From 34f4e33aa7736f9fcc97f2a7f3146faa0e30c492 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Sat, 21 Dec 2024 17:12:17 -0600
Subject: [PATCH] update talosctl to 1.9.0

---
 nixos/overlays/talosctl/default.nix | 34 +++++++++-----
 nixos/overlays/talosctl/update.sh   | 73 +++++++++++++++++++++++++++--
 2 files changed, 93 insertions(+), 14 deletions(-)

diff --git a/nixos/overlays/talosctl/default.nix b/nixos/overlays/talosctl/default.nix
index 4e51278..4835378 100644
--- a/nixos/overlays/talosctl/default.nix
+++ b/nixos/overlays/talosctl/default.nix
@@ -1,25 +1,39 @@
-{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles, git }:
 
 buildGoModule rec {
   pname = "talosctl";
-  version = "1.8.2";
+  version = "1.9.0";
 
   src = fetchFromGitHub {
     owner = "siderolabs";
     repo = "talos";
     rev = "v${version}";
-    hash = "sha256-sD/Nn1ZLM6JIZdWQsBioKyhrAvhz749LL4xWleQ80xY=";
+    hash = "sha256-j/GqAUP3514ROf64+ouvCg//9QuGoVDgxkNFqi4r+WE=";
   };
 
-  vendorHash = "sha256-pWG8DbZ9N57p2Q9w/IzETcvwaSfzaUvJgcz7Th/Oi9c=";
+  vendorHash = "sha256-XvOMNyiHnemqnbOzWmzZXkr3+/ZgJDg8vjCtWFkCtLs=";
 
   ldflags = [ "-s" "-w" ];
 
-  env.GOWORK = "off";
-
   subPackages = [ "cmd/talosctl" ];
 
-  nativeBuildInputs = [ installShellFiles ];
+  doCheck = false;
+
+  # Configure offline build
+  GOWORK = "off";
+  GOPROXY = "off";
+  GO111MODULE = "on";
+  GOSUMDB = "off";
+
+  # Use vendored dependencies
+  modVendorDir = "vendor";
+  allowGoReference = true;
+
+  preBuild = ''
+    export GOFLAGS="-mod=vendor"
+  '';
+
+  nativeBuildInputs = [ installShellFiles git ];
 
   postInstall = ''
     installShellCompletion --cmd talosctl \
@@ -28,13 +42,11 @@ buildGoModule rec {
       --zsh <($out/bin/talosctl completion zsh)
   '';
 
-  doCheck = false; # no tests
-
   meta = with lib; {
-    description = "CLI for out-of-band management of Kubernetes nodes created by Talos";
-    mainProgram = "talosctl";
+    description = "A CLI for out-of-band management of Kubernetes nodes created by Talos";
     homepage = "https://www.talos.dev/";
     license = licenses.mpl20;
     maintainers = with maintainers; [ flokli ];
+    mainProgram = "talosctl";
   };
 }
diff --git a/nixos/overlays/talosctl/update.sh b/nixos/overlays/talosctl/update.sh
index 087e78c..25a497f 100755
--- a/nixos/overlays/talosctl/update.sh
+++ b/nixos/overlays/talosctl/update.sh
@@ -1,14 +1,81 @@
 #!/usr/bin/env nix-shell
-#!nix-shell -I nixpkgs=/etc/nix/inputs/nixpkgs/ -i bash -p curl jq common-updater-scripts gnused nix coreutils
+#!nix-shell -I nixpkgs=/etc/nix/inputs/nixpkgs -i bash -p curl jq common-updater-scripts gnused nix coreutils perl nix-prefetch-git
 
 set -euo pipefail
 
+echo "Fetching latest version..."
 latestVersion="$(curl -s "https://api.github.com/repos/siderolabs/talos/releases?per_page=1" | jq -r ".[0].tag_name" | sed 's/^v//')"
-currentVersion=$(nix-instantiate --eval -E "with import /etc/nix/inputs/nixpkgs {}; talosctl.version or (lib.getVersion talosctl)" | tr -d '"')
+echo "Latest version: $latestVersion"
+
+nixFile="$(realpath "$(dirname "$0")/default.nix")"
+echo "Getting current version from $nixFile..."
+currentVersion=$(grep 'version = ' "$nixFile" | cut -d'"' -f2)
+echo "Current version: $currentVersion"
 
 if [[ "$currentVersion" == "$latestVersion" ]]; then
   echo "talosctl is up-to-date: $currentVersion"
   exit 0
 fi
 
-update-source-version talosctl "$latestVersion"
\ No newline at end of file
+echo "Updating version in $nixFile from $currentVersion to $latestVersion"
+
+# Create a temporary nix expression to get the vendor hash
+tmpFile=$(mktemp)
+cat > "$tmpFile" <<EOF
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.buildGoModule rec {
+  pname = "talosctl";
+  version = "$latestVersion";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "siderolabs";
+    repo = "talos";
+    rev = "v\${version}";
+    hash = lib.fakeHash;
+  };
+
+  vendorHash = null;
+
+  subPackages = [ "cmd/talosctl" ];
+}
+EOF
+
+# Get the source hash
+echo "Fetching source hash..."
+srcHash=$(nix hash to-sri --type sha256 $(nix-prefetch-git --url https://github.com/siderolabs/talos --rev "v${latestVersion}" | jq -r .sha256))
+echo "New source hash: $srcHash"
+
+# Update version and source hash first
+echo "Updating version and source hash..."
+sed -i "s/version = \"${currentVersion}\"/version = \"${latestVersion}\"/" "$nixFile"
+sed -i "s|hash = \"[^\"]*\"|hash = \"${srcHash}\"|" "$nixFile"
+
+# Try to build it to get the vendor hash
+echo "Building to get vendor hash..."
+if ! buildOutput=$(nix-build "$tmpFile" 2>&1); then
+  if vendorHash=$(echo "$buildOutput" | grep -oP 'got:.*' | cut -d: -f2- | tr -d " "); then
+    echo "New vendor hash: $vendorHash"
+    sed -i "s|vendorHash = \"[^\"]*\"|vendorHash = \"${vendorHash}\"|" "$nixFile"
+
+    # Try building again with the new vendor hash
+    echo "Verifying build with new vendor hash..."
+    if nix-build -E "with import <nixpkgs> {}; callPackage $nixFile {}" --no-out-link; then
+      echo "Build successful!"
+    else
+      echo "Error: Build failed with new vendor hash"
+      exit 1
+    fi
+  else
+    echo "Error: Could not extract vendor hash from build output"
+    echo "Build output: $buildOutput"
+    exit 1
+  fi
+else
+  echo "Warning: Build succeeded without needing to update vendor hash"
+fi
+
+rm "$tmpFile"
+
+echo "File contents after update:"
+cat "$nixFile"