openbao-bin: init at 2.0.0

NixOS · Aug 27, 2024 · 045fc45 · 045fc45
1 parent dd34239
commit 045fc45
Show file tree

Hide file tree

Showing 2 changed files with 118 additions and 0 deletions.
diff --git a/pkgs/by-name/op/openbao-bin/package.nix b/pkgs/by-name/op/openbao-bin/package.nix
@@ -0,0 +1,72 @@
+{
+  lib,
+  stdenv,
+  fetchzip,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "openbao-bin";
+  version = "2.0.0";
+
+  src =
+    let
+      inherit (stdenv.hostPlatform) system;
+      selectSystem = attrs: attrs.${system} or (throw "Unsupported system: ${system}");
+      suffix = selectSystem {
+        x86_64-linux = "Linux_x86_64";
+        aarch64-linux = "Linux_arm64";
+        x86_64-darwin = "Darwin_x86_64";
+        aarch64-darwin = "Darwin_arm64";
+      };
+      sha256 = selectSystem {
+        x86_64-linux = "sha256-mg+yBfh6W2xlWDNgHZExO6SvywioJ7/qJU2gLP865mU=";
+        aarch64-linux = "sha256-ugR+slO6bZ1r3btPzzO2q31dqHMYNgyGOFMPH578xLc=";
+        x86_64-darwin = "sha256-GCWXRe0clMu139BKIV9LhnylxNmGXAMx1aVfmxaZhDs=";
+        aarch64-darwin = "sha256-9/Xi6fRsOL1WB6uu0X0Yph1chYoKIOUtyRfECX359pY=";
+      };
+    in
+    fetchzip {
+      url = "https://github.com/openbao/openbao/releases/download/v${version}/bao_${version}_${suffix}.tar.gz";
+      stripRoot = false;
+      inherit sha256;
+    };
+
+  dontConfigure = true;
+  dontBuild = true;
+  dontStrip = stdenv.isDarwin;
+
+  installPhase = ''
+    runHook preInstall
+    install -D bao $out/bin/bao
+    runHook postInstall
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/bao --help
+    $out/bin/bao version
+    runHook postInstallCheck
+  '';
+
+  dontPatchELF = true;
+  dontPatchShebangs = true;
+
+  passthru.updateScript = ./update-bin.sh;
+
+  meta = with lib; {
+    homepage = "https://www.openbao.org/";
+    description = "Open source, community-driven fork of Vault managed by the Linux Foundation";
+    changelog = "https://github.com/openbao/openbao/blob/v${version}/CHANGELOG.md";
+    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+    license = licenses.mpl20;
+    mainProgram = "bao";
+    maintainers = with maintainers; [ joseph-flinn ];
+    platforms = [
+      "x86_64-linux"
+      "x86_64-darwin"
+      "aarch64-darwin"
+      "aarch64-linux"
+    ];
+  };
+}
diff --git a/pkgs/by-name/op/openbao-bin/update-bin.sh b/pkgs/by-name/op/openbao-bin/update-bin.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl gnused gawk nix-prefetch
+
+set -euo pipefail
+
+ROOT="$(dirname "$(readlink -f "$0")")"
+NIX_DRV="$ROOT/package.nix"
+if [ ! -f "$NIX_DRV" ]; then
+  echo "ERROR: cannot find package.nix in $ROOT"
+  exit 1
+fi
+
+fetch_arch() {
+  VER="$1"; ARCH="$2"
+  URL="https://github.com/openbao/openbao/releases/download/v${VER}/bao_${VER}_${ARCH}.tar.gz"
+  nix-prefetch "{ stdenv, fetchzip }:
+stdenv.mkDerivation rec {
+  pname = \"openbao-bin\"; version = \"${VER}\";
+  src = fetchzip {
+    url = \"$URL\";
+    stripRoot = false;
+  };
+}
+"
+}
+
+replace_sha() {
+  sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV"
+}
+
+# https://github.com/openbao/openbao/v2.0.0/bao_2.0.0_linux_arm64.tar.gz
+BAO_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/openbao/openbao/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
+
+echo "latest version: $BAO_VER"
+
+BAO_LINUX_AARCH64_SHA256=$(fetch_arch "$BAO_VER" "Linux_arm64")
+BAO_LINUX_X64_SHA256=$(fetch_arch "$BAO_VER" "Linux_x86_64")
+BAO_DARWIN_X64_SHA256=$(fetch_arch "$BAO_VER" "Darwin_x86_64")
+BAO_DARWIN_AARCH64_SHA256=$(fetch_arch "$BAO_VER" "Darwin_arm64")
+
+sed -i "s/version = \".*\"/version = \"$BAO_VER\"/" "$NIX_DRV"
+
+replace_sha "x86_64-linux" "$BAO_LINUX_X64_SHA256"
+replace_sha "x86_64-darwin" "$BAO_DARWIN_X64_SHA256"
+replace_sha "aarch64-linux" "$BAO_LINUX_AARCH64_SHA256"
+replace_sha "aarch64-darwin" "$BAO_DARWIN_AARCH64_SHA256"