guix/scripts/nix-prefetch-url.in

#! @shell@ -e

url=$1
expHash=$2

hashType=$NIX_HASH_ALGO
if test -z "$hashType"; then
    hashType=md5
fi

hashFormat=
if test "$hashType" != "md5"; then
    hashFormat=--base32
fi

if test -z "$url"; then
    echo "syntax: nix-prefetch-url URL [EXPECTED-HASH]" >&2
    exit 1
fi

name=$(basename "$url")
if test -z "$name"; then echo "invalid url"; exit 1; fi


# If the hash was given, a file with that hash may already be in the
# store.
if test -n "$expHash"; then
    finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$expHash" "$name")
    if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then
        finalPath=
    fi
    hash=$expHash
fi


# If we don't know the hash or a file with that hash doesn't exist,
# download the file and add it to the store.
if test -z "$finalPath"; then

    tmpPath=/tmp/nix-prefetch-url-$$ # !!! security?
    tmpFile=$tmpPath/$name
    mkdir $tmpPath

    # Perform the download.
    @curl@ --fail --location --max-redirs 20 "$url" > $tmpFile

    # Compute the hash.
    hash=$(@bindir@/nix-hash --type "$hashType" $hashFormat --flat $tmpFile)
    if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi

    # Add the downloaded file to the Nix store.
    finalPath=$(@bindir@/nix-store --add-fixed "$hashType" $tmpFile)

    if test -n "$tmpPath"; then rm -rf $tmpPath || true; fi

    if test -n "$expHash" -a "$expHash" != "$hash"; then
        echo "hash mismatch for URL \`$url'"
        exit 1
    fi
fi


if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi

echo $hash

if test -n "$PRINT_PATH"; then
    echo $finalPath
fi
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`#! @shell@ -e`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`url=$1`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`expHash=$2`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* Properly specify the hash algorithm in the manifests, and read it too. * Change the default hash for nix-prefetch-url back to md5, since that's what we use in Nixpkgs (for now; a birthday attack is rather unlikely there). 2005-02-24 17:36:42 +00:00			`hashType=$NIX_HASH_ALGO`
			`if test -z "$hashType"; then`
			`hashType=md5`
* Print SHA-1 hashes in base-32 by default. 2005-03-14 17:05:20 +00:00			`fi`

			`hashFormat=`
* Idem. 2005-03-14 18:55:46 +00:00			`if test "$hashType" != "md5"; then`
* Print SHA-1 hashes in base-32 by default. 2005-03-14 17:05:20 +00:00			`hashFormat=--base32`
			`fi`
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.) 2005-01-17 16:55:19 +00:00
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`if test -z "$url"; then`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`echo "syntax: nix-prefetch-url URL [EXPECTED-HASH]" >&2`
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`exit 1`
			`fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`name=$(basename "$url")`
			`if test -z "$name"; then echo "invalid url"; exit 1; fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`# If the hash was given, a file with that hash may already be in the`
			`# store.`
			`if test -n "$expHash"; then`
			`finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$expHash" "$name")`
			`if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then`
			`finalPath=`
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00			`fi`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`hash=$expHash`
			`fi`


			`# If we don't know the hash or a file with that hash doesn't exist,`
			`# download the file and add it to the store.`
			`if test -z "$finalPath"; then`

			`tmpPath=/tmp/nix-prefetch-url-$$ # !!! security?`
			`tmpFile=$tmpPath/$name`
			`mkdir $tmpPath`
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00
* Support for fixed-output hashes over directory trees (i.e., over the NAR dump of the path). 2005-02-22 21:14:41 +00:00			`# Perform the download.`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`@curl@ --fail --location --max-redirs 20 "$url" > $tmpFile`
* Fix nix-prefetch-url in setuid Nix installations. 2004-10-20 14:40:54 +00:00
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00			`# Compute the hash.`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`hash=$(@bindir@/nix-hash --type "$hashType" $hashFormat --flat $tmpFile)`
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00			`if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`# Add the downloaded file to the Nix store.`
			`finalPath=$(@bindir@/nix-store --add-fixed "$hashType" $tmpFile)`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`if test -n "$tmpPath"; then rm -rf $tmpPath \|\| true; fi`

			`if test -n "$expHash" -a "$expHash" != "$hash"; then`
			echo "hash mismatch for URL \`$url'"
			`exit 1`
			`fi`
* Fix nix-prefetch-url in setuid Nix installations. 2004-10-20 14:40:54 +00:00			`fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00

* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00			`if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi`
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes. 2003-11-22 18:45:56 +00:00
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`echo $hash`
* Adapted nix-pull to use the new substitute mechanism. 2004-06-21 09:51:23 +00:00
			`if test -n "$PRINT_PATH"; then`
			`echo $finalPath`
			`fi`