bachix

_info.md

bachix

Generate nix.conf for Cachix in bash. Because sometimes it's just unnecessary to download cachix the binary.

bachix

#!/usr/bin/env bash

# Recommended script name: bachix
# Requirements: jq curl nix

progname="$(basename "$0")"

log() {
    echo "$*" >&2
}

usage() {
    log "Usage:"
    log "    $progname keys <names>     Get public keys from Cachix"
    log "    $progname use <names>      Generate nix.conf"
    log ""
    log "(Multiple caches can be specified in <names>)"
    exit 1
}

check_prog() {
    for prog in "$@"; do
        if ! type -t "$prog" > /dev/null; then
            log "$progname: Errors: Requires programs: $*"
            exit 1
        fi
    done
}

check_name() {
    if ! expr + "$1" : '^[0-9a-z-]*$' > /dev/null; then
        log "$progname: Invalid binary cache name: allowed characters are a-z 0-9 -"
        exit 1
    fi
}

fetch_data() {
    check_name "$1"

    local data
    data="$(curl -sf https://cachix.org/api/v1/cache/"$1")"
    local result="$?"
    if [ "$result" -eq 22 ]; then
        log "Binary cache $1 not found"
        exit 1
    elif [ "$result" -ne 0 ]; then
        log "curl exited with code $result"
        exit 1
    fi
    echo "$data"
}

[ $# -lt 1 ] && usage

case "$1" in
    keys)
        [ $# -lt 2 ] && usage

        check_prog jq curl

        while [ $# -ge 2 ]; do
            fetch_data "$2" | jq -r '.publicSigningKeys[]'
            shift
        done
        ;;
    use)
        [ $# -lt 2 ] && usage

        check_prog jq curl

        while [ $# -ge 2 ]; do
            data="$(fetch_data "$2")"
            cur_subs="$cur_subs $(jq -r '.uri' <<<"$data")"
            for key in $(jq -r '.publicSigningKeys[]' <<<"$data"); do
                cur_keys="$cur_keys $key"
            done
            shift
        done

        echo "# Generated by $progname"
        echo "extra-substituters =$cur_subs"
        echo "extra-trusted-public-keys =$cur_keys"
        ;;
    *)
        usage
        ;;
esac