From a46aa18e36489dac5360ed1d910a32e205e7423c Mon Sep 17 00:00:00 2001 From: sinavir Date: Thu, 11 May 2023 19:35:02 +0200 Subject: [PATCH] init reproducibilty --- npins/default.nix | 47 ++++++++++++++++++++++++++++++++++++++++++++++ npins/sources.json | 24 +++++++++++++++++++++++ shell.nix | 6 ++++++ 3 files changed, 77 insertions(+) create mode 100644 npins/default.nix create mode 100644 npins/sources.json create mode 100644 shell.nix diff --git a/npins/default.nix b/npins/default.nix new file mode 100644 index 0000000..4a7c372 --- /dev/null +++ b/npins/default.nix @@ -0,0 +1,47 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = spec: + assert spec ? type; let + path = + if spec.type == "Git" then mkGitSource spec + else if spec.type == "GitRelease" then mkGitSource spec + else if spec.type == "PyPi" then mkPyPiSource spec + else if spec.type == "Channel" then mkChannelSource spec + else builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = { repository, revision, url ? null, hash, ... }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else assert repository.type == "Git"; builtins.fetchGit { + url = repository.url; + rev = revision; + # hash = hash; + }; + + mkPyPiSource = { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json new file mode 100644 index 0000000..31e5d7f --- /dev/null +++ b/npins/sources.json @@ -0,0 +1,24 @@ +{ + "pins": { + "krops": { + "type": "GitRelease", + "repository": { + "type": "Git", + "url": "https://cgit.krebsco.de/krops" + }, + "pre_releases": false, + "version_upper_bound": null, + "version": "1.28.2", + "revision": "59aa5d0e41cf4a6d4356673feb1adbd0fcf68936", + "url": null, + "hash": "1a2pgg52y577lpvg2kcyblr2lgjij1l2d4vv1i8xd5gmsaphcfji" + }, + "nixpkgs": { + "type": "Channel", + "name": "nixpkgs-unstable", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-23.05pre483213.635a306fc8e/nixexprs.tar.xz", + "hash": "0lvmz0l12qkyg7lj69mn03lv8i44xsw84ld4d8yqyj9m9dng7hsd" + } + }, + "version": 3 +} \ No newline at end of file diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..2469f62 --- /dev/null +++ b/shell.nix @@ -0,0 +1,6 @@ +{ pkgs ? import (import ./npins { }).nixpkgs {} }: +pkgs.mkShell { + packages = [ + pkgs.npins + ]; +}