vaultwarden.updateScript: make compatible with webvault built from source

author: Robert Schütz <nix@dotlambda.de> 2023-02-16 12:30:51 -0800
committer: Robert Schütz <nix@dotlambda.de> 2023-02-16 14:38:48 -0800
commit: fa644ef3432452feaa753bf569acbdbbb905df99 (patch)
tree: 2571bbf226409398f45afa43358eeaacf9978968 /pkgs/tools/security
parent: c6e2fbf1a2193d89675252314fa4d27b5ac6fff5 (diff)
2 files changed, 13 insertions, 3 deletions
diff --git a/pkgs/tools/security/vaultwarden/update.nix b/pkgs/tools/security/vaultwarden/update.nix
index 0fc4b45a1296c..44af26ada0d8e 100644
--- a/pkgs/tools/security/vaultwarden/update.nix
+++ b/pkgs/tools/security/vaultwarden/update.nix
@@ -1,5 +1,7 @@
 { writeShellScript
 , lib
+, nix
+, nix-prefetch-git
 , nix-update
 , curl
 , git
@@ -9,7 +11,7 @@
 }:
 
 writeShellScript "update-vaultwarden" ''
-  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]}
+  PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix nix-prefetch-git nix-update ]}
 
   set -euxo pipefail
 
@@ -17,6 +19,11 @@ writeShellScript "update-vaultwarden" ''
   nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
 
   URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2"
-  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/")
+  WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"v([^\"]+)\".*/\\1/")
+  old_hash_bw=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.src.outputHash)
+  old_hash_vw=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)
+  new_hash_bw=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/bitwarden/clients.git --rev "web-v$WEBVAULT_VERSION" | jq --raw-output ".sha256"))
+  new_hash_vw=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256"))
+  sed -e "s#$old_hash_bw#$new_hash_bw#" -e "s#$old_hash_vw#$new_hash_vw#" -i pkgs/tools/security/vaultwarden/webvault.nix
   nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
 ''
diff --git a/pkgs/tools/security/vaultwarden/webvault.nix b/pkgs/tools/security/vaultwarden/webvault.nix
index 4e25c6f572fee..28b60517ad655 100644
--- a/pkgs/tools/security/vaultwarden/webvault.nix
+++ b/pkgs/tools/security/vaultwarden/webvault.nix
@@ -58,7 +58,10 @@ in buildNpmPackage' {
     runHook postInstall
   '';
 
-  passthru.tests = nixosTests.vaultwarden;
+  passthru = {
+    inherit bw_web_builds;
+    tests = nixosTests.vaultwarden;
+  };
 
   meta = with lib; {
     description = "Integrates the web vault into vaultwarden";
author	Robert Schütz <nix@dotlambda.de>	2023-02-16 12:30:51 -0800
committer	Robert Schütz <nix@dotlambda.de>	2023-02-16 14:38:48 -0800
commit	fa644ef3432452feaa753bf569acbdbbb905df99 (patch)
tree	2571bbf226409398f45afa43358eeaacf9978968 /pkgs/tools/security
parent	c6e2fbf1a2193d89675252314fa4d27b5ac6fff5 (diff)