depot/ops/maint/update_nixpkgs/default.nix

{ depot, lib, ... }:
let
  inherit (depot) pkgs;
  inherit (depot.nix.pkgs) mercurial;
  updateNixpkgs = pkgs.runCommand "update_nixpkgs" {
    buildInputs = with pkgs; [ makeWrapper ];
  } ''
    mkdir -p $out/bin
    cp ${./update_nixpkgs.sh} $out/bin/update_nixpkgs
    chmod +x $out/bin/update_nixpkgs
    patchShebangs --host $out/bin
    wrapProgram $out/bin/update_nixpkgs \
      --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [ bashInteractive mercurial openssh coreutils copybara git gnused ])}
  '';
in
pkgs.dockerTools.buildImage {
  name = "update_nixpkgs";
  config = {
    Cmd = [ "${updateNixpkgs}/bin/update_nixpkgs" ];
    Env = [
      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
      "USER=root"
    ];
  };

  copyToRoot = pkgs.buildEnv {
    name = "update_nixpkgs-root";
    paths = [
      pkgs.cacert updateNixpkgs
      (pkgs.runCommand "update_nixpkgs_content" {} ''
  mkdir $out $out/root $out/root/.ssh $out/etc $out/tmp
  chmod 700 $out/root $out/root/.ssh
  chmod 1777 $out/tmp

  cat <<EOF >$out/etc/passwd
root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
EOF

  cat <<EOF >$out/root/.ssh/config
Host hg
  Hostname hg.lukegb.com
  User hg
  StrictHostKeyChecking no
  IdentityFile /secrets/ssh_id
EOF

  cat <<EOF >$out/root/.hgrc
[extensions]
histedit =
rebase =
strip =
remotenames =
amend =
evolve =
topic =
purge =
share =
EOF
      '')
    ];
  };
}
maint/update_nixpkgs: init 2020-10-10 17:10:33 +00:00			`{ depot, lib, ... }:`
			`let`
			`inherit (depot) pkgs;`
treewide: various warning fixups 2022-10-08 20:49:16 +00:00			`inherit (depot.nix.pkgs) mercurial;`
treewide: fix things up for new nixpkgs 2022-10-02 21:23:44 +00:00			`updateNixpkgs = pkgs.runCommand "update_nixpkgs" {`
maint/update_nixpkgs: init 2020-10-10 17:10:33 +00:00			`buildInputs = with pkgs; [ makeWrapper ];`
			`} ''`
			`mkdir -p $out/bin`
			`cp ${./update_nixpkgs.sh} $out/bin/update_nixpkgs`
			`chmod +x $out/bin/update_nixpkgs`
			`patchShebangs --host $out/bin`
			`wrapProgram $out/bin/update_nixpkgs \`
			`--prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [ bashInteractive mercurial openssh coreutils copybara git gnused ])}`
			`'';`
			`in`
			`pkgs.dockerTools.buildImage {`
			`name = "update_nixpkgs";`
			`config = {`
			`Cmd = [ "${updateNixpkgs}/bin/update_nixpkgs" ];`
			`Env = [`
			`"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`
			`"USER=root"`
			`];`
			`};`

treewide: various warning fixups 2022-10-08 20:49:16 +00:00			`copyToRoot = pkgs.buildEnv {`
			`name = "update_nixpkgs-root";`
			`paths = [`
			`pkgs.cacert updateNixpkgs`
			`(pkgs.runCommand "update_nixpkgs_content" {} ''`
maint/update_nixpkgs: init 2020-10-10 17:10:33 +00:00			`mkdir $out $out/root $out/root/.ssh $out/etc $out/tmp`
			`chmod 700 $out/root $out/root/.ssh`
			`chmod 1777 $out/tmp`

			`cat <<EOF >$out/etc/passwd`
			`root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash`
			`EOF`

			`cat <<EOF >$out/root/.ssh/config`
			`Host hg`
			`Hostname hg.lukegb.com`
			`User hg`
			`StrictHostKeyChecking no`
			`IdentityFile /secrets/ssh_id`
			`EOF`

			`cat <<EOF >$out/root/.hgrc`
			`[extensions]`
			`histedit =`
			`rebase =`
			`strip =`
			`remotenames =`
			`amend =`
			`evolve =`
			`topic =`
			`purge =`
			`share =`
			`EOF`
treewide: various warning fixups 2022-10-08 20:49:16 +00:00			`'')`
			`];`
			`};`
maint/update_nixpkgs: init 2020-10-10 17:10:33 +00:00			`}`