From e1728ff7f53cc75f4ae228faae9088452d7063b3 Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Mon, 15 Apr 2024 13:21:38 -0300 Subject: [PATCH 1/2] fluxcd: use SRI hash in update script --- pkgs/applications/networking/cluster/fluxcd/update.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/applications/networking/cluster/fluxcd/update.sh b/pkgs/applications/networking/cluster/fluxcd/update.sh index f252d587daaf..1763b37d3328 100755 --- a/pkgs/applications/networking/cluster/fluxcd/update.sh +++ b/pkgs/applications/networking/cluster/fluxcd/update.sh @@ -12,7 +12,9 @@ LATEST_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//') if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/archive/refs/tags/${LATEST_TAG}.tar.gz) + SHA256=$(nix hash to-sri --type sha256 $SHA256) SPEC_SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/fluxcd/flux2/releases/download/${LATEST_TAG}/manifests.tar.gz) + SPEC_SHA256=$(nix hash to-sri --type sha256 $SPEC_SHA256) setKV () { sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${FLUXCD_PATH}/default.nix" From 7801483ab9e2587bdeef6cc5d7da7e7e499851e1 Mon Sep 17 00:00:00 2001 From: superherointj <5861043+superherointj@users.noreply.github.com> Date: Mon, 15 Apr 2024 13:25:38 -0300 Subject: [PATCH 2/2] fluxcd: convert hashes to SRI --- pkgs/applications/networking/cluster/fluxcd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/cluster/fluxcd/default.nix b/pkgs/applications/networking/cluster/fluxcd/default.nix index 709ab087d26a..3f3b08f39814 100644 --- a/pkgs/applications/networking/cluster/fluxcd/default.nix +++ b/pkgs/applications/networking/cluster/fluxcd/default.nix @@ -8,8 +8,8 @@ let version = "2.2.3"; - sha256 = "12rrai56hl86213lsi8i4qrah0v7a36nks38g5373imyl9g497ym"; - manifestsSha256 = "1hmzmzijpx49hh2ykv7vw3jp02dxr4qn3r1dma56g7b4nbk7aa8x"; + sha256 = "sha256-1Z9EXqK+xnFGeWjoac1QZwOoMiYRRU1HEAZRaEpUOYs="; + manifestsSha256 = "sha256-HSl15rJknWeKqi3kYTHJvQlw5eD77OkFhIn0K+Ovv8I="; manifests = fetchzip { url =