diff options
author | sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> | 2021-04-13 23:30:21 +0200 |
---|---|---|
committer | sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> | 2021-04-13 23:30:21 +0200 |
commit | 67e0540e443706624fff62605f6a632226e95fb4 (patch) | |
tree | ecd6554f5aadaba1705e28006c370aa5db55682f /pkgs/sternenseemann/build-git-tarball | |
parent | aeb3813d405eb77e804b350e9f51c88dd4e464c2 (diff) |
pkgs/sternenseemann: add release tarball tooling
The following nix functions allow easily creating derivations for building a signed releases directory for project(s) to be served via e. g. HTTP. * buildGitTarball: builds a reproducible .tar.gz for a given git revision or tag (similar to git archive, but we don't actually reuse it in favor of fetchgit). * bundleSignedReleases: symlinks tarballs generated using buildGitTarball and accompanying (manually provided) signatures into a directory and verifies the signatures to ensure buildGitTarball is donig what it's supposed to.
Diffstat (limited to 'pkgs/sternenseemann/build-git-tarball')
-rw-r--r-- | pkgs/sternenseemann/build-git-tarball/default.nix | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/pkgs/sternenseemann/build-git-tarball/default.nix b/pkgs/sternenseemann/build-git-tarball/default.nix new file mode 100644 index 00000000..816ad9e2 --- /dev/null +++ b/pkgs/sternenseemann/build-git-tarball/default.nix @@ -0,0 +1,41 @@ +# Build a reproducible tar.gz from a git revision or tag +{ lib +, fetchgit +, runCommandNoCC +, gnutar +, gzip +, getBins +}: + +{ url +, sha256 +, pname +, subDir ? "" +, ... +}@args: + +assert lib.assertMsg (args ? rev || args ? tag) "Need either rev or tag"; + +let + bins = getBins gzip [ "gzip" ] + // getBins gnutar [ "tar" ] + ; + + shortRev = args.tag or args.rev; + realRev = + if args ? tag + then "refs/tags/${args.tag}" + else args.rev; + + source = fetchgit { + inherit url sha256; + rev = realRev; + }; + + basename = "${pname}-${shortRev}"; +in + +runCommandNoCC "${basename}.tar.gz" {} '' + cd ${source}${subDir} + ${bins.tar} -c ./ --transform 's/^\./${basename}/' | ${bins.gzip} > $out +'' |