electrum: implement crude updater

Takes care of the tedium of checking signatures & whatnot. Does not update checksum for the tests yet ... Usage $ nix-shell maintainers/scripts/update.nix --argstr package electrum Warning: dumps cruft to $PWD
5 years ago · fc1129c8af
parent c295ffa2cd
commit fc1129c8af
2 changed files with 88 additions and 1 deletions
--- a/pkgs/applications/misc/electrum/default.nix
+++ b/pkgs/applications/misc/electrum/default.nix
@ -1,4 +1,17 @@
-{ stdenv, fetchurl, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
+{ stdenv, fetchurl, fetchFromGitHub, python3, python3Packages, zbar, secp256k1
+
+
+# for updater.nix
+, writeScript
+, common-updater-scripts
+, bash
+, coreutils
+, curl
+, gnugrep
+, gnupg
+, gnused
+, nix
+}:

 let
  version = "3.3.6";
@ -85,6 +98,21 @@ python3Packages.buildPythonApplication rec {
    $out/bin/electrum help >/dev/null
  '';

+  passthru.updateScript = import ./update.nix {
+    inherit (stdenv) lib;
+    inherit
+      writeScript
+      common-updater-scripts
+      bash
+      coreutils
+      curl
+      gnupg
+      gnugrep
+      gnused
+      nix
+    ;
+  };
+
  meta = with stdenv.lib; {
    description = "A lightweight Bitcoin wallet";
    longDescription = ''
--- a/pkgs/applications/misc/electrum/update.nix
+++ b/pkgs/applications/misc/electrum/update.nix
@ -0,0 +1,59 @@
+{ lib
+, writeScript
+, common-updater-scripts
+, bash
+, coreutils
+, curl
+, gnugrep
+, gnupg
+, gnused
+, nix
+}:
+
+with lib;
+
+let
+  downloadPageUrl = "https://download.electrum.org";
+
+  signingKeys = ["6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6"];
+in
+
+writeScript "update-electrum" ''
+#! ${bash}/bin/bash
+
+set -eu -o pipefail
+
+export PATH=${makeBinPath [
+  common-updater-scripts
+  coreutils
+  curl
+  gnugrep
+  gnupg
+  gnused
+  nix
+]}
+
+version=$(curl -L --list-only -- '${downloadPageUrl}' \
+    | grep -Po '<a href="\K([[:digit:]]+\.?)+' \
+    | sort -Vu \
+    | tail -n1)
+
+srcName=Electrum-$version
+srcFile=$srcName.tar.gz
+srcUrl="${downloadPageUrl}/$version/$srcFile"
+sigUrl=$srcUrl.asc
+sigFile=$srcFile.asc
+
+[[ -e "$srcFile" ]] || curl -L -o "$srcFile" -- "$srcUrl"
+[[ -e "$sigFile" ]] || curl -L -o "$sigFile" -- "$sigUrl"
+
+export GNUPGHOME=$PWD/gnupg
+mkdir -m 700 -p "$GNUPGHOME"
+
+gpg --batch --recv-keys ${concatStringsSep " " (map (x: "'${x}'") signingKeys)}
+gpg --batch --verify "$sigFile" "$srcFile"
+
+sha256=$(nix-prefetch-url --type sha256 "file://$PWD/$srcFile")
+
+update-source-version electrum "$version" "$sha256"
+''