movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

electrs/update.sh: ensure tag is checked out

Browse source 
Cloning a tag-named branch introduced a supply chain attack vector,
because branch and tag contents might differ.
Now the hashed worktree always corresponds to the tag that is GPG-verified.
This commit is contained in:
Erik Arvstedt 2021-10-20 21:57:40 +02:00
parent 806535d54f
commit 6b7aa566ef
No known key found for this signature in database
GPG key ID: 33312B944DD97846
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
pkgs/applications/blockchains/electrs/update.sh
View file

@ -21,6 +21,7 @@ repo=$tmpdir/repo
trap "rm -rf $tmpdir" EXIT trap "rm -rf $tmpdir" EXIT
git clone --depth 1 --branch v${version} -c advice.detachedHead=false https://github.com/romanz/electrs $repo git clone --depth 1 --branch v${version} -c advice.detachedHead=false https://github.com/romanz/electrs $repo
git -C $repo checkout tags/v${version}
export GNUPGHOME=$tmpdir export GNUPGHOME=$tmpdir
echo echo