diff --git a/bins/default.nix b/bins/default.nix index ca5bcc3..432b2dd 100644 --- a/bins/default.nix +++ b/bins/default.nix @@ -1,8 +1,20 @@ { pkgs, lib, isUnstable, ... }: let + gosignify = pkgs.callPackage ../pkgs/gosignify.nix { }; + ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; }); - sfetch = pkgs.writeScriptBin "sfetch" - (import ./sfetch.nix { inherit (pkgs) minisign curl; }); checkRestart = pkgs.writeScriptBin "check-restart" (import ./check-restart.nix { inherit (pkgs) perl; }); -in { environment.systemPackages = with pkgs; [ ix sfetch xclip checkRestart ]; } + + sfetch = pkgs.writeScriptBin "sfetch" + (import ./sfetch.nix { inherit gosignify; inherit (pkgs) curl; }); + +in { + environment.systemPackages = with pkgs; [ ix sfetch xclip checkRestart ]; + environment.etc = { + "signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub; + "signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub; + "signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub; + "signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub; + }; +} diff --git a/bins/pubs/openbsd-72-base.pub b/bins/pubs/openbsd-72-base.pub new file mode 100644 index 0000000..6e7d2e2 --- /dev/null +++ b/bins/pubs/openbsd-72-base.pub @@ -0,0 +1,2 @@ +untrusted comment: openbsd 7.2 public key +RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo diff --git a/bins/pubs/openbsd-72-fw.pub b/bins/pubs/openbsd-72-fw.pub new file mode 100644 index 0000000..8d0a660 --- /dev/null +++ b/bins/pubs/openbsd-72-fw.pub @@ -0,0 +1,2 @@ +untrusted comment: OpenBSD 7.2 firmware public key +RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4 diff --git a/bins/pubs/openbsd-72-pkg.pub b/bins/pubs/openbsd-72-pkg.pub new file mode 100644 index 0000000..2f0ed51 --- /dev/null +++ b/bins/pubs/openbsd-72-pkg.pub @@ -0,0 +1,2 @@ +untrusted comment: OpenBSD 7.2 packages public key +RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0 diff --git a/bins/pubs/openbsd-72-syspatch.pub b/bins/pubs/openbsd-72-syspatch.pub new file mode 100644 index 0000000..12cba1d --- /dev/null +++ b/bins/pubs/openbsd-72-syspatch.pub @@ -0,0 +1,2 @@ +untrusted comment: OpenBSD 7.2 syspatch public key +RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w diff --git a/bins/sfetch.nix b/bins/sfetch.nix index 261d04c..3d139bb 100644 --- a/bins/sfetch.nix +++ b/bins/sfetch.nix @@ -1,4 +1,4 @@ -{ minisign, curl }: +{ curl, gosignify }: '' #!/usr/bin/env sh @@ -8,16 +8,11 @@ SERVER=cdn.openbsd.org ITEM=$1 MACHINE=amd64 - VER=snapshots - V=7.1 + V=$(echo $ITEM | sed 's/[^0-9]//g') [[ ! -z $2 ]] && MACHINE=$2 - if [[ ! -z $3 ]]; then - VER=$3 - V=$(echo $VER | sed 's/\.//') - fi - ${curl}/bin/curl -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/$VER/$MACHINE/$ITEM" && \ - ${curl}/bin/curl -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/$VER/$MACHINE/SHA256.sig" + ${curl}/bin/curl -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/$ITEM" && \ + ${curl}/bin/curl -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/SHA256.sig" - ${minisign}/bin/minisign -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM" + ${gosignify}/bin/gosignify -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM" '' diff --git a/flake.nix b/flake.nix index c9b2fab..f6bf11f 100644 --- a/flake.nix +++ b/flake.nix @@ -189,6 +189,9 @@ inherit pkgs; isUnstable = true; }; + gosignify = pkgs.callPackage ./pkgs/gosignify.nix { + inherit pkgs; + }; zutty = pkgs.callPackage ./pkgs/zutty.nix { inherit pkgs; isUnstable = true; diff --git a/pkgs/gosignify.nix b/pkgs/gosignify.nix new file mode 100644 index 0000000..c9f1640 --- /dev/null +++ b/pkgs/gosignify.nix @@ -0,0 +1,24 @@ +{ lib, buildGo119Module, fetchFromGitHub, ... }: + +with lib; +buildGo119Module rec { + pname = "gosignify"; + version = "0.0.0-20210702013543-c91e79d30e91"; + + src = fetchFromGitHub { + owner = "frankbraun"; + repo = pname; + rev = "c91e79d30e9115216a827222e07f44e9c4339ed2"; + sha256 = "sha256-Ynmx6NUUQ5WEYFowuW/ELjV2ESOHqoOTVqdZ6CWt6LQ="; + }; + + vendorHash = null; + proxyVendor = false; + + meta = { + description = "gosignify is a Go reimplementation of OpenBSD's signify"; + homepage = "https://github.com/frankbraun/gosignify"; + license = licenses.unlicense; + maintainers = with maintainers; [ qbit ]; + }; +}