guix/scripts/nix-prefetch-url.in

#! @shell@ -e

url=$1
expHash=$2

# needed to make it work on NixOS
export PATH=$PATH:@coreutils@

hashType=$NIX_HASH_ALGO
if test -z "$hashType"; then
    hashType=sha256
fi

hashFormat=
if test "$hashType" != "md5"; then
    hashFormat=--base32
fi

if test -z "$url"; then
    echo "syntax: nix-prefetch-url URL [EXPECTED-HASH]" >&2
    exit 1
fi

name=$(basename "$url")
if test -z "$name"; then echo "invalid url"; exit 1; fi


# If the hash was given, a file with that hash may already be in the
# store.
if test -n "$expHash"; then
    finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$expHash" "$name")
    if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then
        finalPath=
    fi
    hash=$expHash
fi


doDownload() {
    @curl@ $cacheFlags --fail -# --location --max-redirs 20 --disable-epsv \
        --cookie-jar $tmpPath/cookies "$url" -o $tmpFile
}


# If we don't know the hash or a file with that hash doesn't exist,
# download the file and add it to the store.
if test -z "$finalPath"; then

    tmpPath=/tmp/nix-prefetch-url-$$ # !!! security?
    tmpFile=$tmpPath/$name
    mkdir $tmpPath

    # Optionally do timestamp-based caching of the download.
    # Actually, the only thing that we cache in $NIX_DOWNLOAD_CACHE is
    # the hash and the timestamp of the file at $url.  The caching of
    # the file *contents* is done in Nix store, where it can be
    # garbage-collected independently.
    if test -n "$NIX_DOWNLOAD_CACHE"; then
        echo -n "$url" > $tmpPath/url
        urlHash=$(nix-hash --type sha256 --base32 --flat $tmpPath/url)
        echo "$url" > "$NIX_DOWNLOAD_CACHE/$urlHash.url"
        cachedHashFN="$NIX_DOWNLOAD_CACHE/$urlHash.$hashType"
        cachedTimestampFN="$NIX_DOWNLOAD_CACHE/$urlHash.stamp"
        cacheFlags="--remote-time"
        if test -e "$cachedTimestampFN" -a -e "$cachedHashFN"; then
            # Only download the file if it is newer than the cached version.
            cacheFlags="$cacheFlags --time-cond $cachedTimestampFN"
        fi
    fi

    # Perform the download.
    doDownload

    if test -n "$NIX_DOWNLOAD_CACHE" -a ! -e $tmpFile; then
        # Curl didn't create $tmpFile, so apparently there's no newer
        # file on the server.
        hash=$(cat $cachedHashFN)
        finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$hash" "$name") 
        if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then
            echo "cached contents of \`$url' disappeared, redownloading..." >&2
            finalPath=
            cacheFlags="--remote-time"
            doDownload
        fi
    fi

    if test -z "$finalPath"; then

        # Compute the hash.
        hash=$(@bindir@/nix-hash --type "$hashType" $hashFormat --flat $tmpFile)
        if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi

        if test -n "$NIX_DOWNLOAD_CACHE"; then
            echo $hash > $cachedHashFN
            touch -r $tmpFile $cachedTimestampFN
        fi

        # Add the downloaded file to the Nix store.
        finalPath=$(@bindir@/nix-store --add-fixed "$hashType" $tmpFile)

        if test -n "$tmpPath"; then rm -rf $tmpPath || true; fi

        if test -n "$expHash" -a "$expHash" != "$hash"; then
            echo "hash mismatch for URL \`$url'" >&2
            exit 1
        fi
        
    fi
fi


if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi

echo $hash

if test -n "$PRINT_PATH"; then
    echo $finalPath
fi
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`#! @shell@ -e`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`url=$1`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`expHash=$2`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
add coreutils to the default PATH for this scripts, so we know for sure we have tools like rm, mkdir, and so on 2006-08-05 00:33:52 +00:00			`# needed to make it work on NixOS`
			`export PATH=$PATH:@coreutils@`

* Properly specify the hash algorithm in the manifests, and read it too. * Change the default hash for nix-prefetch-url back to md5, since that's what we use in Nixpkgs (for now; a birthday attack is rather unlikely there). 2005-02-24 17:36:42 +00:00			`hashType=$NIX_HASH_ALGO`
			`if test -z "$hashType"; then`
* nix-prefetch-url: change the default hash to SHA-256 (in base-32). 2007-01-22 09:53:36 +00:00			`hashType=sha256`
* Print SHA-1 hashes in base-32 by default. 2005-03-14 17:05:20 +00:00			`fi`

			`hashFormat=`
* Idem. 2005-03-14 18:55:46 +00:00			`if test "$hashType" != "md5"; then`
* Print SHA-1 hashes in base-32 by default. 2005-03-14 17:05:20 +00:00			`hashFormat=--base32`
			`fi`
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.) 2005-01-17 16:55:19 +00:00
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`if test -z "$url"; then`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`echo "syntax: nix-prefetch-url URL [EXPECTED-HASH]" >&2`
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`exit 1`
			`fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`name=$(basename "$url")`
			`if test -z "$name"; then echo "invalid url"; exit 1; fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`# If the hash was given, a file with that hash may already be in the`
			`# store.`
			`if test -n "$expHash"; then`
			`finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$expHash" "$name")`
			`if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then`
			`finalPath=`
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00			`fi`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`hash=$expHash`
			`fi`


* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`doDownload() {`
* Show errors in nix-prefetch-url. 2007-08-15 09:24:06 +00:00			`@curl@ $cacheFlags --fail -# --location --max-redirs 20 --disable-epsv \`
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`--cookie-jar $tmpPath/cookies "$url" -o $tmpFile`
			`}`


* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`# If we don't know the hash or a file with that hash doesn't exist,`
			`# download the file and add it to the store.`
			`if test -z "$finalPath"; then`

			`tmpPath=/tmp/nix-prefetch-url-$$ # !!! security?`
			`tmpFile=$tmpPath/$name`
			`mkdir $tmpPath`
* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`# Optionally do timestamp-based caching of the download.`
			`# Actually, the only thing that we cache in $NIX_DOWNLOAD_CACHE is`
			`# the hash and the timestamp of the file at $url. The caching of`
			`# the file contents is done in Nix store, where it can be`
			`# garbage-collected independently.`
			`if test -n "$NIX_DOWNLOAD_CACHE"; then`
* Don't rely on /dev/stdin. 2007-08-10 00:22:21 +00:00			`echo -n "$url" > $tmpPath/url`
			`urlHash=$(nix-hash --type sha256 --base32 --flat $tmpPath/url)`
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`echo "$url" > "$NIX_DOWNLOAD_CACHE/$urlHash.url"`
			`cachedHashFN="$NIX_DOWNLOAD_CACHE/$urlHash.$hashType"`
			`cachedTimestampFN="$NIX_DOWNLOAD_CACHE/$urlHash.stamp"`
			`cacheFlags="--remote-time"`
			`if test -e "$cachedTimestampFN" -a -e "$cachedHashFN"; then`
			`# Only download the file if it is newer than the cached version.`
			`cacheFlags="$cacheFlags --time-cond $cachedTimestampFN"`
			`fi`
			`fi`

* Support for fixed-output hashes over directory trees (i.e., over the NAR dump of the path). 2005-02-22 21:14:41 +00:00			`# Perform the download.`
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`doDownload`

			`if test -n "$NIX_DOWNLOAD_CACHE" -a ! -e $tmpFile; then`
			`# Curl didn't create $tmpFile, so apparently there's no newer`
			`# file on the server.`
			`hash=$(cat $cachedHashFN)`
			`finalPath=$(@bindir@/nix-store --print-fixed-path "$hashType" "$hash" "$name")`
			`if ! @bindir@/nix-store --check-validity "$finalPath" 2> /dev/null; then`
			echo "cached contents of \`$url' disappeared, redownloading..." >&2
			`finalPath=`
			`cacheFlags="--remote-time"`
			`doDownload`
			`fi`
			`fi`

			`if test -z "$finalPath"; then`

			`# Compute the hash.`
			`hash=$(@bindir@/nix-hash --type "$hashType" $hashFormat --flat $tmpFile)`
			`if ! test -n "$QUIET"; then echo "hash is $hash" >&2; fi`
* Fix nix-prefetch-url in setuid Nix installations. 2004-10-20 14:40:54 +00:00
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`if test -n "$NIX_DOWNLOAD_CACHE"; then`
			`echo $hash > $cachedHashFN`
			`touch -r $tmpFile $cachedTimestampFN`
			`fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`# Add the downloaded file to the Nix store.`
			`finalPath=$(@bindir@/nix-store --add-fixed "$hashType" $tmpFile)`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`if test -n "$tmpPath"; then rm -rf $tmpPath \|\| true; fi`
* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00
* nix-prefetch-url: support caching. If the environment variable NIX_DOWNLOAD_CACHE is set, then nix-prefetch-url will store the hash and timestamp of downloaded files in the directory $NIX_DOWNLOAD_CACHE. This allows it to figure out if the file is still in the Nix store. 2007-08-09 23:16:44 +00:00			`if test -n "$expHash" -a "$expHash" != "$hash"; then`
			echo "hash mismatch for URL \`$url'" >&2
			`exit 1`
			`fi`

* `nix-store --add-fixed' to preload the outputs of fixed-output derivations. This is mostly to simplify the implementation of nix-prefetch-{url, svn}, which now work properly in setuid installations. * Enforce valid store names in `nix-store --add / --add-fixed'. 2005-04-07 14:01:51 +00:00			`fi`
* Fix nix-prefetch-url in setuid Nix installations. 2004-10-20 14:40:54 +00:00			`fi`
* A script `nix-prefetch-url' to fetch a URL, place it in the Nix store, and print its hash. 2003-08-15 10:13:41 +00:00

* Allow an optional hash to be provided. This prevents redundant fetches. 2004-12-13 13:35:36 +00:00			`if ! test -n "$QUIET"; then echo "path is $finalPath" >&2; fi`
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes. 2003-11-22 18:45:56 +00:00
* Channels. These allow you to stay current with an evolving set of Nix expressions. To subscribe to a channel (needs to be done only once): nix-channel --add \ http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable This just adds the given URL to ~/.nix-channels (which can also be edited manually). To update from all channels: nix-channel --update This fetches the latest expressions and pulls cache manifests. The default Nix expression (~/.nix-defexpr) is made to point to the conjunction of the expressions downloaded from all channels. So to update all installed derivations in the current user environment: nix-channel --update nix-env --upgrade '*' If you are really courageous, you can put this in a cronjob or something. You can subscribe to multiple channels. It is not entirely clear what happens when there are name clashes between derivations from different channels. From nix-env/main.cc it appears that the one with the lowest (highest?) hash will be used, which is pretty meaningless. 2004-04-21 14:54:05 +00:00			`echo $hash`
* Adapted nix-pull to use the new substitute mechanism. 2004-06-21 09:51:23 +00:00
			`if test -n "$PRINT_PATH"; then`
			`echo $finalPath`
			`fi`