pkgs: fix sfetch

bins/default.nix

@@ -1,8 +1,20 @@
 { pkgs, lib, isUnstable, ... }:
 let
+  gosignify = pkgs.callPackage ../pkgs/gosignify.nix { };
+
   ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; });
-  sfetch = pkgs.writeScriptBin "sfetch"
-    (import ./sfetch.nix { inherit (pkgs) minisign curl; });
   checkRestart = pkgs.writeScriptBin "check-restart"
     (import ./check-restart.nix { inherit (pkgs) perl; });
-in { environment.systemPackages = with pkgs; [ ix sfetch xclip checkRestart ]; }
+
+  sfetch = pkgs.writeScriptBin "sfetch"
+    (import ./sfetch.nix { inherit gosignify; inherit (pkgs) curl; });
+
+in {
+  environment.systemPackages = with pkgs; [ ix sfetch xclip checkRestart ];
+  environment.etc = {
+    "signify/openbsd-72-base.pub".text = builtins.readFile ./pubs/openbsd-72-base.pub;
+    "signify/openbsd-72-fw.pub".text = builtins.readFile ./pubs/openbsd-72-fw.pub;
+    "signify/openbsd-72-pkg.pub".text = builtins.readFile ./pubs/openbsd-72-pkg.pub;
+    "signify/openbsd-72-syspatch.pub".text = builtins.readFile ./pubs/openbsd-72-syspatch.pub;
+  };
+}

bins/pubs/openbsd-72-base.pub

@@ -0,0 +1,2 @@
+untrusted comment: openbsd 7.2 public key
+RWQTKNnK3CZZ8Lid7/kWPO1WxjEsTeuxiXbJSSg6RDir9OJmV+t7GrOo

bins/pubs/openbsd-72-fw.pub

@@ -0,0 +1,2 @@
+untrusted comment: OpenBSD 7.2 firmware public key
+RWRvwsB/ZxwZxiQBgNVhuCnEacKE1MhrcDX25jFccqaj0pxsY9oIPJq4

bins/pubs/openbsd-72-pkg.pub

@@ -0,0 +1,2 @@
+untrusted comment: OpenBSD 7.2 packages public key
+RWSyNc+EwQQo5bZ5XtDpnk0FUl8NrIl+Ocq4FV/5VTvP9rOgHzKEnBx0

bins/pubs/openbsd-72-syspatch.pub

@@ -0,0 +1,2 @@
+untrusted comment: OpenBSD 7.2 syspatch public key
+RWQuBB7PRAc2Zy+C7VAynLuan8WDVtQ9R4xLpl8yjf1zxfqEBRRJ+66w

bins/sfetch.nix

@@ -1,4 +1,4 @@
-{ minisign, curl }:
+{ curl, gosignify }:
 
 ''
     #!/usr/bin/env sh
@@ -8,16 +8,11 @@
     SERVER=cdn.openbsd.org
     ITEM=$1
     MACHINE=amd64
-    VER=snapshots
+    V=$(echo $ITEM | sed 's/[^0-9]//g')
-    V=7.1
     [[ ! -z $2 ]] && MACHINE=$2
-    if [[ ! -z $3 ]]; then
+    ${curl}/bin/curl -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/$ITEM" && \
-  	VER=$3
+    ${curl}/bin/curl -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/SHA256.sig"
-  	V=$(echo $VER | sed 's/\.//')
-    fi
-    ${curl}/bin/curl -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/$VER/$MACHINE/$ITEM" && \
-    ${curl}/bin/curl -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/$VER/$MACHINE/SHA256.sig"
 
-    ${minisign}/bin/minisign -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM"
+    ${gosignify}/bin/gosignify -C -p "/etc/signify/openbsd-$V-base.pub" -x SHA256.sig "$ITEM"
 
 ''

flake.nix

@@ -189,6 +189,9 @@
             inherit pkgs;
             isUnstable = true;
           };
+          gosignify = pkgs.callPackage ./pkgs/gosignify.nix {
+            inherit pkgs;
+          };
           zutty = pkgs.callPackage ./pkgs/zutty.nix {
             inherit pkgs;
             isUnstable = true;

pkgs/gosignify.nix

@@ -0,0 +1,24 @@
+{ lib, buildGo119Module, fetchFromGitHub, ... }:
+
+with lib;
+buildGo119Module rec {
+  pname = "gosignify";
+  version = "0.0.0-20210702013543-c91e79d30e91";
+
+  src = fetchFromGitHub {
+    owner = "frankbraun";
+    repo = pname;
+    rev = "c91e79d30e9115216a827222e07f44e9c4339ed2";
+    sha256 = "sha256-Ynmx6NUUQ5WEYFowuW/ELjV2ESOHqoOTVqdZ6CWt6LQ=";
+  };
+
+  vendorHash = null;
+  proxyVendor = false;
+
+  meta = {
+    description = "gosignify is a Go reimplementation of OpenBSD's signify";
+    homepage = "https://github.com/frankbraun/gosignify";
+    license = licenses.unlicense;
+    maintainers = with maintainers; [ qbit ];
+  };
+}