about summary refs log tree commit diff stats
path: root/sys/boot/signing_key.nix
diff options
context:
space:
mode:
Diffstat (limited to 'sys/boot/signing_key.nix')
-rw-r--r--sys/boot/signing_key.nix18
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/boot/signing_key.nix b/sys/boot/signing_key.nix
new file mode 100644
index 00000000..788447be
--- /dev/null
+++ b/sys/boot/signing_key.nix
@@ -0,0 +1,18 @@
+{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}:
+pkgs.stdenv.mkDerivation {
+  name = "archlinux_signing_keys";
+
+  outputHash = "sha256-evGWzkxMaZw3rlixKsyWCS/ZvNuZ+OfXQb6sgiHz9XY=";
+  outputHashAlgo = "sha256";
+  NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+  nativeBuildInputs = with pkgs; [
+    sequoia-sq
+  ];
+
+  dontUnpack = true;
+
+  buildPhase = ''
+    sq --verbose --no-cert-store --no-key-store network wkd fetch pierre@archlinux.org --output "$out"
+  '';
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-30 16:29:37 +0000