nix-helpers: dae3574d0a075c084cc8a2361052db1fd1396d64
1: { hackageIndex, jq, lib, writeScriptBin }:
2: writeScriptBin "curl" ''
3: #!/bin/sh
4: set -e
5: set -o pipefail
6: export PATH="${jq}/bin:$PATH"
7:
8: # Remember which file is being requested
9: F=$(basename "$1")
10:
11: # Helper functions, to output the required file contents
12:
13: function sha { sha256sum - | cut -d' ' -f1; }
14: function md5 { md5sum - | cut -d' ' -f1; }
15:
16: function root {
17: echo '${
18: builtins.toJSON {
19: signatures = [ ];
20: signed = {
21: _type = "Root";
22: expires = "9999-01-01T00:00:00Z";
23: keys = { };
24: version = 5;
25: roles =
26: lib.genAttrs [ "mirrors" "root" "snapshot" "targets" "timestamp" ]
27: (_: {
28: keyids = [ ];
29: threshold = 0;
30: });
31: };
32: }
33: }'
34: }
35:
36: function mirrors {
37: echo '${
38: builtins.toJSON {
39: signatures = [ ];
40: signed = {
41: _type = "Mirrorlist";
42: expires = "9999-01-01T00:00:00Z";
43: mirrors = [ ];
44: version = 1;
45: };
46: }
47: }'
48: }
49:
50: function snapshot {
51: # This can take a few seconds, to hash the index twice
52: echo '${
53: builtins.toJSON {
54: signatures = [ ];
55: signed = {
56: _type = "Snapshot";
57: expires = "9999-01-01T00:00:00Z";
58: version = 1;
59: meta = {
60: "<repo>/01-index.tar.gz".hashes = { };
61: "<repo>/mirrors.json".hashes = { };
62: "<repo>/root.json".hashes = { };
63: };
64: };
65: }
66: }' | jq --argjson rlen "$(root | wc -c )" \
67: --argjson mlen "$(mirrors | wc -c )" \
68: --argjson zlen "$(stat -c '%s' ${hackageIndex})" \
69: --arg rmd5 "$(root | md5 )" \
70: --arg mmd5 "$(mirrors | md5 )" \
71: --arg zmd5 "$(md5 < ${hackageIndex})" \
72: --arg rsha "$(root | sha )" \
73: --arg msha "$(mirrors | sha )" \
74: --arg zsha "$(sha < ${hackageIndex})" \
75: '(.signed.meta["<repo>/root.json" ] |= {
76: "length": $rlen,
77: "hashes": { "md5": $rmd5, "sha256": $rsha }
78: }) |
79: (.signed.meta["<repo>/mirrors.json" ] |= {
80: "length": $mlen,
81: "hashes": { "md5": $mmd5, "sha256": $msha }
82: }) |
83: (.signed.meta["<repo>/01-index.tar.gz"] |= {
84: "length": $zlen,
85: "hashes": { "md5": $zmd5, "sha256": $zsha }
86: })'
87: }
88:
89: function timestamp {
90: # Calculate snapshot.json once, to avoid re-hashing the index
91: S=$(snapshot)
92: echo '${
93: builtins.toJSON {
94: signatures = [ ];
95: signed = {
96: _type = "Timestamp";
97: expires = "9999-01-01T00:00:00Z";
98: meta."<repo>/snapshot.json".hashes = { };
99: version = 1;
100: };
101: }
102: }' | jq --argjson len "$(echo "$S" | wc -c)" \
103: --arg md5 "$(echo "$S" | md5 )" \
104: --arg sha "$(echo "$S" | sha )" \
105: '(.signed.meta["<repo>/snapshot.json"] |= {
106: "length": $len,
107: "hashes": { "md5": $md5, "sha256": $sha }
108: })'
109: }
110:
111: # Grab the output file paths requested by Cabal, and write empty headers
112: while [[ "$#" -gt 0 ]]
113: do
114: echo "$@" 1>&2
115: case "$1" in
116: --output)
117: OUTPUT="$2"
118: shift 2
119: ;;
120: --dump-header)
121: touch "$2"
122: shift 2
123: ;;
124: *)
125: shift
126: ;;
127: esac
128: done
129:
130: # Write the desired content to the output path Cabal is expecting
131: case "$F" in
132: *.json)
133: case "$F" in
134: *root.json) root;;
135: *mirrors.json) mirrors;;
136: *snapshot.json) snapshot;;
137: *timestamp.json) timestamp;;
138: esac > "$OUTPUT"
139: ;;
140: *index.tar.gz) cp ${hackageIndex} "$OUTPUT";;
141: *)
142: echo "UNKNOWN FILE REQUESTED '$F'" 1>&2
143: exit 1
144: ;;
145: esac
146:
147: # Finish with a "success" HTTP code
148: echo 200
149: ''
Generated by git2html.