Created
April 9, 2017 01:55
-
-
Save williamyaoh/b2da6376f15a4f6b047f3286ef0e69e8 to your computer and use it in GitHub Desktop.
Nix fetchTarball with SHA256 sum checking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We expect the tarball to only contain a single directory, the | |
| # same way that the builtin `fetchTarball' does. | |
| { stdenv, nix }: | |
| { url, | |
| # Name we label this derivation with. | |
| name, | |
| # Hash of *extracted output directory*, | |
| # as generated by `nix-hash --type sha256 --base32'. | |
| sha256 | |
| }: | |
| stdenv.mkDerivation { | |
| inherit name sha256; | |
| tarfile = builtins.fetchurl url; | |
| buildInputs = [ nix ]; | |
| builder = ./fetchTar.sh; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| source $stdenv/setup | |
| # We're currently in a temporary directory which we can use to | |
| # extract the tar file and check its hash. | |
| mkdir ./extract | |
| tar -xf $tarfile -C ./extract | |
| EXTRACTED=$(echo ./extract/*) | |
| >&2 echo "checking hash of $TMPDIR/$EXTRACTED/..." | |
| HASH=$(nix-hash --type sha256 --base32 $EXTRACTED) | |
| if [ "$HASH" != "$sha256" ]; then | |
| >&2 echo " got sha256 hash \`$HASH'" | |
| >&2 echo " but expected hash \`$sha256'" | |
| exit 1 | |
| fi | |
| mv -f $EXTRACTED $out |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment