diff options
author | Tim Steinbach <tim@nequissimus.com> | 2020-10-15 19:34:49 -0400 |
---|---|---|
committer | Tim Steinbach <tim@nequissimus.com> | 2020-10-15 19:34:49 -0400 |
commit | d63ddacf9355e754d9dc9c1d2b4646fe78aa5cca (patch) | |
tree | 207434e3b9fb83e00a06abda6631aed0416dadab /pkgs/shells/bash/update-patch-set.sh | |
parent | 95b55f6e7c034ee2e7845a7829793376c109062d (diff) |
bash: Use nix-shell in update script
The script assumed that `wget` was available in the environment
along with common CA certificates.
Replaced the detection of GPG, which is not necessary anymore.
Added pulling the public key bash releases and patches are signed with,
without which we cannot verify signatures.
Diffstat (limited to 'pkgs/shells/bash/update-patch-set.sh')
-rwxr-xr-x | pkgs/shells/bash/update-patch-set.sh | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/pkgs/shells/bash/update-patch-set.sh b/pkgs/shells/bash/update-patch-set.sh index 003c7a26d201..cb4f372f5433 100755 --- a/pkgs/shells/bash/update-patch-set.sh +++ b/pkgs/shells/bash/update-patch-set.sh @@ -1,4 +1,5 @@ -#!/bin/sh +#!/usr/bin/env nix-shell +#!nix-shell --pure -i bash -p wget -p gnupg -p cacert # Update patch set for GNU Bash or Readline. @@ -14,8 +15,6 @@ fi PROJECT="$1" VERSION="$2" VERSION_CONDENSED="$(echo $VERSION | sed -es/\\.//g)" - -GPG="$(if $(type -P gpg2 > /dev/null); then echo gpg2; else echo gpg; fi)" PATCH_LIST="$PROJECT-$VERSION-patches.nix" set -e @@ -25,6 +24,12 @@ end=100 # must be > 99 for correct padding rm -vf "$PATCH_LIST" +wget "https://tiswww.case.edu/php/chet/gpgkey.asc" +echo "4ef5051ce7200241e65d29c11eb57df8 gpgkey.asc" > gpgkey.asc.md5 +md5sum -c gpgkey.asc.md5 +gpg --import ./gpgkey.asc +rm gpgkey.asc{,.md5} + ( echo "# Automatically generated by \`$(basename $0)'; do not edit." ; \ echo "" ; \ echo "patch: [" ) \ @@ -34,7 +39,7 @@ for i in `seq -w $start $end` do wget ftp.gnu.org/gnu/$PROJECT/$PROJECT-$VERSION-patches/$PROJECT$VERSION_CONDENSED-$i || break wget ftp.gnu.org/gnu/$PROJECT/$PROJECT-$VERSION-patches/$PROJECT$VERSION_CONDENSED-$i.sig - "$GPG" --verify $PROJECT$VERSION_CONDENSED-$i.sig + gpg --verify $PROJECT$VERSION_CONDENSED-$i.sig echo "(patch \"$i\" \"$(nix-hash --flat --type sha256 --base32 $PROJECT$VERSION_CONDENSED-$i)\")" \ >> "$PATCH_LIST" |