update-python-libraries: use sri-hash

2 years ago · 47c82c04ae
parent 54a44e4f77
commit 47c82c04ae
1 changed files with 9 additions and 3 deletions
--- a/pkgs/development/interpreters/python/update-python-libraries/update-python-libraries.py
+++ b/pkgs/development/interpreters/python/update-python-libraries/update-python-libraries.py
@ -340,13 +340,19 @@ def _update_package(path, target):
        raise ValueError("no file available for {}.".format(pname))

    text = _replace_value('version', new_version, text)
+    # hashes from pypi are 16-bit encoded sha256's, normalize it to sri to avoid merge conflicts
+    # sri hashes have been the default format since nix 2.4+
+    try:
+        sri_hash = subprocess.check_output(["nix", "hash", "to-sri", "--type", "sha256", new_sha256]).decode('utf-8').strip()
+    except subprocess.CalledProcessError:
+        # nix<2.4 compat
+        sri_hash = subprocess.check_output(["nix", "to-sri", "--type", "sha256", new_sha256]).decode('utf-8').strip()
+

    # fetchers can specify a sha256, or a sri hash
    try:
-        text = _replace_value('sha256', new_sha256, text)
+        text = _replace_value('sha256', sri_hash, text)
    except ValueError:
-        # hashes from pypi are 16-bit encoded sha256's, need translate to an sri hash if used with "hash"
-        sri_hash = subprocess.check_output(["nix", "hash", "to-sri", "--type", "sha256", new_sha256]).decode('utf-8').strip()
        text = _replace_value('hash', sri_hash, text)

    if fetcher == 'fetchFromGitHub':