fix: pin down all binaries outside of coreutils
The default sed was having trouble with newline splitting on MacOS.
This commit is contained in:
parent
a704a85cbd
commit
0b6987f914
1 changed files with 20 additions and 9 deletions
|
@ -1,10 +1,21 @@
|
||||||
{writeShellScriptBin, runtimeShell, pkgs} :
|
{
|
||||||
|
writeShellScriptBin,
|
||||||
|
runtimeShell,
|
||||||
|
callPackage,
|
||||||
|
rage,
|
||||||
|
gnused,
|
||||||
|
nix,
|
||||||
|
mktemp,
|
||||||
|
} :
|
||||||
let
|
let
|
||||||
# we need at least rage 0.5.0 to support ssh keys
|
# we need at least rage 0.5.0 to support ssh keys
|
||||||
rage = if pkgs.rage.version < "0.5.0"
|
rageToUse = if rage.version < "0.5.0"
|
||||||
then pkgs.callPackage ./rage.nix {}
|
then callPackage ./rage.nix {}
|
||||||
else pkgs.rage;
|
else rage;
|
||||||
ageBin = "${rage}/bin/rage";
|
ageBin = "${rageToUse}/bin/rage";
|
||||||
|
sedBin = "${gnused}/bin/sed";
|
||||||
|
nixInstantiate = "${nix}/bin/nix-instantiate";
|
||||||
|
mktempBin = "${mktemp}/bin/mktemp";
|
||||||
in
|
in
|
||||||
writeShellScriptBin "agenix" ''
|
writeShellScriptBin "agenix" ''
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
|
@ -99,7 +110,7 @@ trap "cleanup" 0 2 3 15
|
||||||
|
|
||||||
function edit {
|
function edit {
|
||||||
FILE=$1
|
FILE=$1
|
||||||
KEYS=$((nix-instantiate --eval -E "(let rules = import $RULES; in builtins.concatStringsSep \"\n\" rules.\"$FILE\".publicKeys)" | sed 's/"//g' | sed 's/\\n/\n/g') || exit 1)
|
KEYS=$((${nixInstantiate} --eval -E "(let rules = import $RULES; in builtins.concatStringsSep \"\n\" rules.\"$FILE\".publicKeys)" | ${sedBin} 's/"//g' | ${sedBin} 's/\\n/\n/g') || exit 1)
|
||||||
|
|
||||||
if [ -z "$KEYS" ]
|
if [ -z "$KEYS" ]
|
||||||
then
|
then
|
||||||
|
@ -107,7 +118,7 @@ function edit {
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
CLEARTEXT_DIR=$(mktemp -d)
|
CLEARTEXT_DIR=$(${mktempBin} -d)
|
||||||
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename "$FILE")"
|
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename "$FILE")"
|
||||||
|
|
||||||
if [ -f "$FILE" ]
|
if [ -f "$FILE" ]
|
||||||
|
@ -143,7 +154,7 @@ function edit {
|
||||||
ENCRYPT+=(--recipient "$key")
|
ENCRYPT+=(--recipient "$key")
|
||||||
done <<< "$KEYS"
|
done <<< "$KEYS"
|
||||||
|
|
||||||
REENCRYPTED_DIR=$(mktemp -d)
|
REENCRYPTED_DIR=$(${mktempBin} -d)
|
||||||
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename "$FILE")"
|
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename "$FILE")"
|
||||||
|
|
||||||
ENCRYPT+=(-o "$REENCRYPTED_FILE")
|
ENCRYPT+=(-o "$REENCRYPTED_FILE")
|
||||||
|
@ -154,7 +165,7 @@ function edit {
|
||||||
}
|
}
|
||||||
|
|
||||||
function rekey {
|
function rekey {
|
||||||
FILES=$((nix-instantiate --eval -E "(let rules = import $RULES; in builtins.concatStringsSep \"\n\" (builtins.attrNames rules))" | sed 's/"//g' | sed 's/\\n/\n/g') || exit 1)
|
FILES=$((${nixInstantiate} --eval -E "(let rules = import $RULES; in builtins.concatStringsSep \"\n\" (builtins.attrNames rules))" | sed 's/"//g' | sed 's/\\n/\n/g') || exit 1)
|
||||||
|
|
||||||
for FILE in $FILES
|
for FILE in $FILES
|
||||||
do
|
do
|
||||||
|
|
Loading…
Reference in a new issue