pyrox.dev
Merge pull request #296694 from amozeo/update-electrum-updater
electrum: updater: use keys from source github repository
authored by Pavol Rusnak and committed by GitHub 2862623f 54aa6db4
+18
-2
pkgs/applications/misc/electrum/update.nix
+18
-2
pkgs/applications/misc/electrum/update.nix
···
4
4
, bash
5
5
, coreutils
6
6
, curl
7
+
, fetchurl
7
8
, gnugrep
8
9
, gnupg
9
10
, gnused
···
13
14
let
14
15
downloadPageUrl = "https://download.electrum.org";
15
16
16
-
signingKeys = ["6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6"];
17
+
signingKeys = lib.lists.map fetchurl [
18
+
{
19
+
url = "https://github.com/spesmilo/electrum/raw/master/pubkeys/Emzy.asc";
20
+
hash = "sha256-QG0cM6AKlSKFacVlhcso/xvrooUdF7oqoppyezt0hjE=";
21
+
}
22
+
{
23
+
url = "https://github.com/spesmilo/electrum/raw/master/pubkeys/ThomasV.asc";
24
+
hash = "sha256-37ApVZlI+2EevxQIKXVKVpktt1Ls3UbWq4dfio2ORdo=";
25
+
}
26
+
{
27
+
url = "https://github.com/spesmilo/electrum/raw/master/pubkeys/sombernight_releasekey.asc";
28
+
hash = "sha256-GgdPJ9TB5hh5SPCcTZURfqXkrU4qwl0dCci52V/wpdQ=";
29
+
}
30
+
];
31
+
32
+
gpgImportPaths = lib.concatStringsSep " " signingKeys;
17
33
in
18
34
19
35
writeScript "update-electrum" ''
···
48
64
export GNUPGHOME=$PWD/gnupg
49
65
mkdir -m 700 -p "$GNUPGHOME"
50
66
51
-
gpg --batch --recv-keys ${lib.concatStringsSep " " (map (x: "'${x}'") signingKeys)}
67
+
gpg --batch --import ${gpgImportPaths}
52
68
gpg --batch --verify "$sigFile" "$srcFile"
53
69
54
70
sha256=$(nix-prefetch-url --type sha256 "file://$PWD/$srcFile")