diff options
Diffstat (limited to 'pkgs/by-name/ta/tails-iso')
| -rw-r--r-- | pkgs/by-name/ta/tails-iso/package.nix | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/pkgs/by-name/ta/tails-iso/package.nix b/pkgs/by-name/ta/tails-iso/package.nix new file mode 100644 index 00000000..d790befd --- /dev/null +++ b/pkgs/by-name/ta/tails-iso/package.nix @@ -0,0 +1,88 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. +{ + stdenv, + fetchurl, + sequoia-sq, + libarchive, # for bsdtar +}: let + version = "7.8.1"; + + checked_iso = stdenv.mkDerivation (finalAttrs: { + pname = "tails-iso"; + version = "amd64-${version}"; + + srcs = [ + (fetchurl { + url = "https://tails.net/torrents/files/tails-${finalAttrs.version}.iso.sig"; + hash = "sha256-DQm+EHe0KllmzLQzGU61cqaRDNjhU3KUCtDzHKDwWck="; + }) + (fetchurl { + url = "https://download.tails.net/tails/stable/tails-${finalAttrs.version}/tails-${finalAttrs.version}.iso"; + hash = "sha256-Y4Sch1ZgWUODi9rxcXimVrFvicXPCN6SgLvINvJGcvw="; + }) + (fetchurl { + url = "https://tails.net/tails-signing.key"; + hash = "sha256-OwdqyM7o7K6F5Km0U1RU3hzsnaT+Yw0sjQk/thMeq1k="; + }) + ]; + + dontUnpack = true; + + nativeBuildInputs = [ + sequoia-sq + ]; + + buildPhase = + /* + bash + */ + '' + for src in $srcs; do + cp --recursive "$src" "$(stripHash "$src")" + done + + sq verify \ + --signer-file=tails-signing.key \ + --signature-file=tails-${finalAttrs.version}.iso.sig \ + tails-${finalAttrs.version}.iso + ''; + + installPhase = '' + cp tails-${finalAttrs.version}.iso "$out"; + ''; + }); +in + stdenv.mkDerivation { + name = "live_iso_boot_entry"; + + src = checked_iso; + + dontUnpack = true; + + nativeBuildInputs = [ + libarchive + ]; + + buildPhase = '' + mkdir iso + bsdtar -xf "$src" -C iso + ''; + + passthru = { + inherit version; + }; + + installPhase = '' + install -D ./iso/live/initrd.img "$out/live/initrd.img" + install -D ./iso/live/vmlinuz "$out/live/vmlinuz" + install -D ./iso/live/filesystem.squashfs "$out/live/filesystem.squashfs" + ''; + } |