google-chrome: increase safety of update-script

(cherry picked from commit 751f923d7a4354661a5a23411fa6c3a7e498154b)
author: Jon Seager <jon@sgrs.uk> 2024-05-15 12:47:11 +0100
committer: Jon Seager <jon@sgrs.uk> 2024-05-16 07:10:29 +0100
commit: 6fbc4e0bfac3f51779f3bc067fa956c953fed179 (patch)
tree: fdfccc8962a9f97b9a2195151a53de98b282ef1c
parent: afb9014937e9bfb05f00f5b733152304bb19f435 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/pkgs/by-name/go/google-chrome/package.nix b/pkgs/by-name/go/google-chrome/package.nix
index ff54ecddd68e3..f0ad77a2bfcf2 100644
--- a/pkgs/by-name/go/google-chrome/package.nix
+++ b/pkgs/by-name/go/google-chrome/package.nix
@@ -146,10 +146,11 @@ in stdenv.mkDerivation (finalAttrs: {
     updateScript = writeScript "update-google-chrome.sh" ''
       #!/usr/bin/env nix-shell
       #!nix-shell -i bash -p curl jq common-updater-scripts
+      set -euo pipefail
       url="https://versionhistory.googleapis.com/v1/chrome/platforms/linux/channels/stable/versions/all/releases"
-      response=$(curl --silent $url)
-      version=$(jq ".releases[0].version" --raw-output <<< "$response")
-      update-source-version ${finalAttrs.pname} "$version" --ignore-same-hash
+      response="$(curl --silent --fail $url)"
+      version="$(jq ".releases[0].version" --raw-output <<< $response)"
+      update-source-version ${finalAttrs.pname} $version --ignore-same-hash
     '';
   };
author	Jon Seager <jon@sgrs.uk>	2024-05-15 12:47:11 +0100
committer	Jon Seager <jon@sgrs.uk>	2024-05-16 07:10:29 +0100
commit	6fbc4e0bfac3f51779f3bc067fa956c953fed179 (patch)
tree	fdfccc8962a9f97b9a2195151a53de98b282ef1c
parent	afb9014937e9bfb05f00f5b733152304bb19f435 (diff)