nix-helpers: 494ad4dbfdd3301d49b42af40966d59bf8126fc6
1: {
2: hackageIndex,
3: jq,
4: lib,
5: writeScriptBin,
6: }:
7: writeScriptBin "curl" ''
8: #!/bin/sh
9: set -e
10: set -o pipefail
11: export PATH="${jq}/bin:$PATH"
12:
13: # Remember which file is being requested
14: F=$(basename "$1")
15:
16: # Helper functions, to output the required file contents
17:
18: function sha { sha256sum - | cut -d' ' -f1; }
19: function md5 { md5sum - | cut -d' ' -f1; }
20:
21: function root {
22: echo '${
23: builtins.toJSON {
24: signatures = [ ];
25: signed = {
26: _type = "Root";
27: expires = "9999-01-01T00:00:00Z";
28: keys = { };
29: version = 5;
30: roles =
31: lib.genAttrs
32: [
33: "mirrors"
34: "root"
35: "snapshot"
36: "targets"
37: "timestamp"
38: ]
39: (_: {
40: keyids = [ ];
41: threshold = 0;
42: });
43: };
44: }
45: }'
46: }
47:
48: function mirrors {
49: echo '${
50: builtins.toJSON {
51: signatures = [ ];
52: signed = {
53: _type = "Mirrorlist";
54: expires = "9999-01-01T00:00:00Z";
55: mirrors = [ ];
56: version = 1;
57: };
58: }
59: }'
60: }
61:
62: function snapshot {
63: # This can take a few seconds, to hash the index twice
64: echo '${
65: builtins.toJSON {
66: signatures = [ ];
67: signed = {
68: _type = "Snapshot";
69: expires = "9999-01-01T00:00:00Z";
70: version = 1;
71: meta = {
72: "<repo>/01-index.tar.gz".hashes = { };
73: "<repo>/mirrors.json".hashes = { };
74: "<repo>/root.json".hashes = { };
75: };
76: };
77: }
78: }' | jq --argjson rlen "$(root | wc -c )" \
79: --argjson mlen "$(mirrors | wc -c )" \
80: --argjson zlen "$(stat -c '%s' ${hackageIndex})" \
81: --arg rmd5 "$(root | md5 )" \
82: --arg mmd5 "$(mirrors | md5 )" \
83: --arg zmd5 "$(md5 < ${hackageIndex})" \
84: --arg rsha "$(root | sha )" \
85: --arg msha "$(mirrors | sha )" \
86: --arg zsha "$(sha < ${hackageIndex})" \
87: '(.signed.meta["<repo>/root.json" ] |= {
88: "length": $rlen,
89: "hashes": { "md5": $rmd5, "sha256": $rsha }
90: }) |
91: (.signed.meta["<repo>/mirrors.json" ] |= {
92: "length": $mlen,
93: "hashes": { "md5": $mmd5, "sha256": $msha }
94: }) |
95: (.signed.meta["<repo>/01-index.tar.gz"] |= {
96: "length": $zlen,
97: "hashes": { "md5": $zmd5, "sha256": $zsha }
98: })'
99: }
100:
101: function timestamp {
102: # Calculate snapshot.json once, to avoid re-hashing the index
103: S=$(snapshot)
104: echo '${
105: builtins.toJSON {
106: signatures = [ ];
107: signed = {
108: _type = "Timestamp";
109: expires = "9999-01-01T00:00:00Z";
110: meta."<repo>/snapshot.json".hashes = { };
111: version = 1;
112: };
113: }
114: }' | jq --argjson len "$(echo "$S" | wc -c)" \
115: --arg md5 "$(echo "$S" | md5 )" \
116: --arg sha "$(echo "$S" | sha )" \
117: '(.signed.meta["<repo>/snapshot.json"] |= {
118: "length": $len,
119: "hashes": { "md5": $md5, "sha256": $sha }
120: })'
121: }
122:
123: # Grab the output file paths requested by Cabal, and write empty headers
124: while [[ "$#" -gt 0 ]]
125: do
126: echo "$@" 1>&2
127: case "$1" in
128: --output)
129: OUTPUT="$2"
130: shift 2
131: ;;
132: --dump-header)
133: touch "$2"
134: shift 2
135: ;;
136: *)
137: shift
138: ;;
139: esac
140: done
141:
142: # Write the desired content to the output path Cabal is expecting
143: case "$F" in
144: *.json)
145: case "$F" in
146: *root.json) root;;
147: *mirrors.json) mirrors;;
148: *snapshot.json) snapshot;;
149: *timestamp.json) timestamp;;
150: esac > "$OUTPUT"
151: ;;
152: *index.tar.gz) cp ${hackageIndex} "$OUTPUT";;
153: *)
154: echo "UNKNOWN FILE REQUESTED '$F'" 1>&2
155: exit 1
156: ;;
157: esac
158:
159: # Finish with a "success" HTTP code
160: echo 200
161: ''
Generated by git2html.