colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #255009 from meatballhat/tootcat-update-pr-174202

Browse Source 
mastodon: generate and read yarn hash from dependencies dir
This commit is contained in:
Kerstin 2023-09-27 13:58:46 +02:00 committed by GitHub
commit 962321fcc3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/build-support/node/fetch-yarn-deps/index.js
View File

@ -37,7 +37,9 @@ const downloadFileHttps = (fileName, url, expectedHash, hashType = 'sha1') => {
res.on('end', () => {
file.close()
const h = hash.read()
if (h != expectedHash) return reject(new Error(`hash mismatch, expected ${expectedHash}, got ${h}`))
if (expectedHash === undefined){
console.log(`Warning: lockfile url ${url} doesn't end in "#<hash>" to validate against. Downloaded file had hash ${h}.`);
} else if (h != expectedHash) return reject(new Error(`hash mismatch, expected ${expectedHash}, got ${h}`))
resolve()
})
res.on('error', e => reject(e))

5
pkgs/servers/mastodon/default.nix
View File

@ -7,7 +7,8 @@
, pname ? "mastodon"
, version ? import ./version.nix
, srcOverride ? null
, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
, dependenciesDir ? ./. # Expected to contain gemset.nix
, yarnHash ? import ./yarn-hash.nix
}:
stdenv.mkDerivation rec {
@ -43,7 +44,7 @@ stdenv.mkDerivation rec {
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
sha256 = "sha256-e3rl/WuKXaUdeDEYvo1sSubuIwtBjkbguCYdAijwXOA=";
hash = yarnHash;
};
nativeBuildInputs = [ fixup_yarn_lock nodejs-slim yarn mastodonGems mastodonGems.wrappedRuby brotli ];

10
pkgs/servers/mastodon/update.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p yarn2nix bundix coreutils diffutils nix-prefetch-github gnused jq
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps
set -e
OWNER=mastodon
@ -77,7 +77,8 @@ trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .hash)
HASH="$(echo "$JSON" | jq -r .sha256)"
HASH="$(nix hash to-sri --type sha256 "$HASH")"
echo "Creating version.nix"
echo "\"$VERSION\"" | sed 's/^"v/"/' > version.nix
@ -101,3 +102,8 @@ SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./so
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
echo "Creating yarn-hash.nix"
YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
printf '"%s"\n' "$YARN_HASH" > yarn-hash.nix

1
pkgs/servers/mastodon/yarn-hash.nix Normal file
View File

@ -0,0 +1 @@
"sha256-e3rl/WuKXaUdeDEYvo1sSubuIwtBjkbguCYdAijwXOA="