cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #163152 from alyssais/tor-0.4.6.10

Browse source 
tor: 0.4.6.9 -> 0.4.6.10; fix updateScript
This commit is contained in:
Pavol Rusnak 2022-03-07 16:07:47 +01:00 committed by GitHub
commit 7455fbe52b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/tools/security/tor/default.nix
View file

@ -30,11 +30,11 @@ let
in
stdenv.mkDerivation rec {
pname = "tor";
version = "0.4.6.9";
version = "0.4.6.10";
src = fetchurl {
url = "https://dist.torproject.org/${pname}-${version}.tar.gz";
sha256 = "1ad99k4wysxrnlaprv7brxr2nc0h5zdnrh0rma10pqlck2037sf7";
sha256 = "lMzWDgTlWPM75zAyvITqJBZg+S9Yz7iHib2miTc54xw=";
};
outputs = [ "out" "geoip" ];

23
pkgs/tools/security/tor/update.nix
View file

@ -15,14 +15,11 @@ with lib;
let
downloadPageUrl = "https://dist.torproject.org";
# See https://www.torproject.org/docs/signing-keys.html
# See https://support.torproject.org/little-t-tor/#fetching-the-tor-developers-key
signingKeys = [
# Roger Dingledine
"B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5"
"F65C E37F 04BA 5B36 0AE6 EE17 C218 5258 19F7 8451"
# Nick Mathewson
"2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB"
"B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5"
"514102454D0A87DB0767A1EBBE6A0531C18A9179" # Alexander Færøy
"B74417EDDF22AC9F9E90F49142E86A2A11F48D36" # David Goulet
"2133BC600AB133E1D826D173FE43009C4607B1FB" # Nick Mathewson
];
in
@ -52,20 +49,24 @@ srcName=''${srcBase/.tar.gz/}
srcVers=(''${srcName//-/ })
version=''${srcVers[1]}
sigUrl=$srcUrl.asc
checksumUrl=$srcUrl.sha256sum
checksumFile=''${checksumUrl##*/}
sigUrl=$checksumUrl.asc
sigFile=''${sigUrl##*/}
# upstream does not support byte ranges ...
[[ -e "$srcFile" ]] || curl -L -o "$srcFile" -- "$srcUrl"
[[ -e "$checksumFile" ]] || curl -L -o "$checksumFile" -- "$checksumUrl"
[[ -e "$sigFile" ]] || curl -L -o "$sigFile" -- "$sigUrl"
export GNUPGHOME=$PWD/gnupg
mkdir -m 700 -p "$GNUPGHOME"
gpg --batch --recv-keys ${concatStringsSep " " (map (x: "'${x}'") signingKeys)}
gpg --batch --verify "$sigFile" "$srcFile"
gpg --batch --verify "$sigFile" "$checksumFile"
sha256=$(nix-hash --type sha256 --flat --base32 "$srcFile")
sha256sum -c "$checksumFile"
update-source-version tor "$version" "$sha256"
update-source-version tor "$version" "$(cut -d ' ' "$checksumFile")"
''