{tor,mullvad}-browser: migrate to pkgs/by-name

2024-07-10 18:59:22 +02:00
parent 450290133d
commit ff1dc27711
5 changed files with 65 additions and 5 deletions
--- a/pkgs/applications/networking/browsers/mullvad-browser/default.nix
+++ b/pkgs/applications/networking/browsers/mullvad-browser/default.nix
@@ -255,7 +255,7 @@ stdenv.mkDerivation rec {

  passthru = {
    inherit sources;
-    updateScript = callPackage ../tor-browser/update.nix {
+    updateScript = callPackage ./update.nix {
      inherit pname version meta;
      baseUrl = "https://cdn.mullvad.net/browser/";
      name = "mullvad-browser";
--- a/pkgs/applications/networking/browsers/tor-browser/update.nix
+++ b/pkgs/applications/networking/browsers/tor-browser/update.nix
--- a/pkgs/applications/networking/browsers/tor-browser/default.nix
+++ b/pkgs/applications/networking/browsers/tor-browser/default.nix
--- a/pkgs/by-name/to/tor-browser/update.nix
+++ b/pkgs/by-name/to/tor-browser/update.nix
@@ -0,0 +1,64 @@
+{ lib
+, writeShellScript
+, coreutils
+, gnused
+, gnugrep
+, curl
+, gnupg
+, nix
+, common-updater-scripts
+
+# options
+, pname
+, version
+, meta
+, baseUrl ? "https://dist.torproject.org/torbrowser/"
+# name used to match published archive
+, name ? "tor-browser"
+, prerelease ? false
+}:
+
+let
+  versionMatch = if prerelease
+    then ''[0-9]+(\.[0-9]+)*.*''
+    else ''[0-9]+(\.[0-9]+)*'';
+in writeShellScript "update-${pname}" ''
+  PATH="${lib.makeBinPath [ coreutils curl gnugrep gnused gnupg nix common-updater-scripts ]}"
+  set -euo pipefail
+
+  trap
+
+  url=${baseUrl}
+  version=$(curl -s $url \
+            | sed -rne 's,^.*href="(${versionMatch})/".*,\1,p' \
+            | sort --version-sort | tail -1)
+
+  if [[ "${version}" = "$version" ]]; then
+      echo "The new version same as the old version."
+      exit 0
+  fi
+
+  HOME=$(mktemp -d)
+  export GNUPGHOME=$(mktemp -d)
+  trap 'rm -rf "$HOME" "$GNUPGHOME"' EXIT
+
+  gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
+  gpg --output $HOME/tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
+
+  curl --silent --show-error --fail -o $HOME/shasums "$url$version/sha256sums-signed-build.txt"
+  curl --silent --show-error --fail -o $HOME/shasums.asc "$url$version/sha256sums-signed-build.txt.asc"
+  gpgv --keyring=$HOME/tor.keyring $HOME/shasums.asc $HOME/shasums
+
+  declare -A platforms=(
+    ['x86_64-linux']='linux-x86_64'
+    ['i686-linux']='linux-i686'
+  )
+
+  for platform in ${lib.escapeShellArgs meta.platforms}; do
+    arch="''${platforms[$platform]}"
+    sha256=$(grep "${name}-$arch-$version.tar.xz" "$HOME/shasums" | cut -d" " -f1)
+    hash=$(nix hash to-sri --type sha256 "$sha256")
+
+    update-source-version "${pname}" "$version" "$hash" --ignore-same-version --source-key="sources.$platform"
+  done
+''
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13516,8 +13516,6 @@ with pkgs;

  tor = callPackage ../tools/security/tor { };

-  tor-browser = callPackage ../applications/networking/browsers/tor-browser { };
-
  touchegg = callPackage ../tools/inputmethods/touchegg { };

  torrent7z = callPackage ../tools/archivers/torrent7z { };
@@ -25679,8 +25677,6 @@ with pkgs;

  mullvad-vpn = callPackage ../applications/networking/mullvad-vpn { };

-  mullvad-browser = callPackage ../applications/networking/browsers/mullvad-browser { };
-
  mullvad-closest = with python3Packages; toPythonApplication mullvad-closest;

  mycorrhiza = callPackage ../servers/mycorrhiza { };