From 4b4ecf24925b240f75bce21c48cc3fde847df9b6 Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.com>
Date: Wed, 11 Sep 2024 14:58:16 -0400
Subject: [PATCH] vault-bin: 1.16.2 -> 1.17.5

---
 pkgs/tools/security/vault/update-bin.sh | 25 +++++++++++--------------
 pkgs/tools/security/vault/vault-bin.nix | 17 +++++++++--------
 2 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/pkgs/tools/security/vault/update-bin.sh b/pkgs/tools/security/vault/update-bin.sh
index 25f41e2aad12..cd91fe4b608d 100755
--- a/pkgs/tools/security/vault/update-bin.sh
+++ b/pkgs/tools/security/vault/update-bin.sh
@@ -10,15 +10,12 @@ if [ ! -f "$NIX_DRV" ]; then
   exit 1
 fi
 
-fetch_arch() {
-  VER="$1"; ARCH="$2"
-  URL="https://releases.hashicorp.com/vault/${VER}/vault_${VER}_${ARCH}.zip"
-  nix-prefetch "{ stdenv, fetchzip }:
-stdenv.mkDerivation rec {
-  pname = \"vault-bin\"; version = \"${VER}\";
-  src = fetchzip { url = \"$URL\"; };
-}
-"
+function calc_hash () {
+    local version=$1
+    local arch=$2
+    url="https://releases.hashicorp.com/vault/${version}/vault_${version}_${arch}.zip"
+    zip_hash=$(nix-prefetch-url --unpack $url)
+    nix hash to-sri --type sha256 "$zip_hash"
 }
 
 replace_sha() {
@@ -28,11 +25,11 @@ replace_sha() {
 # https://releases.hashicorp.com/vault/1.9.4/vault_1.9.4_linux_arm64.zip
 VAULT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/hashicorp/vault/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
 
-VAULT_LINUX_X86_SHA256=$(fetch_arch "$VAULT_VER" "linux_386")
-VAULT_LINUX_X64_SHA256=$(fetch_arch "$VAULT_VER" "linux_amd64")
-VAULT_DARWIN_X64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_amd64")
-VAULT_LINUX_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "linux_arm64")
-VAULT_DARWIN_AARCH64_SHA256=$(fetch_arch "$VAULT_VER" "darwin_arm64")
+VAULT_LINUX_X86_SHA256=$(calc_hash "$VAULT_VER" "linux_386")
+VAULT_LINUX_X64_SHA256=$(calc_hash "$VAULT_VER" "linux_amd64")
+VAULT_DARWIN_X64_SHA256=$(calc_hash "$VAULT_VER" "darwin_amd64")
+VAULT_LINUX_AARCH64_SHA256=$(calc_hash "$VAULT_VER" "linux_arm64")
+VAULT_DARWIN_AARCH64_SHA256=$(calc_hash "$VAULT_VER" "darwin_arm64")
 
 sed -i "s/version = \".*\"/version = \"$VAULT_VER\"/" "$NIX_DRV"
 
diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix
index dbdd8d49f76b..7a829e1ad271 100644
--- a/pkgs/tools/security/vault/vault-bin.nix
+++ b/pkgs/tools/security/vault/vault-bin.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "vault-bin";
-  version = "1.16.2";
+  version = "1.17.5";
 
   src =
     let
@@ -15,17 +15,18 @@ stdenv.mkDerivation rec {
         x86_64-darwin = "darwin_amd64";
         aarch64-darwin = "darwin_arm64";
       };
-      sha256 = selectSystem {
-        x86_64-linux = "sha256-fVDHXVI4f/1d6NTgHcURDXAjCkSEwKD3+bhRyvIgfjw=";
-        aarch64-linux = "sha256-tfRqnroz9W7V3gCataJbm2t97OJUkVe2VyWXPqbeJaw=";
-        i686-linux = "sha256-l2aYuyxYAOnAOBwtkEkrpqRNWYL7qsaYJ3vMiknhFow=";
-        x86_64-darwin = "sha256-xX/syRtkJJjmSO36Apq+i/s4kOMMop3De276358hb0c=";
-        aarch64-darwin = "sha256-I1FpMRsssil0LQe5LBjpX5b7uTATRJOBzbJeLnKCd74=";
+      hash = selectSystem {
+        x86_64-linux = "sha256-rh0ZVmAbiOmZFCpiiX9ClAYmQKx084VKCjxvD9bbYAk=";
+        aarch64-linux = "sha256-DtriOEQCuSMMjzfJJpJAf7z+wGJSbzU3V/X+glTLkv8=";
+        i686-linux = "sha256-EPS3Sx2l0Gv4PWeqrnIEoNYUF4Or075vdhn71vKXQEw=";
+        x86_64-darwin = "sha256-pi/sD88haBxUx6dSUEUv6ugQO2K/lhg4ne7xbcVzg3M=";
+        aarch64-darwin = "sha256-6ZESO3m5FCRwTNh3xlWjWw6c9sjiAwV09YA/hQ5Py/o=";
       };
     in
     fetchzip {
       url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip";
-      inherit sha256;
+      stripRoot=false;
+      inherit hash;
     };
 
   dontConfigure = true;