2024-03-02 22:37:22 +01:00
|
|
|
if [[ "$NIX_SECRET_WRAPPER_DEBUG" = 1 ]] ; then
|
|
|
|
set -x
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! [ -z $NIX_GET_COMPLETIONS ] || [ "$NIX_WRAPPER_BYPASS" = 1 ] ; then
|
|
|
|
exec .nix-unwrapped "$@"
|
|
|
|
fi
|
|
|
|
|
|
|
|
pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
|
|
|
new_args=()
|
|
|
|
i="0"
|
|
|
|
|
|
|
|
flake=0
|
|
|
|
immutable=0
|
|
|
|
local=0
|
|
|
|
|
|
|
|
for arg in "$@" ; do
|
|
|
|
if [[ "$arg" =~ ^git\+file://.*$ ]] ; then
|
|
|
|
immutable=1
|
|
|
|
local=1
|
|
|
|
fi
|
|
|
|
if [[ "$arg" =~ ^.\#.*$ ]] ; then
|
|
|
|
local=1
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
for arg in "$@" ; do
|
|
|
|
case "$arg" in
|
2024-03-30 14:55:35 +01:00
|
|
|
build|eval|run|path-info)
|
2024-03-02 22:37:22 +01:00
|
|
|
new_args[$i]="$arg"
|
|
|
|
new_args[$(($i + 1))]="--reference-lock-file"
|
|
|
|
new_args[$(($i + 2))]="flake-secret.lock"
|
|
|
|
if [[ "$immutable" == 0 ]] ; then
|
|
|
|
new_args[$(($i + 3))]="--output-lock-file"
|
|
|
|
new_args[$(($i + 4))]="flake-secret.lock"
|
|
|
|
i="$(($i + 2))"
|
|
|
|
fi
|
|
|
|
i="$(($i + 3))"
|
|
|
|
if [[ "$local" = 0 ]] ; then
|
|
|
|
exec .nix-unwrapped "$@"
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
flake)
|
|
|
|
new_args[$i]="$arg"
|
|
|
|
i="$(($i + 1))"
|
|
|
|
flake=1
|
|
|
|
;;
|
|
|
|
--*|-*)
|
|
|
|
new_args[$i]="$arg"
|
|
|
|
i="$(($i + 1))"
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
if [[ "$flake" == "1" ]] ; then
|
|
|
|
new_args[$i]="$arg"
|
|
|
|
new_args[$(($i + 1))]="--reference-lock-file"
|
|
|
|
new_args[$(($i + 2))]="flake-secret.lock"
|
|
|
|
new_args[$(($i + 3))]="--output-lock-file"
|
|
|
|
new_args[$(($i + 4))]="flake-secret.lock"
|
|
|
|
flake=0
|
|
|
|
i="$(($i + 5))"
|
|
|
|
else
|
|
|
|
new_args[$i]="$arg"
|
|
|
|
i="$(($i + 1))"
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
2024-03-02 23:09:04 +01:00
|
|
|
( exec -a $0 .nix-unwrapped "${new_args[@]}" )
|
2024-03-02 22:37:22 +01:00
|
|
|
ret_code=$?
|
|
|
|
|
|
|
|
post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
|
|
|
|
|
|
|
if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] || [ "$NIX_SECRET_FORCE" = "1" ] ; then
|
|
|
|
cp flake-secret.lock flake.lock
|
|
|
|
.nix-unwrapped flake lock --override-input secret sourcehut:~magic_rb/empty
|
|
|
|
fi
|
|
|
|
exit $ret_code
|