about summary refs log tree commit diff stats
path: root/modules/system/boot/iso_entry/archlive_iso.nix
blob: d19a4a8782bb10414f98d0a423a0078c292d25c6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}: let
  signing_key = import ./signing_key.nix {inherit pkgs;};

  checked_iso = pkgs.stdenv.mkDerivation {
    pname = "archlinux-iso";
    version = "2024.05.01";

    srcs = [
      (pkgs.fetchurl {
        url = "https://archlinux.org/iso/2024.05.01/archlinux-2024.05.01-x86_64.iso.sig";
        hash = "sha256-QOGYng6a7zA5EJKGotDccJ7fD2MmPPXQEdVr1kjJvi4=";
      })
      (pkgs.fetchurl {
        url = "https://mirror.informatik.tu-freiberg.de/arch/iso/latest/archlinux-2024.05.01-x86_64.iso";
        hash = "sha256-G0oE74pzUIUqEwcO5JhEKwh6YHoYhAtN19mYZ+tfakw=";
      })
      (pkgs.fetchurl {
        url = "https://archlinux.org/iso/2024.05.01/b2sums.txt";
        hash = "sha256-HSMS13hHXFKKQsCA8spa7XtirHCBTmePwhOsStVPbHw=";
      })
    ];

    dontUnpack = true;

    nativeBuildInputs = with pkgs; [
      sequoia-sq
    ];

    buildPhase =
      /*
      bash
      */
      ''
        cp -r "${signing_key}" ./release-key.pgp
        for src in $srcs; do
          cp -r  "$src" "$(stripHash "$src")"
        done

        sed '2d;3d;4d' b2sums.txt > b2sums_clean.txt

        # As per the directions from: https://archlinux.org/download/

        # blake hash check
        b2sum -c ./b2sums_clean.txt

        # pgp signature check
        sq verify --signer-file release-key.pgp --detached archlinux-2024.05.01-x86_64.iso.sig archlinux-2024.05.01-x86_64.iso
      '';

    installPhase = ''
      cp archlinux-2024.05.01-x86_64.iso "$out";
    '';
  };
in
  pkgs.stdenv.mkDerivation {
    name = "live_iso_boot_entry";

    src = checked_iso;

    dontUnpack = true;

    nativeBuildInputs = with pkgs; [
      libarchive # for bsdtar
    ];

    buildPhase = ''
      mkdir iso
      bsdtar -xf "$src" -C iso
    '';

    installPhase = ''
      install -D ./iso/arch/boot/x86_64/initramfs-linux.img "$out/live/initramfs-linux.img"
      install -D ./iso/arch/boot/x86_64/vmlinuz-linux "$out/live/vmlinuz-linux"

      install -D "$src" "$out/archlinux.iso"
    '';
  }