From e1728ff7f53cc75f4ae228faae9088452d7063b3 Mon Sep 17 00:00:00 2001
From: superherointj <5861043+superherointj@users.noreply.github.com>
Date: Mon, 15 Apr 2024 13:21:38 -0300
Subject: [PATCH] fluxcd: use SRI hash in update script

---
 pkgs/applications/networking/cluster/fluxcd/update.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/applications/networking/cluster/fluxcd/update.sh b/pkgs/applications/networking/cluster/fluxcd/update.sh
index f252d587daaf..1763b37d3328 100755
--- a/pkgs/applications/networking/cluster/fluxcd/update.sh
+++ b/pkgs/applications/networking/cluster/fluxcd/update.sh
@@ -12,7 +12,9 @@ LATEST_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//')
 
 if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then
     SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz)
+    SHA256=$(nix hash to-sri --type sha256 $SHA256)
     SPEC_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz)
+    SPEC_SHA256=$(nix hash to-sri --type sha256 $SPEC_SHA256)
 
     setKV () {
         sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${FLUXCD_PATH}/default.nix"