parent
1474f873f7
commit
6a19b8547a
@ -0,0 +1,52 @@ |
||||
{ stdenv, lib, fetchzip }: |
||||
|
||||
let |
||||
inherit (stdenv.hostPlatform) system; |
||||
suffix = { |
||||
x86_64-linux = "linux_amd64"; |
||||
aarch64-linux = "linux_arm64"; |
||||
x86_64-darwin = "darwin_amd64"; |
||||
}."${system}" or (throw "Unsupported system: ${system}"); |
||||
fetchsrc = version: sha256: fetchzip { |
||||
url = "https://releases.hashicorp.com/boundary/${version}/boundary_${version}_${suffix}.zip"; |
||||
sha256 = sha256."${system}"; |
||||
}; |
||||
in |
||||
stdenv.mkDerivation rec { |
||||
pname = "boundary"; |
||||
version = "0.1.4"; |
||||
|
||||
src = fetchsrc version { |
||||
x86_64-linux = "sha256-+YGXSyaGhfNk+T5P7wCqsNEYwpV/Oet7kOM8OPC1A6I="; |
||||
aarch64-linux = "sha256-tikxRBF2Y+urv7S1EUu2d60twZWox1pI96yYX357r8o="; |
||||
x86_64-darwin = "sha256-N+6iiybnWZkruhUe9TRcGaq5xES/iHzlEVGcghT4EUc="; |
||||
}; |
||||
|
||||
dontConfigure = true; |
||||
dontBuild = true; |
||||
|
||||
installPhase = '' |
||||
install -D boundary $out/bin/boundary |
||||
''; |
||||
|
||||
dontPatchELF = true; |
||||
dontPatchShebangs = true; |
||||
|
||||
meta = with lib; { |
||||
homepage = "https://boundaryproject.io/"; |
||||
changelog = "https://github.com/hashicorp/boundary/blob/v${version}/CHANGELOG.md"; |
||||
description = "Enables identity-based access management for dynamic infrastructure"; |
||||
longDescription = '' |
||||
Boundary provides a secure way to access hosts and critical systems |
||||
without having to manage credentials or expose your network, and is |
||||
entirely open source. |
||||
|
||||
Boundary is designed to be straightforward to understand, highly scalable, |
||||
and resilient. It can run in clouds, on-prem, secure enclaves and more, |
||||
and does not require an agent to be installed on every end host. |
||||
''; |
||||
license = licenses.mpl20; |
||||
maintainers = with maintainers; [ jk ]; |
||||
platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ]; |
||||
}; |
||||
} |
@ -0,0 +1,39 @@ |
||||
#!/usr/bin/env nix-shell |
||||
#!nix-shell -i bash -p curl gnused gawk nix-prefetch |
||||
|
||||
set -euo pipefail |
||||
|
||||
ROOT="$(dirname "$(readlink -f "$0")")" |
||||
NIX_DRV="$ROOT/default.nix" |
||||
if [ ! -f "$NIX_DRV" ]; then |
||||
echo "ERROR: cannot find default.nix in $ROOT" |
||||
exit 1 |
||||
fi |
||||
|
||||
fetch_arch() { |
||||
VER="$1"; ARCH="$2" |
||||
URL="https://releases.hashicorp.com/boundary/${VER}/boundary_${VER}_${ARCH}.zip" |
||||
nix-prefetch "{ stdenv, fetchzip }: |
||||
stdenv.mkDerivation rec { |
||||
pname = \"boundary\"; version = \"${VER}\"; |
||||
src = fetchzip { url = \"$URL\"; }; |
||||
} |
||||
" |
||||
} |
||||
|
||||
replace_sha() { |
||||
sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV" |
||||
} |
||||
|
||||
# https://releases.hashicorp.com/boundary/0.1.4/boundary_0.1.4_linux_amd64.zip |
||||
BOUNDARY_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/boundary/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//') |
||||
|
||||
BOUNDARY_LINUX_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_amd64") |
||||
BOUNDARY_DARWIN_X64_SHA256=$(fetch_arch "$BOUNDARY_VER" "darwin_amd64") |
||||
BOUNDARY_LINUX_AARCH64_SHA256=$(fetch_arch "$BOUNDARY_VER" "linux_arm64") |
||||
|
||||
sed -i "s/version = \".*\"/version = \"$BOUNDARY_VER\"/" "$NIX_DRV" |
||||
|
||||
replace_sha "x86_64-linux" "$BOUNDARY_LINUX_X64_SHA256" |
||||
replace_sha "x86_64-darwin" "$BOUNDARY_DARWIN_X64_SHA256" |
||||
replace_sha "aarch64-linux" "$BOUNDARY_LINUX_AARCH64_SHA256" |
Loading…
Reference in new issue