bisq-desktop: add updater script

This change adds an updater script which uses signature verification to verify the update.
2021-08-04 12:00:00 +07:00 · 2021-08-04 12:00:00 +07:00 · 1405110f56
parent 961ca77734
commit 1405110f56
2 changed files with 24 additions and 0 deletions
--- a/pkgs/applications/blockchains/bisq-desktop/default.nix
+++ b/pkgs/applications/blockchains/bisq-desktop/default.nix
@ -90,6 +90,8 @@ stdenv.mkDerivation rec {
    runHook postInstall
  '';

+  passthru.updateScript = ./update.sh;
+
  meta = with lib; {
    description = "A decentralized bitcoin exchange network";
    homepage = "https://bisq.network";
--- a/pkgs/applications/blockchains/bisq-desktop/update.sh
+++ b/pkgs/applications/blockchains/bisq-desktop/update.sh
@ -0,0 +1,22 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl jq gnused gnupg common-updater-scripts
+
+set -eu -o pipefail
+
+version="$(curl -s https://api.github.com/repos/bisq-network/bisq/releases| jq '.[] | {name,prerelease} | select(.prerelease==false) | limit(1;.[])' | sed 's/[\"v]//g' | head -n 1)"
+depname="Bisq-64bit-$version.deb"
+src="https://github.com/bisq-network/bisq/releases/download/v$version/$depname"
+signature="$src.asc"
+key="CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B"
+
+pushd $(mktemp -d --suffix=-bisq-updater)
+export GNUPGHOME=$PWD/gnupg
+mkdir -m 700 -p "$GNUPGHOME"
+curl -L -o "$depname" -- "$src"
+curl -L -o signature.asc -- "$signature"
+gpg --batch --recv-keys "$key"
+gpg --batch --verify signature.asc "$depname"
+sha256=$(nix-prefetch-url --type sha256 "file://$PWD/$depname")
+popd
+
+update-source-version bisq-desktop "$version" "$sha256"