aboutsummaryrefslogtreecommitdiffstats
path: root/modules/by-name/bo/boot/tails_iso.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/by-name/bo/boot/tails_iso.nix')
-rw-r--r--modules/by-name/bo/boot/tails_iso.nix78
1 files changed, 78 insertions, 0 deletions
diff --git a/modules/by-name/bo/boot/tails_iso.nix b/modules/by-name/bo/boot/tails_iso.nix
new file mode 100644
index 00000000..ec2b740b
--- /dev/null
+++ b/modules/by-name/bo/boot/tails_iso.nix
@@ -0,0 +1,78 @@
+# nixos-config - My current NixOS configuration
+#
+# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de>
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# This file is part of my nixos-config.
+#
+# You should have received a copy of the License along with this program.
+# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.
+{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: let
+ checked_iso = pkgs.stdenv.mkDerivation (finalAttrs: {
+ pname = "tails-iso";
+ version = "amd64-7.8";
+
+ srcs = [
+ (pkgs.fetchurl {
+ url = "https://tails.net/torrents/files/tails-${finalAttrs.version}.iso.sig";
+ hash = "sha256-58vDQdXQYYqeVUHzupmDPtVVpSrxtT25+gwHe2OfvkA=";
+ })
+ (pkgs.fetchurl {
+ url = "https://download.tails.net/tails/stable/tails-${finalAttrs.version}/tails-${finalAttrs.version}.iso";
+ hash = "sha256-ewLHQ+3iI3aHgvKdBgysQ9QAudQ7AM83WP+VdYFmxt0=";
+ })
+ (pkgs.fetchurl {
+ url = "https://tails.net/tails-signing.key";
+ hash = "sha256-OwdqyM7o7K6F5Km0U1RU3hzsnaT+Yw0sjQk/thMeq1k=";
+ })
+ ];
+
+ dontUnpack = true;
+
+ nativeBuildInputs = [
+ pkgs.sequoia-sq
+ ];
+
+ buildPhase =
+ /*
+ bash
+ */
+ ''
+ for src in $srcs; do
+ cp --recursive "$src" "$(stripHash "$src")"
+ done
+
+ sq verify \
+ --signer-file=tails-signing.key \
+ --signature-file=tails-${finalAttrs.version}.iso.sig \
+ tails-${finalAttrs.version}.iso
+ '';
+
+ installPhase = ''
+ cp tails-${finalAttrs.version}.iso "$out";
+ '';
+ });
+in
+ pkgs.stdenv.mkDerivation {
+ name = "live_iso_boot_entry";
+
+ src = checked_iso;
+
+ dontUnpack = true;
+
+ nativeBuildInputs = with pkgs; [
+ libarchive # for bsdtar
+ ];
+
+ buildPhase = ''
+ mkdir iso
+ bsdtar -xf "$src" -C iso
+ '';
+
+ installPhase = ''
+ install -D ./iso/live/initrd.img "$out/live/initramfs-linux.img"
+ install -D ./iso/live/vmlinuz "$out/live/vmlinuz-linux"
+
+ install -D "$src" "$out/tails.iso"
+ '';
+ }
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-31 23:28:46 +0000