vault-bin: 1.9.1 -> 1.10.0
This commit is contained in:
techknowlogick
parent
49c656c8bb
commit
53354d41d9
43
pkgs/tools/security/vault/update-bin.sh
Normal file
43
pkgs/tools/security/vault/update-bin.sh
Normal file
@ -0,0 +1,43 @@
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl gnused gawk nix-prefetch
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
ROOT="$(dirname "$(readlink -f "$0")")"
|
||||
NIX_DRV="$ROOT/vault-bin.nix"
|
||||
if [ ! -f "$NIX_DRV" ]; then
|
||||
echo "ERROR: cannot find vault-bin in $ROOT"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
fetch_arch() {
|
||||
VER="$1"; ARCH="$2"
|
||||
URL="https://releases.hashicorp.com/vault/${VER}/vault_${VER}_${ARCH}.zip"
|
||||
nix-prefetch "{ stdenv, fetchzip }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = \"vault-bin\"; version = \"${VER}\";
|
||||
src = fetchzip { url = \"$URL\"; };
|
||||
}
|
||||
"
|
||||
}
|
||||
|
||||
replace_sha() {
|
||||
sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV"
|
||||
}
|
||||
|
||||
# https://releases.hashicorp.com/vault/1.9.4/vault_1.9.4_linux_arm64.zip
|
||||
VAULT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/vault/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
|
||||
|
||||
VAULT_LINUX_X86_SHA256=$(fetch_arch "$VAULT_VER" "linux_386")
|
||||
VAULT_LINUX_X64_SHA256=$(fetch_arch "$VAULT_VER" "linux_amd64")
|
||||
VAULT_DARWIN_X64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_amd64")
|
||||
VAULT_LINUX_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "linux_arm64")
|
||||
VAULT_DARWIN_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_arm64")
|
||||
|
||||
sed -i "s/version = \".*\"/version = \"$VAULT_VER\"/" "$NIX_DRV"
|
||||
|
||||
replace_sha "i686-linux" "$VAULT_LINUX_X86_SHA256"
|
||||
replace_sha "x86_64-linux" "$VAULT_LINUX_X64_SHA256"
|
||||
replace_sha "x86_64-darwin" "$VAULT_DARWIN_X64_SHA256"
|
||||
replace_sha "aarch64-linux" "$VAULT_LINUX_AARCH64_SHA256"
|
||||
replace_sha "aarch64-darwin" "$VAULT_DARWIN_AARCH64_SHA256"
|
||||
@ -1,63 +1,61 @@
|
||||
{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc }:
|
||||
{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc, fetchzip }:
|
||||
|
||||
let
|
||||
version = "1.9.1";
|
||||
|
||||
sources = let
|
||||
base = "https://releases.hashicorp.com/vault/${version}";
|
||||
in {
|
||||
x86_64-linux = fetchurl {
|
||||
url = "${base}/vault_${version}_linux_amd64.zip";
|
||||
sha256 = "sha256-kP1wLbkktVCTZopVaT0h/WKqAG3Pd9g7qeruk4MIWJM=";
|
||||
};
|
||||
i686-linux = fetchurl {
|
||||
url = "${base}/vault_${version}_linux_386.zip";
|
||||
sha256 = "sha256-cTZ/hek8wQo9FxIRQ/cc23h7Nqjfonvprf492/lSzLw=";
|
||||
};
|
||||
x86_64-darwin = fetchurl {
|
||||
url = "${base}/vault_${version}_darwin_amd64.zip";
|
||||
sha256 = "sha256-uKW9Yl4PjxWJ886OVAHl1sbPhgYWoL6IJK44vczLQsY=";
|
||||
};
|
||||
aarch64-darwin = fetchurl {
|
||||
url = "${base}/vault_${version}_darwin_arm64.zip";
|
||||
sha256 = "sha256-J0qwUBcnZRZU5TTQB3K8wNE6rdQC1Boy/gKNQRvUYEI=";
|
||||
};
|
||||
aarch64-linux = fetchurl {
|
||||
url = "${base}/vault_${version}_linux_arm64.zip";
|
||||
sha256 = "sha256-eU5s15tBuZFThJGNtnjOV07tiBoVjSSHMS9sY2WqO1o=";
|
||||
};
|
||||
};
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "vault-bin";
|
||||
inherit version;
|
||||
version = "1.10.0";
|
||||
|
||||
src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}");
|
||||
src =
|
||||
let
|
||||
inherit (stdenv.hostPlatform) system;
|
||||
selectSystem = attrs: attrs.${system} or (throw "Unsupported system: ${system}");
|
||||
suffix = selectSystem {
|
||||
x86_64-linux = "linux_amd64";
|
||||
aarch64-linux = "linux_arm64";
|
||||
i686-linux = "linux_386";
|
||||
x86_64-darwin = "darwin_amd64";
|
||||
aarch64-darwin = "darwin_arm64";
|
||||
};
|
||||
sha256 = selectSystem {
|
||||
x86_64-linux = "sha256-enD/JcOmeavvUd/njbu7IksAqp9dKepVdYPkLJHA8OQ=";
|
||||
aarch64-linux = "sha256-FDkgUqFEVJoSED/FWqOXa4BTO6AYwkLS2iZh+BkzlqA=";
|
||||
i686-linux = "sha256-XUTWB5Ynu92SMP9Nt/0jAki6til4upKv1sdFzPbWxiw=";
|
||||
x86_64-darwin = "sha256-QNCsbIza56NqSU7R6+Cx//WBXiEOz6CEMCjrx4AR1x8=";
|
||||
aarch64-darwin = "sha256-LBgd8gqeU92336kypSIwMtKo7I1qB/RP2dNoIGJgq7k=";
|
||||
};
|
||||
in
|
||||
fetchzip {
|
||||
url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper unzip ];
|
||||
|
||||
sourceRoot = ".";
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
dontStrip = stdenv.isDarwin;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $out/bin $out/share/bash-completion/completions
|
||||
mv vault $out/bin
|
||||
echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault
|
||||
'' + lib.optionalString stdenv.isLinux ''
|
||||
wrapProgram $out/bin/vault \
|
||||
--prefix PATH : ${lib.makeBinPath [ gawk glibc ]}
|
||||
|
||||
install -D vault $out/bin/vault
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
dontStrip = stdenv.isDarwin;
|
||||
doInstallCheck = true;
|
||||
installCheckPhase = ''
|
||||
runHook preInstallCheck
|
||||
$out/bin/vault --help
|
||||
$out/bin/vault version
|
||||
runHook postInstallCheck
|
||||
'';
|
||||
|
||||
dontPatchELF = true;
|
||||
dontPatchShebangs = true;
|
||||
|
||||
passthru.updateScript = ./update-bin.sh;
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://www.vaultproject.io";
|
||||
description = "A tool for managing secrets, this binary includes the UI";
|
||||
platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ];
|
||||
license = licenses.mpl20;
|
||||
maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man ];
|
||||
maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man techknowlogick ];
|
||||
};
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user