-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flake-module.nix
76 lines (73 loc) · 2.05 KB
/
flake-module.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
{
self,
config,
lib,
flake-parts-lib,
...
}: let
inherit (flake-parts-lib) mkPerSystemOption;
inherit (lib) mkOption types;
in {
options = {
perSystem = mkPerSystemOption ({
config,
pkgs,
...
}: {
options.go-sri-hashes = mkOption {
description = ''
Automatically regenerate a nix package SRI hash for a go.mod.
This flake module uses the nardump program from
tailscale's flake to generate a subresource integrity hash
that can be used as a vendorHash parameter in a
buildGoModule invocation.
Each entry in this attrset is the basename of a .sri file,
giving options for how to prepare a vendorHash.
'';
type = types.lazyAttrsOf (types.submodule {
options = {
subdir = mkOption {
type = types.str;
description = "Relative pathname under which to find the go.mod file.";
default = ".";
};
};
});
default = {};
};
});
};
config = {
perSystem = {
config,
self',
inputs',
pkgs,
lib,
...
}: {
apps =
lib.mapAttrs' (name: {subdir}: {
name = "generate-sri-${name}";
value.program = pkgs.writeShellApplication {
name = "generate-go-sri-${name}";
runtimeInputs = [inputs'.generate-go-sri.packages.nardump pkgs.coreutils];
text = ''
set -x
temp="$(mktemp -d)"
generated="$(mktemp -p . -t .generate-sri-${name}-XXXXXXX)";
cleanup() {
if [ -d "$temp" ] ; then rm -rf "$temp" ; fi
if [ -f "$generated" ] ; then rm -f "$generated" ; fi
}
trap 'cleanup' EXIT
cd ${lib.escapeShellArg subdir} && go mod vendor -o "$temp"
nardump -sri "$temp" >"$generated"
mv "$generated" ${lib.escapeShellArg name}.sri
'';
};
})
config.go-sri-hashes;
};
};
}