diff --git a/bins/default.nix b/bins/default.nix index 7163b35..9c52f16 100644 --- a/bins/default.nix +++ b/bins/default.nix @@ -4,6 +4,16 @@ , ... }: let + mkPubs = ver: { + "signify/openbsd-${toString ver}-base.pub".text = + builtins.readFile ./pubs/openbsd-${toString ver}-base.pub; + "signify/openbsd-${toString ver}-fw.pub".text = + builtins.readFile ./pubs/openbsd-${toString ver}-fw.pub; + "signify/openbsd-${toString ver}-pkg.pub".text = + builtins.readFile ./pubs/openbsd-${toString ver}-pkg.pub; + "signify/openbsd-${toString ver}-syspatch.pub".text = + builtins.readFile ./pubs/openbsd-${toString ver}-syspatch.pub; + }; gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; }; ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; }); @@ -34,50 +44,9 @@ in ] ++ (if config.services.postgresql.enable then [ upgrade-pg ] else [ ]); - environment.etc = { - "signify/openbsd-70-base.pub".text = - builtins.readFile ./pubs/openbsd-70-base.pub; - "signify/openbsd-70-fw.pub".text = - builtins.readFile ./pubs/openbsd-70-fw.pub; - "signify/openbsd-70-pkg.pub".text = - builtins.readFile ./pubs/openbsd-70-pkg.pub; - "signify/openbsd-70-syspatch.pub".text = - builtins.readFile ./pubs/openbsd-70-syspatch.pub; - - "signify/openbsd-71-base.pub".text = - builtins.readFile ./pubs/openbsd-71-base.pub; - "signify/openbsd-71-fw.pub".text = - builtins.readFile ./pubs/openbsd-71-fw.pub; - "signify/openbsd-71-pkg.pub".text = - builtins.readFile ./pubs/openbsd-71-pkg.pub; - "signify/openbsd-71-syspatch.pub".text = - builtins.readFile ./pubs/openbsd-71-syspatch.pub; - - "signify/openbsd-72-base.pub".text = - builtins.readFile ./pubs/openbsd-72-base.pub; - "signify/openbsd-72-fw.pub".text = - builtins.readFile ./pubs/openbsd-72-fw.pub; - "signify/openbsd-72-pkg.pub".text = - builtins.readFile ./pubs/openbsd-72-pkg.pub; - "signify/openbsd-72-syspatch.pub".text = - builtins.readFile ./pubs/openbsd-72-syspatch.pub; - - "signify/openbsd-73-base.pub".text = - builtins.readFile ./pubs/openbsd-73-base.pub; - "signify/openbsd-73-fw.pub".text = - builtins.readFile ./pubs/openbsd-73-fw.pub; - "signify/openbsd-73-pkg.pub".text = - builtins.readFile ./pubs/openbsd-73-pkg.pub; - "signify/openbsd-73-syspatch.pub".text = - builtins.readFile ./pubs/openbsd-73-syspatch.pub; - - "signify/openbsd-74-base.pub".text = - builtins.readFile ./pubs/openbsd-74-base.pub; - "signify/openbsd-74-fw.pub".text = - builtins.readFile ./pubs/openbsd-74-fw.pub; - "signify/openbsd-74-pkg.pub".text = - builtins.readFile ./pubs/openbsd-74-pkg.pub; - "signify/openbsd-74-syspatch.pub".text = - builtins.readFile ./pubs/openbsd-74-syspatch.pub; - }; + environment.etc = + (mkPubs 72) // + (mkPubs 73) // + (mkPubs 74) // + (mkPubs 75); } diff --git a/bins/pubs/openbsd-75-base.pub b/bins/pubs/openbsd-75-base.pub new file mode 100644 index 0000000..77054fe --- /dev/null +++ b/bins/pubs/openbsd-75-base.pub @@ -0,0 +1,2 @@ +untrusted comment: openbsd 7.5 base public key +RWRGj1pRpprAfgeF/rgld4ubduChLvTkigA1Zj7WLDsVA4qfYSWOEI8q diff --git a/bins/pubs/openbsd-75-fw.pub b/bins/pubs/openbsd-75-fw.pub new file mode 100644 index 0000000..e90549d --- /dev/null +++ b/bins/pubs/openbsd-75-fw.pub @@ -0,0 +1,2 @@ +untrusted comment: OpenBSD 7.5 firmware public key +RWQ6EsXr4NMYvyLICug3dLHfmbpXlVasF1jbt3GVNQsosgB5+PgaufBu diff --git a/bins/pubs/openbsd-75-pkg.pub b/bins/pubs/openbsd-75-pkg.pub new file mode 100644 index 0000000..5ec5dd8 --- /dev/null +++ b/bins/pubs/openbsd-75-pkg.pub @@ -0,0 +1,2 @@ +untrusted comment: OpenBSD 7.5 packages public key +RWS/sEFDvf+rjUmS1WROzxH05pB1kB7JRRq76DUGUhCE0Ks8AdpjP5pD diff --git a/bins/pubs/openbsd-75-syspatch.pub b/bins/pubs/openbsd-75-syspatch.pub new file mode 100644 index 0000000..0a8683f --- /dev/null +++ b/bins/pubs/openbsd-75-syspatch.pub @@ -0,0 +1,2 @@ +untrusted comment: OpenBSD 7.5 syspatch public key +RWRAAZC5WcFgn+8b5msDR+yDVCx4ziLaSQI2sy7e4GFY42nFW9p7mP2t diff --git a/bins/sfetch.nix b/bins/sfetch.nix index 550ffa1..97cae12 100644 --- a/bins/sfetch.nix +++ b/bins/sfetch.nix @@ -9,7 +9,7 @@ SERVER=cdn.openbsd.org ITEM=$1 MACHINE=''${2:-amd64} - V="73" + V="$(echo $ITEM | sed 's/[^0-9]*//g')" [[ ! -z $2 ]] && MACHINE=$2 ${curl}/bin/curl -s -o "$PWD/$ITEM" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/$ITEM" && \ ${curl}/bin/curl -s -o "$PWD/SHA256.sig" "https://$SERVER/pub/OpenBSD/snapshots/$MACHINE/SHA256.sig"