHash\"|"
262if cmp -s "$nixFile" "$nixFile.bak"; then
263 die "Failed to replace temporary source hash of '$attr' to the final source hash!"
264fi
265
266rm -f "$nixFile.bak"
267rm -f "$attr.fetchlog"
268
269if [ -n "$printChanges" ]; then
270 printf '[{"attrPath":"%s","oldVersion":"%s","newVersion":"%s","files":["%s"]}]\n' "$attr" "$oldVersion" "$newVersion" "$nixFile"
271fi