Merge fort-nix/nix-bitcoin#387: Shell improvements

b49c74545f fetch-release: make GPG key searchable (Erik Arvstedt)
7356a34d88 docs/install.md: update (Erik Arvstedt)
77af2e4538 makeShell: improve `update-nix-bitcoin` (Erik Arvstedt)
52aaa8388e fetch-release: write error messages to stderr (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK b49c74545f

Tree-SHA512: 4117cbe5839a7cf6ec1855687d75d53569582263064ec04207c2b8ea5de9638a6fca2f6367fad1427dfb0855b2c6656d51492b603baf44115db564b1a2b7be46
This commit is contained in:
Jonas Nick 2021-09-15 09:00:40 +00:00
commit ed8792c72b
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
5 changed files with 31 additions and 19 deletions

View File

@ -311,12 +311,10 @@ You can also build Nix from source by following the instructions at https://nixo
nix-shell nix-shell
``` ```
NOTE that a new directory `secrets/` appeared which contains the secrets for your node.
7. Deploy with krops in nix-shell 7. Deploy with krops in nix-shell
``` ```
krops-deploy deploy
``` ```
This will now create a nix-bitcoin node on the target machine. This will now create a nix-bitcoin node on the target machine.

View File

@ -1,9 +1,10 @@
Updating Updating
--- ---
In your deployment directory, enter the nix shell with `nix-shell` and run In your deployment directory, enter the nix shell with `nix-shell` and run the
following to update `nix-bitcoin-release.nix`:
``` ```
fetch-release > nix-bitcoin-release.nix update-nix-bitcoin
``` ```
Nodeinfo Nodeinfo

View File

@ -4,5 +4,5 @@ in
import "${nix-bitcoin}/helper/makeShell.nix" { import "${nix-bitcoin}/helper/makeShell.nix" {
configDir = ./.; configDir = ./.;
# Set this to modify your shell # Set this to modify your shell
# extraShellInitCmds = (pkgs: ''<my bash code>''); # extraShellInitCmds = pkgs: ''<my bash code>'';
} }

View File

@ -6,7 +6,7 @@ scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
repo=fort-nix/nix-bitcoin repo=fort-nix/nix-bitcoin
if [[ ! -v version ]]; then if [[ ! -v version ]]; then
version=$(curl --silent "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2) version=$(curl -s --show-error "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2)
fi fi
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
@ -18,17 +18,17 @@ mkdir -p -m 700 "$GPG_HOME"
# Import key # Import key
gpg --homedir $GPG_HOME --import "$scriptDir/key-jonasnick.bin" &> /dev/null gpg --homedir $GPG_HOME --import "$scriptDir/key-jonasnick.bin" &> /dev/null
# Verify key fingerprint # Verify key fingerprint
gpg --homedir $GPG_HOME --list-keys 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 > /dev/null gpg --homedir $GPG_HOME --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null
# Fetch nar-hash of release # Fetch nar-hash of release
cd $TMPDIR cd $TMPDIR
baseUrl=https://github.com/$repo/releases/download/v$version baseUrl=https://github.com/$repo/releases/download/v$version
curl --silent -L -O $baseUrl/nar-hash.txt curl -s --show-error -L -O $baseUrl/nar-hash.txt
curl --silent -L -O $baseUrl/nar-hash.txt.asc curl -s --show-error -L -O $baseUrl/nar-hash.txt.asc
# Verify signature for nar-hash # Verify signature for nar-hash
gpg --homedir $GPG_HOME --verify nar-hash.txt.asc &> /dev/null || { gpg --homedir $GPG_HOME --verify nar-hash.txt.asc &> /dev/null || {
echo "Error: Signature verification failed. Please open an issue in the project repository." >&2 echo "Error: Signature verification failed. Please open an issue in the project repository."
exit 1 exit 1
} }

View File

@ -17,6 +17,11 @@ stdenv.mkDerivation rec {
export NIX_BITCOIN_EXAMPLES_DIR="${cfgDir}" export NIX_BITCOIN_EXAMPLES_DIR="${cfgDir}"
# Set isInteractive=1 if
# 1. stdout is a TTY, i.e. we're not piping the output
# 2. the shell is interactive
if [[ -t 1 && $- == *i* ]]; then isInteractive=1; else isInteractive=; fi
help() { help() {
echo "nix-bitcoin path: ${toString ../.}" echo "nix-bitcoin path: ${toString ../.}"
echo echo
@ -47,10 +52,21 @@ stdenv.mkDerivation rec {
${toString ./fetch-release} ${toString ./fetch-release}
} }
update-nix-bitcoin() { update-nix-bitcoin() {(
fetch-release > "${cfgDir}/nix-bitcoin-release.nix" set -euo pipefail
releaseFile="${cfgDir}/nix-bitcoin-release.nix"
current=$(cat "$releaseFile" 2>/dev/null || true)
new=$(fetch-release)
if [[ $new == $current ]]; then
echo "nix-bitcoin-release.nix already contains the latest release"
else
echo "$new" > "$releaseFile"
echo "Updated nix-bitcoin-release.nix"
if [[ $isInteractive ]]; then
exec nix-shell exec nix-shell
} fi
fi
)}
generate-secrets() {( generate-secrets() {(
set -euo pipefail set -euo pipefail
@ -94,10 +110,7 @@ stdenv.mkDerivation rec {
done done
} }
# Print welcome message if if [[ $isInteractive ]]; then
# 1. stdout is a TTY, i.e. we're not piping the output
# 2. the shell is interactive
if [[ -t 1 && $- == *i* ]]; then
${figlet}/bin/figlet "nix-bitcoin" ${figlet}/bin/figlet "nix-bitcoin"
echo 'Enter "h" or "help" for documentation.' echo 'Enter "h" or "help" for documentation.'
fi fi