diff --git a/pkgs/electrs/default.nix b/pkgs/electrs/default.nix index 512d0b7ae..05202cb2e 100644 --- a/pkgs/electrs/default.nix +++ b/pkgs/electrs/default.nix @@ -1,17 +1,16 @@ -{ lib, rustPlatform, clang, llvmPackages, fetchFromGitHub, pkgs }: +{ lib, rustPlatform, llvmPackages, fetchurl, pkgs }: rustPlatform.buildRustPackage rec { pname = "electrs"; version = "0.8.3"; - src = fetchFromGitHub { - owner = "romanz"; - repo = "electrs"; - rev = "v${version}"; - sha256 = "01993iv3kkf56s5x33gvk433zjwvqlfxa5vqrjl4ghr4i303ysc2"; + src = fetchurl { + url = "https://github.com/romanz/electrs/archive/v${version}.tar.gz"; + # Use ./get-sha256.sh to fetch latest (verified) sha256 + sha256 = "6a00226907a0c36b10884e7dd9f87eb58123f089977a752b917d166af072ea3d"; }; # Needed for librocksdb-sys - buildInputs = [ clang ]; + nativeBuildInputs = [ llvmPackages.clang ]; LIBCLANG_PATH = "${llvmPackages.libclang}/lib"; cargoSha256 = if pkgs ? cargo-vendor then diff --git a/pkgs/electrs/get-sha256.sh b/pkgs/electrs/get-sha256.sh new file mode 100755 index 000000000..7a36c080f --- /dev/null +++ b/pkgs/electrs/get-sha256.sh @@ -0,0 +1,24 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p git gnupg +set -euo pipefail + +TMPDIR="$(mktemp -d -p /tmp)" +trap "rm -rf $TMPDIR" EXIT +cd $TMPDIR + +echo "Fetching latest release" +git clone https://github.com/romanz/electrs 2> /dev/null +cd electrs +latest=$(git describe --tags `git rev-list --tags --max-count=1`) +echo "Latest release is ${latest}" + +# GPG verification +export GNUPGHOME=$TMPDIR +echo "Fetching Roman Zeyde's Key" +gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys 15c8c3574ae4f1e25f3f35c587cae5fa46917cbb 2> /dev/null +echo "Verifying latest release" +git verify-tag ${latest} + +echo "tag: ${latest}" +# The prefix option is necessary because GitHub prefixes the archive contents in this format +echo "sha256: $(git archive --format tar.gz --prefix=electrs-"${latest//v}"/ ${latest} | sha256sum | cut -d\ -f1)"