diff options
author | Pavol Rusnak <pavol@rusnak.io> | 2024-03-17 22:33:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-17 22:33:31 +0100 |
commit | 2862623f021a0e2426c5e846b33073a6d5eb8cfb (patch) | |
tree | 05ae6cc2d3ecb249d0e1495e4215b458e65e3668 | |
parent | 54aa6db4bfd93b16b0fead533e0ea208e151b052 (diff) | |
parent | 6b9d1705822b303c5f078880759555437ed8b5ff (diff) | |
download | nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.tar nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.tar.gz nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.tar.bz2 nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.tar.lz nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.tar.xz nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.tar.zst nixlib-2862623f021a0e2426c5e846b33073a6d5eb8cfb.zip |
Merge pull request #296694 from amozeo/update-electrum-updater
electrum: updater: use keys from source github repository
-rw-r--r-- | pkgs/applications/misc/electrum/update.nix | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/pkgs/applications/misc/electrum/update.nix b/pkgs/applications/misc/electrum/update.nix index 7a0fb8fd3eb6..509a64378088 100644 --- a/pkgs/applications/misc/electrum/update.nix +++ b/pkgs/applications/misc/electrum/update.nix @@ -4,6 +4,7 @@ , bash , coreutils , curl +, fetchurl , gnugrep , gnupg , gnused @@ -13,7 +14,22 @@ let downloadPageUrl = "https://download.electrum.org"; - signingKeys = ["6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6"]; + signingKeys = lib.lists.map fetchurl [ + { + url = "https://github.com/spesmilo/electrum/raw/master/pubkeys/Emzy.asc"; + hash = "sha256-QG0cM6AKlSKFacVlhcso/xvrooUdF7oqoppyezt0hjE="; + } + { + url = "https://github.com/spesmilo/electrum/raw/master/pubkeys/ThomasV.asc"; + hash = "sha256-37ApVZlI+2EevxQIKXVKVpktt1Ls3UbWq4dfio2ORdo="; + } + { + url = "https://github.com/spesmilo/electrum/raw/master/pubkeys/sombernight_releasekey.asc"; + hash = "sha256-GgdPJ9TB5hh5SPCcTZURfqXkrU4qwl0dCci52V/wpdQ="; + } + ]; + + gpgImportPaths = lib.concatStringsSep " " signingKeys; in writeScript "update-electrum" '' @@ -48,7 +64,7 @@ sigFile=$srcFile.asc export GNUPGHOME=$PWD/gnupg mkdir -m 700 -p "$GNUPGHOME" -gpg --batch --recv-keys ${lib.concatStringsSep " " (map (x: "'${x}'") signingKeys)} +gpg --batch --import ${gpgImportPaths} gpg --batch --verify "$sigFile" "$srcFile" sha256=$(nix-prefetch-url --type sha256 "file://$PWD/$srcFile") |