firefox-bin: Add gpg verification to updater (#22270)
This commit is contained in:
parent
4129697445
commit
a21455d989
3 changed files with 77 additions and 5 deletions
|
@ -43,6 +43,7 @@
|
|||
, coreutils
|
||||
, gnused
|
||||
, gnugrep
|
||||
, gnupg
|
||||
}:
|
||||
|
||||
assert stdenv.isLinux;
|
||||
|
@ -173,7 +174,7 @@ stdenv.mkDerivation {
|
|||
|
||||
passthru.ffmpegSupport = true;
|
||||
passthru.updateScript = import ./update.nix {
|
||||
inherit name writeScript xidel coreutils gnused gnugrep curl;
|
||||
inherit name writeScript xidel coreutils gnused gnugrep gnupg curl;
|
||||
};
|
||||
meta = with stdenv.lib; {
|
||||
description = "Mozilla Firefox, free web browser (binary package)";
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQINBFWpQAQBEAC+9wVlwGLy8ILCybLesuB3KkHHK+Yt1F1PJaI30X448ttGzxCz
|
||||
PQpH6BoA73uzcTReVjfCFGvM4ij6qVV2SNaTxmNBrL1uVeEUsCuGduDUQMQYRGxR
|
||||
tWq5rCH48LnltKPamPiEBzrgFL3i5bYEUHO7M0lATEknG7Iaz697K/ssHREZfuuc
|
||||
B4GNxXMgswZ7GTZO3VBDVEw5GwU3sUvww93TwMC29lIPCux445AxZPKr5sOVEsEn
|
||||
dUB2oDMsSAoS/dZcl8F4otqfR1pXg618cU06omvq5yguWLDRV327BLmezYK0prD3
|
||||
P+7qwEp8MTVmxlbkrClS5j5pR47FrJGdyupNKqLzK+7hok5kBxhsdMsdTZLd4tVR
|
||||
jXf04isVO3iFFf/GKuwscOi1+ZYeB3l3sAqgFUWnjbpbHxfslTmo7BgvmjZvAH5Z
|
||||
asaewF3wA06biCDJdcSkC9GmFPmN5DS5/Dkjwfj8+dZAttuSKfmQQnypUPaJ2sBu
|
||||
blnJ6INpvYgsEZjV6CFG1EiDJDPu2Zxap8ep0iRMbBBZnpfZTn7SKAcurDJptxin
|
||||
CRclTcdOdi1iSZ35LZW0R2FKNnGL33u1IhxU9HRLw3XuljXCOZ84RLn6M+PBc1eZ
|
||||
suv1TA+Mn111yD3uDv/u/edZ/xeJccF6bYcMvUgRRZh0sgZ0ZT4b0Q6YcQARAQAB
|
||||
tC9Nb3ppbGxhIFNvZnR3YXJlIFJlbGVhc2VzIDxyZWxlYXNlQG1vemlsbGEuY29t
|
||||
PokCOAQTAQIAIgUCValABAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
|
||||
Ybe1JtmPA1NQqg//Rr6/V7uLqrIwx0UFknyNJasRJZhUkYxdGsLD18zO0Na8Ve3Q
|
||||
sYpOC3ojpqaFUzpqm6KNv8eXfd/Ku7j3WGr9kPkbjZNghvy6V5Lva4JkxO6LMxKk
|
||||
JYqiqF2o1Gfda8NfcK08GFy4C0L8zNwlADvmdMo4382tmHNGbTTft7BeVaRrE9xW
|
||||
9eGmGQ2jYOsjxb5MsadAdZUuK8IC95ZHlUDR3gH9KqhfbQWp5Bo924Kiv+f2JUzN
|
||||
rrG98eOm1Qb8F9rePzZ2DOYRJyOe4p8Gpl+kojCXNntkJgcwJ1a1yRE6wy9RzpeB
|
||||
lCeoQuLS92MNne+deQZUskTZFoYXUadf6vbdfqL0nuPCKdl9lhef1QNwE30IRymt
|
||||
6fhJCFffFQjGdeMfSiCHgcI8ichQbrzhBCGGR3bAHan9c2EbQ+puqG3Aa0YjX6Db
|
||||
GJjWOI6A61bqSPepLCMVaXqV2mZEIaZWdZkOHjnRrU6CJdXG/+D4m1YBZwYM60eJ
|
||||
kNu4eMMwMFnRsHiWf7bhqKptwuk8HyIGp2o4j8iqrFRVJEbK/ctdhA3H1AlKug9f
|
||||
NrfwCfqhNCSBju97V03U26j04JMn9nrZ2UEGbpty+8ONTb38WX5/oC61BgwV8Ki4
|
||||
6Lwyb7fImUzz8jE83pjh7s3+NCKvvbH+VfT12f+V/fsphN3EwGwJPTC3fX25Ag0E
|
||||
ValA9AEQAK/z677fpoVUj4zQz0g60wVWf+1y2lGb8iFYICmvrJyaEra5SRkyihYA
|
||||
1WmEzhN4T//tHw3UIfe646+GkY3eIQW2jY9DM2XaElmMN8k/v54nbn5oD7rNEyCT
|
||||
FTvCOq5d74HH1vw96Lzay1vy45E7jPWvqfg9Se8KAnzElohTJjizyhU+0QbmPHnQ
|
||||
lY8gOkT/SvRo9bFEUnqjWh0fRq+K1tdLPhcFB1scc25iFqh9IAKUGDur8jQ+SDHC
|
||||
jgQlkFOg3rbqtaUOnVHPohfrBM90ZNwuneFgQY7ZFSUidCimp/EN4CXnzgjDYXUU
|
||||
A42S8G86+G4KAJC22gRQo4mcVmehwHTH0glfLmUK7TEu29A1KWNL3R/R7Zdyajjp
|
||||
CvUaK2A0Abj3ZE2BSDbJrVlbBVfy5kfPdZjhd3wUWqFaDHiVcImcjZRWPncllhcy
|
||||
6fhqEy3ELZrkezpJjnARsVkij3GXz6oX+HVULne2w0dkTXydR6muZI/GeNtrLHmA
|
||||
8B3/0/TllmLy8ChmYZVIKZ8zt1ghq3f+hFTXgtZil7eBewZgA6L+EXXK6dZj14lb
|
||||
e6CMS2kungTX9stU1s42I+WRbiqiLpAxCX6qcLBOWrJwsOep2nvu5bhrPHptSfRh
|
||||
F4Vs1xteVFckCWhcLgdYi/Je1XBEM+AAVa0k1FiywCg7MqlG6toLABEBAAGJBEQE
|
||||
GAECAA8FAlWpQPQCGwIFCQPCZwACKQkQYbe1JtmPA1PBXSAEGQECAAYFAlWpQPQA
|
||||
CgkQHGnE5V6ZBdsvxQ/6A62ZteN0b/TVfSJ51SdG66amwe2rpRX4UdSw7ifxo3qh
|
||||
gEICQmXR5c09qXwl17MFJWM3FhGrbxnA5KGgeWGtqrPup4QZPKU+l2Ea2QLSJSiB
|
||||
q5QqqEgZvR14Lhr/hCGhBAq9s/xbp8fbKNJj/uWiZ+uTPbt5T5rgKJ4+g3B6DNO1
|
||||
rH7F70OLrd32mxZs4pSxngHRAyiMPB59yQVDsVMha0JTqC+P96itUzvnInc/9mwE
|
||||
0EMiBtpDTkoBwbJVPnuv+7FjkOLn5s5u3RLH9fe8z1xnV0fPC0/ndrlNiuBpAn3z
|
||||
VCsWasvW18Vz8K+CQY8Sw0Jw75edBgFoz2QMFxHfDpMJefvMadB7mdte1lKk/Im9
|
||||
KFFH8Idh9b6zD0a/+Ooujukx6QpFfAVhe2sT2CIm2nmMAuAZI2cCt7SC+REn9n9M
|
||||
SuIWxN8YTE3qgAUB6F3ea0O0hGlLl+z5UOfX0bNAs+ebx/P6PczJtDzeqpmRb0QX
|
||||
qo55JWXLvmXT/fgjF7fNTTLsyCtV+xH6ZFKGpvGJGJMHApEbz2a0hy12RZH58eI1
|
||||
ueN3Tzn8nI57+oYSsqFw/QgcdGXDonLGJsPVzIpQRg92/GXSukWF+MsCjVOilHRS
|
||||
Y1wfPPmJ7+kMQ4rdXpjAhwNYJc1ff5N+omCxCKoFgYsCXlFCHFKs4JwRbTdd3Mku
|
||||
qBAAlBlIjym8NyJIBltfWckuhQTX4BiBltGPNga9CpQsml519EePuLtoe5H0fTUp
|
||||
4UYbL0ZzyJImQE2uw/hMNZ36bA057YtHOoP4FcPUwv6wsl5JC87UR1XFhAXb5xSU
|
||||
0qdi3hWh0hm772X6CBlM8lM6GtT/fDZkSGNXMQaIs1X/O9vf8wGg+HwLJcaCvybI
|
||||
4w7w1K0R7WjWZlJXutCZf8hRc0d88W/qSZYooKD9q2S7foqaJhySIaF11sH5ETvV
|
||||
P3oCfGVIVhKWb0Tp2jXPXlXLeRAQA8S+4B1o5XHiM+J3SNXhPQHRGQ3VGcDn45it
|
||||
g3F4xQX2Qvo4SV42NMYd6TykM/dIfQyJDOVg3CT3+nqfjCknf94SNvyZprHEPmpc
|
||||
DeseoPMw8kjKNwDwPXFLxBRntPgnqVXDcNN41OH2kqx4jF7FLlRmwNpB2mFVH8xe
|
||||
VuRm7h2WZRsaEoqvivhzRtESVA2um5Eg763CVTcNYlK6MD/iy8JzbMuZBrlOHr58
|
||||
HKDdcOy1W0z2quESGoqrwA995IgPav/1DSpyuJPNc/oUTWlhpYshqYKoflezAyKj
|
||||
30+UzC3R/mY03ri6zUvCgXHNgZlKUsM3VEXk6h5oDuaXniHLLzuxjTBVrILnGYgH
|
||||
SFRP80L/knz+o4Uvq4wj7NHnruc5fP1foFxRNsMt40yRJfU=
|
||||
=D+jC
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -5,8 +5,9 @@
|
|||
, gnused
|
||||
, gnugrep
|
||||
, curl
|
||||
, gnupg
|
||||
, baseName ? "firefox"
|
||||
, basePath ? "pkgs/applications/networking/browsers/firefox-bin"
|
||||
, basePath ? "pkgs/applications/networking/browsers/firefox-bin"
|
||||
, baseUrl ? "http://archive.mozilla.org/pub/firefox/releases/"
|
||||
}:
|
||||
|
||||
|
@ -14,10 +15,13 @@ let
|
|||
version = (builtins.parseDrvName name).version;
|
||||
isBeta = builtins.stringLength version + 1 == builtins.stringLength (builtins.replaceStrings ["b"] ["bb"] version);
|
||||
in writeScript "update-${baseName}-bin" ''
|
||||
PATH=${coreutils}/bin:${gnused}/bin:${gnugrep}/bin:${xidel}/bin:${curl}/bin
|
||||
|
||||
PATH=${coreutils}/bin:${gnused}/bin:${gnugrep}/bin:${xidel}/bin:${curl}/bin:${gnupg}/bin
|
||||
set -eux
|
||||
pushd ${basePath}
|
||||
|
||||
HOME=`mktemp -d`
|
||||
cat ${./firefox.key} | gpg2 --import
|
||||
|
||||
tmpfile=`mktemp`
|
||||
url=${baseUrl}
|
||||
|
||||
|
@ -39,8 +43,12 @@ in writeScript "update-${baseName}-bin" ''
|
|||
grep -e "${if isBeta then "b" else ""}\([[:digit:]]\|[[:digit:]][[:digit:]]\)$" | ${if isBeta then "" else "grep -v \"b\" |"} \
|
||||
tail -1`
|
||||
|
||||
curl --silent -o $HOME/shasums "$url$version/SHA512SUMS"
|
||||
curl --silent -o $HOME/shasums.asc "$url$version/SHA512SUMS.asc"
|
||||
gpgv2 --keyring=$HOME/.gnupg/pubring.kbx $HOME/shasums.asc $HOME/shasums
|
||||
|
||||
# this is a list of sha512 and tarballs for both arches
|
||||
shasums=`curl --silent $url$version/SHA512SUMS`
|
||||
shasums=`cat $HOME/shasums`
|
||||
|
||||
cat > $tmpfile <<EOF
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue