diff options
Diffstat (limited to 'pkgs/tools/security/vault/update-bin.sh')
-rw-r--r-- | pkgs/tools/security/vault/update-bin.sh | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/pkgs/tools/security/vault/update-bin.sh b/pkgs/tools/security/vault/update-bin.sh new file mode 100644 index 0000000000000..25f41e2aad127 --- /dev/null +++ b/pkgs/tools/security/vault/update-bin.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl gnused gawk nix-prefetch + +set -euo pipefail + +ROOT="$(dirname "$(readlink -f "$0")")" +NIX_DRV="$ROOT/vault-bin.nix" +if [ ! -f "$NIX_DRV" ]; then + echo "ERROR: cannot find vault-bin in $ROOT" + exit 1 +fi + +fetch_arch() { + VER="$1"; ARCH="$2" + URL="https://releases.hashicorp.com/vault/${VER}/vault_${VER}_${ARCH}.zip" + nix-prefetch "{ stdenv, fetchzip }: +stdenv.mkDerivation rec { + pname = \"vault-bin\"; version = \"${VER}\"; + src = fetchzip { url = \"$URL\"; }; +} +" +} + +replace_sha() { + sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" +} + +# https://releases.hashicorp.com/vault/1.9.4/vault_1.9.4_linux_arm64.zip +VAULT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/vault/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//') + +VAULT_LINUX_X86_SHA256=$(fetch_arch "$VAULT_VER" "linux_386") +VAULT_LINUX_X64_SHA256=$(fetch_arch "$VAULT_VER" "linux_amd64") +VAULT_DARWIN_X64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_amd64") +VAULT_LINUX_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "linux_arm64") +VAULT_DARWIN_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_arm64") + +sed -i "s/version = \".*\"/version = \"$VAULT_VER\"/" "$NIX_DRV" + +replace_sha "i686-linux" "$VAULT_LINUX_X86_SHA256" +replace_sha "x86_64-linux" "$VAULT_LINUX_X64_SHA256" +replace_sha "x86_64-darwin" "$VAULT_DARWIN_X64_SHA256" +replace_sha "aarch64-linux" "$VAULT_LINUX_AARCH64_SHA256" +replace_sha "aarch64-darwin" "$VAULT_DARWIN_AARCH64_SHA256" |