pkgs: fix sfetch

2022-10-17 09:59:32 -06:00 · 2022-10-17 09:59:32 -06:00 · 02e4a50735
commit 02e4a50735
parent 128b1e204c
8 changed files with 55 additions and 13 deletions
--- a/bins/default.nix
+++ b/bins/default.nix
@ -1,8 +1,20 @@
 { pkgs, lib, isUnstable, ... }:
 let
+  gosignify = pkgs.callPackage ../pkgs/gosignify.nix { };
+
  ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
-  sfetch = pkgs.writeScriptBin "sfetch"
-    (import ./sfetch.nix { inherit (pkgs) minisign curl; });
  checkRestart = pkgs.writeScriptBin "check-restart"
    (import ./check-restart.nix { inherit (pkgs) perl; });
-in { environment.systemPackages = with pkgs; [ ix sfetch xclip checkRestart ]; }
+
+  sfetch = pkgs.writeScriptBin "sfetch"
+    (import ./sfetch.nix { inherit gosignify; inherit (pkgs) curl; });
+
+in {
+  environment.systemPackages = with pkgs; [ ix sfetch xclip checkRestart ];
+  environment.etc = {
+    "signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub;
+    "signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub;
+    "signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub;
+    "signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub;
+  };
+}
--- a/bins/pubs/openbsd-72-base.pub
+++ b/bins/pubs/openbsd-72-base.pub
@ -0,0 +1,2 @@
+untrusted comment: openbsd 7.2 public key
+RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo
--- a/bins/pubs/openbsd-72-fw.pub
+++ b/bins/pubs/openbsd-72-fw.pub
@ -0,0 +1,2 @@
+untrusted comment: OpenBSD 7.2 firmware public key
+RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4
--- a/bins/pubs/openbsd-72-pkg.pub
+++ b/bins/pubs/openbsd-72-pkg.pub
@ -0,0 +1,2 @@
+untrusted comment: OpenBSD 7.2 packages public key
+RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0
--- a/bins/pubs/openbsd-72-syspatch.pub
+++ b/bins/pubs/openbsd-72-syspatch.pub
@ -0,0 +1,2 @@
+untrusted comment: OpenBSD 7.2 syspatch public key
+RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w
--- a/bins/sfetch.nix
+++ b/bins/sfetch.nix
@ -1,4 +1,4 @@
-{ minisign, curl }:
+{ curl, gosignify }:

 ''
    #!/usr/bin/env sh
@ -8,16 +8,11 @@
    SERVER=cdn.openbsd.org
    ITEM=$1
    MACHINE=amd64
-    VER=snapshots
-    V=7.1
+    V=$(echo $ITEM | sed 's/[^0-9]//g')
    [[ ! -z $2 ]] && MACHINE=$2
-    if [[ ! -z $3 ]]; then
-  	VER=$3
-  	V=$(echo $VER | sed 's/\.//')
-    fi
-    ${curl}/bin/curl -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/$VER/$MACHINE/$ITEM" && \
-    ${curl}/bin/curl -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/$VER/$MACHINE/SHA256.sig"
+    ${curl}/bin/curl -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/$ITEM" && \
+    ${curl}/bin/curl -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/SHA256.sig"

-    ${minisign}/bin/minisign -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM"
+    ${gosignify}/bin/gosignify -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM"

 ''
--- a/flake.nix
+++ b/flake.nix
@ -189,6 +189,9 @@
            inherit pkgs;
            isUnstable = true;
          };
+          gosignify = pkgs.callPackage ./pkgs/gosignify.nix {
+            inherit pkgs;
+          };
          zutty = pkgs.callPackage ./pkgs/zutty.nix {
            inherit pkgs;
            isUnstable = true;
--- a/pkgs/gosignify.nix
+++ b/pkgs/gosignify.nix
@ -0,0 +1,24 @@
+{ lib, buildGo119Module, fetchFromGitHub, ... }:
+
+with lib;
+buildGo119Module rec {
+  pname = "gosignify";
+  version = "0.0.0-20210702013543-c91e79d30e91";
+
+  src = fetchFromGitHub {
+    owner = "frankbraun";
+    repo = pname;
+    rev = "c91e79d30e9115216a827222e07f44e9c4339ed2";
+    sha256 = "sha256-Ynmx6NUUQ5WEYFowuW/ELjV2ESOHqoOTVqdZ6CWt6LQ=";
+  };
+
+  vendorHash = null;
+  proxyVendor = false;
+
+  meta = {
+    description = "gosignify is a Go reimplementation of OpenBSD's signify";
+    homepage = "https://github.com/frankbraun/gosignify";
+    license = licenses.unlicense;
+    maintainers = with maintainers; [ qbit ];
+  };
+}