aboutsummaryrefslogtreecommitdiffstats
path: root/pkgs/by-name/ta/tails-iso/package.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/by-name/ta/tails-iso/package.nix')
-rw-r--r--pkgs/by-name/ta/tails-iso/package.nix88
1 files changed, 88 insertions, 0 deletions
diff --git a/pkgs/by-name/ta/tails-iso/package.nix b/pkgs/by-name/ta/tails-iso/package.nix
new file mode 100644
index 00000000..b74e4023
--- /dev/null
+++ b/pkgs/by-name/ta/tails-iso/package.nix
@@ -0,0 +1,88 @@
+# nixos-config - My current NixOS configuration
+#
+# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de>
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# This file is part of my nixos-config.
+#
+# You should have received a copy of the License along with this program.
+# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.
+{
+ stdenv,
+ fetchurl,
+ sequoia-sq,
+ libarchive, # for bsdtar
+}: let
+ files = builtins.fromJSON (builtins.readFile (./files.json));
+
+ checked_iso = stdenv.mkDerivation (finalAttrs: {
+ pname = "tails-iso";
+ version = "amd64-${files.version}";
+
+ srcs = [
+ (fetchurl {
+ url = "https://tails.net/torrents/files/tails-${finalAttrs.version}.iso.sig";
+ hash = files.files."iso.sig";
+ })
+ (fetchurl {
+ url = "https://download.tails.net/tails/stable/tails-${finalAttrs.version}/tails-${finalAttrs.version}.iso";
+ hash = files.files."iso";
+ })
+ (fetchurl {
+ url = "https://tails.net/tails-signing.key";
+ hash = "sha256-OwdqyM7o7K6F5Km0U1RU3hzsnaT+Yw0sjQk/thMeq1k=";
+ })
+ ];
+
+ dontUnpack = true;
+
+ nativeBuildInputs = [
+ sequoia-sq
+ ];
+
+ buildPhase =
+ /*
+ bash
+ */
+ ''
+ for src in $srcs; do
+ cp --recursive "$src" "$(stripHash "$src")"
+ done
+
+ sq verify \
+ --signer-file=tails-signing.key \
+ --signature-file=tails-${finalAttrs.version}.iso.sig \
+ tails-${finalAttrs.version}.iso
+ '';
+
+ installPhase = ''
+ cp tails-${finalAttrs.version}.iso "$out";
+ '';
+ });
+in
+ stdenv.mkDerivation {
+ name = "live_iso_boot_entry";
+
+ src = checked_iso;
+
+ dontUnpack = true;
+
+ nativeBuildInputs = [
+ libarchive
+ ];
+
+ buildPhase = ''
+ mkdir iso
+ bsdtar -xf "$src" -C iso
+ '';
+
+ passthru = {
+ inherit (files) version;
+ };
+
+ installPhase = ''
+ install -D ./iso/live/initrd.img "$out/live/initrd.img"
+ install -D ./iso/live/vmlinuz "$out/live/vmlinuz"
+ install -D ./iso/live/filesystem.squashfs "$out/live/filesystem.squashfs"
+ '';
+ }
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-08 12:29:50 +0000