nix: make .envrc more robust to failure

diff --git a/.envrc b/.envrc
index f8a00f43d4d40895e8cc29578553582e0fbbc975..c304b7ed64fbd08ec32b0fa053e22c37642582f2 100644 (file)
--- a/.envrc
+++ b/.envrc
@@ -14,7 +14,7 @@ then log_status "installing Nix core tools"
     gpg2 --keyserver hkp://keys.gnupg.net --recv-keys "$nix_openpgp"
   fi
   test -e ~/.nix-profile/etc/profile.d/nix.sh || {
-    gpg --verify .config/nix/install.asc
+    gpg --verify .config/nix/install.asc &&
     sh .config/nix/install
   }
   . ~/.nix-profile/etc/profile.d/nix.sh
@@ -40,10 +40,10 @@ watch_file .config/nixpkgs-channel/$nixpkgs_channel.nix
 #export NIX_PATH="nixpkgs=$nixpkgs${NIX_PATH:+:$NIX_PATH}"
 
 # nix-shell
-has shasum || fail "shasum is needed to cache environment"
+has shasum || { log_error "shasum is needed to cache environment"; return 1; }
 for e in "${nixshell_sources[@]}"
 do watch_file "$e"; done
-hash=$(for e in "${nixshell_sources[@]}"; do shasum -a 256 "$e"; done | shasum -a 256 | cut -c -64)
+hash=$(shasum -a 256 "${nixshell_sources[@]}" | shasum -a 256 | cut -c -64)
 if test -e ".cache/nix-shell/$hash/dump"
 then
   log_status "reusing .cache/nix-shell/$hash/"
@@ -53,27 +53,28 @@ then
   # and run gpg-connect-agent updatestartuptty /bye
   eval "$shellHook"
 else log_status "building .cache/nix-shell/$hash/"
-  trap "rm -rf '$PWD/.cache/nix-shell/$hash'" EXIT
   mkdir -p ".cache/nix-shell/$hash"
-  # Register the derivation as a root for the garbage-collector
+  local dump="$(mktemp .cache/nix-shell/$hash/dump-XXXXXXXX)"
+  # Register the derivation as a root for the garbage-collector,
+  # then cache a dump of the environment from within the nix-shell,
+  # then unregister previous derivations,
+  # then load the cached environment.
   nix-instantiate >/dev/null ./shell.nix \
    --indirect --add-root .cache/nix-shell/"$hash"/shell.drv \
    ${TRACE:+--show-trace} \
-   ${OFFLINE:+--option substituters ""}
+   ${OFFLINE:+--option substituters ""} &&
   nix-store >/dev/null \
    --indirect --add-root .cache/nix-shell/"$hash"/shell.dep \
    ${OFFLINE:+--option substituters ""} \
-   --realise $(nix-store --query --references .cache/nix-shell/"$hash"/shell.drv)
-  # Dump the environment from within the nix-shell
-  local dump
-  dump="$(mktemp .cache/nix-shell/$hash/dump-XXXXXXXX)"
+   --realise $(nix-store --query --references .cache/nix-shell/"$hash"/shell.drv) &&
   nix-shell >"$dump" ${TRACE:+--show-trace} --pure \
-   --run "$(command -v direnv) dump" \
-   ${OFFLINE:+--option substituters ""}
-  # Unregister previous derivations
-  find .cache/nix-shell -mindepth 1 -maxdepth 1 -not -name "$hash" -exec rm -rf {} +
-  mv -f "$dump" .cache/nix-shell/"$hash"/dump
-  trap "" EXIT
-  # Load the cached environment
-  direnv_load cat .cache/nix-shell/"$hash"/dump
+  --run "$(join_args "$direnv" dump)" \
+   ${OFFLINE:+--option substituters ""} &&
+  mv -f "$dump" .cache/nix-shell/"$hash"/dump &&
+  find .cache/nix-shell -mindepth 1 -maxdepth 1 -not -name "$hash" -exec rm -rf {} + &&
+  direnv_load cat .cache/nix-shell/"$hash"/dump || {
+    rm -rf "$PWD/.cache/nix-shell/$hash"
+    log_error "cannot build shell.nix"
+    return 1
+  }
 fi

diff --git a/config/gitolite b/config/gitolite
index 679912ca101c07a1c064aee611f935fd96c95688..003cd2b6ae1642056c2127d0fd80761444039817 160000 (submodule)
--- a/config/gitolite
+++ b/config/gitolite
@@ -1 +1 @@
-Subproject commit 679912ca101c07a1c064aee611f935fd96c95688
+Subproject commit 003cd2b6ae1642056c2127d0fd80761444039817