patches and low-level development discussion
 help / color / mirror / code / Atom feed
blob 04df283f09a1f1ece9197e275d562193af170982 2076 bytes (raw)
name: vm/app/systemd-sysupdate/default.nix 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

 
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is>
# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>

import ../../../lib/call-package.nix (
{ callSpectrumPackage, curl, lib, src
, runCommand, systemd, writeScript
}:

let
  escape-url = builtins.path {
    name = "escape-url";
    path = ./escape-url.awk;
  };
  populate-transfer-directory = builtins.path {
    name = "populate-transfer-directory";
    path = ./populate-transfer-directory;
  };
in

callSpectrumPackage ../../make-vm.nix {} {
  providers.net = [ "sys.netvm" ];
  type = "nix";
  run = writeScript "run-script" ''
#!/usr/bin/execlineb -P
export LC_ALL C
export LANGUAGE C
if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc }
backtick tmpdir { mktemp -d /run/sysupdate-XXXXXX }
# Not a useless use of cat: if there are NUL bytes in the URL
# busybox's awk might misbehave.
backtick update_url { cat /etc/update-url }
# Leading and trailing whitespace is almost certainly user error,
# but be friendly to the user (by stripping it) rather than failing.
backtick update_url {
  awk "BEGIN {
    url = ENVIRON[\"update_url\"]
    gsub(/^[[:space:]]+/, \"\", url)
    gsub(/[[:space:]]+$/, \"\", url)
    print url
  }"
}
multisubstitute {
  importas -iSu tmpdir
  importas -iSu update_url
}
if { ${populate-transfer-directory} ${escape-url} /etc/vm-sysupdate.d ''${tmpdir} ''${update_url} }
if { ${systemd}/lib/systemd/systemd-sysupdate --definitions=''${tmpdir} update }
# [ and ] are allowed in update URLs so that IPv6 addresses work, but
# they cause globbing in the curl command-line tool by default.  Use --globoff
# to disable this feature.  Only allow HTTP and HTTPS protocols on redirection.
if { ${curl}/bin/curl -L --proto-redir =http,https --globoff
     -o /run/virtiofs/virtiofs0/updates/SHA256SUMS -- ''${update_url}/SHA256SUMS }
${curl}/bin/curl -L --proto-redir =http,https --globoff
     -o /run/virtiofs/virtiofs0/updates/SHA256SUMS.sha256.asc -- ''${update_url}/SHA256SUMS.sha256.asc
'';
}) (_: {})

debug log:

solving 04df283f09a1f1ece9197e275d562193af170982 ...
found 04df283f09a1f1ece9197e275d562193af170982 in https://inbox.spectrum-os.org/spectrum-devel/20251121-updates-v4-12-d4561c42776e@gmail.com/ ||
	https://inbox.spectrum-os.org/spectrum-devel/20251119-updates-v3-12-b88a99915509@gmail.com/

applying [1/1] https://inbox.spectrum-os.org/spectrum-devel/20251121-updates-v4-12-d4561c42776e@gmail.com/
diff --git a/vm/app/systemd-sysupdate/default.nix b/vm/app/systemd-sysupdate/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..04df283f09a1f1ece9197e275d562193af170982

Checking patch vm/app/systemd-sysupdate/default.nix...
Applied patch vm/app/systemd-sysupdate/default.nix cleanly.

skipping https://inbox.spectrum-os.org/spectrum-devel/20251119-updates-v3-12-b88a99915509@gmail.com/ for 04df283f09a1f1ece9197e275d562193af170982
index at:
100644 04df283f09a1f1ece9197e275d562193af170982	vm/app/systemd-sysupdate/default.nix

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).