eid-mw: 4.4.16 -> 4.4.27 #92252
eid-mw: 4.4.16 -> 4.4.27 #92252
Conversation
| src = fetchFromGitHub { | ||
| sha256 = "1q82fw63xzrnrgh1wyh457hal6vfdl6swqfq7l6kviywiwlzx7kd"; | ||
| rev = "v${version}"; | ||
| repo = "eid-mw"; | ||
| owner = "Fedict"; | ||
| src = fetchurl { | ||
| url = "https://dist.eid.belgium.be/continuous/sources/eid-mw-${version}-v${version}.tar.gz"; | ||
| sha256 = "02dbwgnkzpxkc4avs7zcrrwbjn2v59g5ffpb6vcfi80ybimw9hm6"; |
There was a problem hiding this comment.
Why is this moving away from GitHub, since it seems to have this version?
https://github.com/Fedict/eid-mw/releases/tag/v4.4.27
Also, it already seems to have a newer release?
There was a problem hiding this comment.
dist.eid.belgium.be/ is the official release channel, where the releases are also signed. It seemed more appropriate to me. The 5.x releases seem to be unstable releases: they aren't mentioned on https://eid.belgium.be/en and in https://dist.eid.belgium.be/continuous/sources they have a commit hash in the released tarballs. They also failed to build. The AUR also has the same version: https://aur.archlinux.org/packages/eid-mw/ (they also use the official release channel there).
There was a problem hiding this comment.
dist.eid.belgium.be/is the official release channel, where the releases are also signed. It seemed more appropriate to me.
I see, thanks! For now it would probably be be better to continue using GitHub as an upstream until something like #43233 lands. Someone might forget to GPG-verify the source tarball on version bumps. Until then GitHub gives better accountability (easy to get diffs). For 4.4.27 it doesn't matter anyway, because the git tag is signed by one of the developers.
The 5.x releases seem to be unstable releases: they aren't mentioned on https://eid.belgium.be/en and in https://dist.eid.belgium.be/continuous/sources they have a commit hash in the released tarballs.
Ok, so then we should use 4.4.27.
There was a problem hiding this comment.
Sure, I'll edit it later tonight.
| buildInputs = [ gtk3 pcsclite libxml2 libproxy curl openssl ]; | ||
| preConfigure = '' | ||
| mkdir openssl | ||
| ln -s ${openssl.out}/lib openssl | ||
| ln -s ${openssl.bin}/bin openssl | ||
| ln -s ${openssl.dev}/include openssl | ||
| export SSL_PREFIX=$(realpath openssl) | ||
| sed -i "s%c_rehash%openssl rehash%g" plugins_tools/eid-viewer/Makefile.in |
There was a problem hiding this comment.
For simple substitutions that do not rely on regular expressions, substituteInPlace is more canonical:
| sed -i "s%c_rehash%openssl rehash%g" plugins_tools/eid-viewer/Makefile.in | |
| substituteInPlace plugins_tools/eid-viewer/Makefile.in \ | |
| --replace "c_rehash" "openssl rehash" |
Motivation for this change
Version bump.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)