1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| | # SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is>
import ../../lib/call-package.nix (
{ callSpectrumPackage, lib, pkgsMusl, pkgsStatic, src, writeScript, systemd }:
pkgsMusl.callPackage (
{ stdenvNoCC, curl }:
pkgsStatic.callPackage (
{ execline, runCommand }:
let
raw_update_url = builtins.readFile ../../update-url;
update-url =
if builtins.match "^https?://([[:alnum:]:./?=~-]|%[[:xdigit:]]{2})+/\n$" raw_update_url == null then
builtins.abort "Bad update URL"
else
builtins.substring 0 (builtins.stringLength raw_update_url - 1) raw_update_url;
sysupdate-d = stdenvNoCC.mkDerivation {
name = "spectrum-systemd-transfer-files";
src = ./.;
installPhase =
''
mkdir -- "$out"
(
cd -- "$src" &&
for i in sysupdate.d/*.transfer; do
s=''${i#sysupdate.d/} &&
sed 's,@UPDATE_URL@,${update-url},g' < "$i" > "$out/$s" || exit
done
printf %s\\n '${update-url}' > "$out/update-url"
) || exit
'';
};
l = lib.escapeShellArgs;
mountpoint = "/run/virtiofs/virtiofs0/user";
sysupdate-path = "${systemd}/lib/systemd/systemd-sysupdate";
runner = writeScript "update-run-script" (
"#!/bin/sh --\n" +
builtins.concatStringsSep " && \\\n" [
(l ["mount" "-toverlay" "-olowerdir=${mountpoint}/etc:/etc" "--" "overlay" "/etc"])
(l [sysupdate-path "--definitions=${sysupdate-d}" "update"])
(l ["${curl}/bin/curl" "-L" "--proto" "=http,https"
"-o" "${mountpoint}/update-destination/SHA256SUMS.gpg"
"--" "${update-url}SHA256SUMS.gpg"])
(l ["${curl}/bin/curl" "-L" "--proto" "=http,https"
"-o" "${mountpoint}/update-destination/SHA256SUMS"
"--" "${update-url}/SHA256SUMS"])
]);
in
callSpectrumPackage ../make-vm.nix {} {
providers.net = [ "sys.netvm" ];
type = "nix";
run = "${runner}";
}) {}) {}) (_: {})
|