diff options
Diffstat (limited to 'pkgs/applications/blockchains/sparrow')
4 files changed, 136 insertions, 37 deletions
diff --git a/pkgs/applications/blockchains/sparrow/default.nix b/pkgs/applications/blockchains/sparrow/default.nix index 8552d12bc9bf4..8fa33c91b12e8 100644 --- a/pkgs/applications/blockchains/sparrow/default.nix +++ b/pkgs/applications/blockchains/sparrow/default.nix @@ -1,4 +1,5 @@ { stdenv +, stdenvNoCC , lib , makeWrapper , fetchurl @@ -17,17 +18,54 @@ , hwi , imagemagick , gzip +, gnupg }: let pname = "sparrow"; - version = "1.8.4"; + version = "1.9.1"; src = fetchurl { url = "https://github.com/sparrowwallet/${pname}/releases/download/${version}/${pname}-${version}-x86_64.tar.gz"; - sha256 = "0w6z84w9spwfpqrf5m9bcq30xqp94c27jw3qzxfdyisp8n22xvd8"; + sha256 = "sha256-b1OIizSMTOtLM3/RFiBJPSbkj/C0d0s5ggcUwjCdBBo="; + + # nativeBuildInputs, downloadToTemp, and postFetch are used to verify the signed upstream package. + # The signature is not a self-contained file. Instead the SHA256 of the package is added to a manifest file. + # The manifest file is signed by the owner of the public key, Craig Raw. + # Thus to verify the signed package, the manifest is verified with the public key, + # and then the package is verified against the manifest. + # The public key is obtained from https://keybase.io/craigraw/pgp_keys.asc + # and is included in this repo to provide reproducibility. + nativeBuildInputs = [ gnupg ]; + downloadToTemp = true; + + postFetch = '' + pushd $(mktemp -d) + export GNUPGHOME=$PWD/gnupg + mkdir -m 700 -p $GNUPGHOME + ln -s ${manifest} ./manifest.txt + ln -s ${manifestSignature} ./manifest.txt.asc + ln -s $downloadedFile ./${pname}-${version}-x86_64.tar.gz + gpg --import ${publicKey} + gpg --verify manifest.txt.asc manifest.txt + sha256sum -c --ignore-missing manifest.txt + popd + mv $downloadedFile $out + ''; + }; + + manifest = fetchurl { + url = "https://github.com/sparrowwallet/${pname}/releases/download/${version}/${pname}-${version}-manifest.txt"; + sha256 = "sha256-2IGhP9Xsli9d0zTzPliJH/tE5TXei1vjVngtjL9vA48="; + }; + + manifestSignature = fetchurl { + url = "https://github.com/sparrowwallet/${pname}/releases/download/${version}/${pname}-${version}-manifest.txt.asc"; + sha256 = "sha256-FSR9Z+27J/u1MYIR+LrL+pqCP6q4GfVYtRZ0WA9AaKM="; }; + publicKey = ./publickey.asc; + launcher = writeScript "sparrow" '' #! ${bash}/bin/bash params=( @@ -74,7 +112,7 @@ let exec ${tor}/bin/tor "$@" ''; - jdk-modules = stdenv.mkDerivation { + jdk-modules = stdenvNoCC.mkDerivation { name = "jdk-modules"; nativeBuildInputs = [ openjdk ]; dontUnpack = true; @@ -95,7 +133,7 @@ let ''; }; - sparrow-modules = stdenv.mkDerivation { + sparrow-modules = stdenvNoCC.mkDerivation { pname = "sparrow-modules"; inherit version src; nativeBuildInputs = [ makeWrapper gzip gnugrep openjdk autoPatchelfHook stdenv.cc.cc.lib zlib ]; @@ -150,7 +188,6 @@ let # with one from Nixpkgs. gzip -c ${torWrapper} > tor.gz cp tor.gz modules/kmp.tor.binary.linuxx64/kmptor/linux/x64/tor.gz - find modules ''; installPhase = '' @@ -162,7 +199,7 @@ let ''; }; in -stdenv.mkDerivation rec { +stdenvNoCC.mkDerivation rec { inherit version src; pname = "sparrow-unwrapped"; nativeBuildInputs = [ makeWrapper copyDesktopItems ]; @@ -180,7 +217,7 @@ stdenv.mkDerivation rec { }) ]; - sparrow-icons = stdenv.mkDerivation { + sparrow-icons = stdenvNoCC.mkDerivation { inherit version src; pname = "sparrow-icons"; nativeBuildInputs = [ imagemagick ]; @@ -212,10 +249,8 @@ stdenv.mkDerivation rec { runHook postInstall ''; - passthru.updateScript = ./update.sh; - meta = with lib; { - description = "A modern desktop Bitcoin wallet application supporting most hardware wallets and built on common standards such as PSBT, with an emphasis on transparency and usability."; + description = "Modern desktop Bitcoin wallet application supporting most hardware wallets and built on common standards such as PSBT, with an emphasis on transparency and usability"; homepage = "https://sparrowwallet.com"; sourceProvenance = with sourceTypes; [ binaryBytecode diff --git a/pkgs/applications/blockchains/sparrow/openimajgrabber.nix b/pkgs/applications/blockchains/sparrow/openimajgrabber.nix index 0bf642d49d1ca..8fac6f1a27ae6 100644 --- a/pkgs/applications/blockchains/sparrow/openimajgrabber.nix +++ b/pkgs/applications/blockchains/sparrow/openimajgrabber.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - description = "A collection of libraries and tools for multimedia (images, text, video, audio, etc.) content analysis and content generation. This package only builds the OpenIMAJGrabber for Linux."; + description = "Collection of libraries and tools for multimedia (images, text, video, audio, etc.) content analysis and content generation. This package only builds the OpenIMAJGrabber for Linux"; homepage = "http://www.openimaj.org"; license = licenses.bsd0; maintainers = with maintainers; [ emmanuelrosa _1000101 ]; diff --git a/pkgs/applications/blockchains/sparrow/publickey.asc b/pkgs/applications/blockchains/sparrow/publickey.asc new file mode 100644 index 0000000000000..c053995b68ebc --- /dev/null +++ b/pkgs/applications/blockchains/sparrow/publickey.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - http://gpgtools.org + +mQINBF2V8eEBEADmjYzGOpxEI0J7jQ1qFzlsrjF6NaBSq+UqKwPOL917pvI/8b/d +bI1gLV1kgIMAnwf3/JWkF4Ind0pk3g3Vj/jzTYg/ePSwjAhvhowoDo4va+AtV066 +tRf3FjQYFCWR6ccN4zxmQxZ9QPOp4XIcXwu7Ce+ORRRiU9gkWXfiU64pmpzH89gz +LF35r+98+d9Ov6nAPhRSUlj+vk85mu6Lk8J26srHKWB7iXat1rl4lEAPpFtyvU6L +oO5XZoRPvXce3mByyuh8SDYTr6GVYjfPHWPaxcGrS/qTe2RCn3ec3xWSGT/U4xH0 +TwagphjxlSnpeHDxZXG6wpgyVEcjpQ1M9hIK7z1G+SHuW4EoyaZf2llTsNbKvbV8 +UOao6g5uAYeLQyBJPKExocNj7+DvbNrpRXYy1levrWtnkNS/oPx3wJgxeXL55uXC +MCcc5X5T6GNNAtBubAxtYRt65Q6Lvga7v6dWTDtvwufxfjtXZGFO/Hut4wS6IyTt +77i4GB/WeAQGGhPHGssVECd80u7/DEZ1EMcfTexsDJ9T1ZeM6orvAQ3i2DGdoiYt +/pJPd2g0LE1Q0HhSVC74JP0pUPJ7V/nzBVPXbYQTQWxESce+NUpnONs2uW+XNSxb +i0PoUwyDZsRQ7SZJZuOStBWqUXC8TUoGtkaRQHtBgumW0zHasgShVpkU+wARAQAB +tCNDcmFpZyBSYXcgPGNyYWlnQHNwYXJyb3d3YWxsZXQuY29tPokCVAQTAQoAPgIb +AwULCQgHAwUVCgkICwUWAgMBAAIeBQIXgBYhBNTQ0yAvwGhJolezjelGGDNMZ0tA +BQJlCacEBQkO+IMiAAoJEOlGGDNMZ0tAMZ0QAJtLTl8n/H2nn3nnuHMV18lLya+F +92/7Q5cSls+EPDzmhZnOY13aVlzL0y9++snRA6QrajyF5pxk5/t6OUcztg9PSSzz +dJ4SrjqF7nxSWXAybQLSWK0NmAZGC4cCkHuFwOOpTYTsGjUH0lMnvGF7PllQK0L7 +8zKrNUpHHLWpkPBHfJEnGbv3XVG4DVWfdTAmpgSP/Lma3qRs5TRlr4pWbCQxUjd3 +8QCw25PGT4xQ9g/yCWY1rBq2x7MzHsiuNmd/qCuwcXiSCChrlGUUVYWwp7FXkVFq +9wIJB7lYxOKbrwL8KcA2jQL0ZH9421+xfThCruMEnb3fPiW7y5VAbJKNLvk+WHa6 +Vfj12+R3a3ZM2P8iExS6+d04xM0AXK4J5bIcpFW0D8GdjJyED6I7cAPF723xSws1 +t9RD1rVslOlCvOJtoqATuWqGoTVAR4cdpdpnTywKZpjQowLdIcUPbW58zJQxmONh +vXoTzqvhQV2b9wRlrT+8gwlYmGh+P+xpR8nlHD7GQWoUC/mfWm4w6rMfX6xHBylC +SHB+teH+9lqUaefbbxKQlAbLL+3q7M4O4Dx224OZBvRN7MFnvBWJimhj8n7lJwfY +Pl7l/ZENqigiosH5XPLIXE8WhbT2SLh9a2Lp+qH8xrEcsUlUST+F0gE9qawTTl9X +RGfvr16YhNpScpBptB5DcmFpZyBSYXcgPGNyYWlncmF3QGdtYWlsLmNvbT6JAjYE +MAEKACAWIQTU0NMgL8BoSaJXs43pRhgzTGdLQAUCZQmpwgIdIAAKCRDpRhgzTGdL +QNX9D/4kl6JOsL4/P88m8i3SYW1N+FzCrr486Ak8zmfoPjtoSytk0+QIsjb5Esn4 +ltU2UD7MPoPplky3TykNUbVqPr1LtSoabbxOOpz3kpHgkYN2KvH6Bv2H81kBF0k9 +a8XYY92/73q7n7QiMmm6SNm0LO0QvHRu5KoCVQ+FyeLu4h4UqpK0RWtjIUUo6whO +hXO1ZkkAcV38gewbU92bQBnhLxQNm/EHs9g3Dx+dmhmym4yn0sfNxX+4MsLNMa6E +jcQ0YF+EgrQk9r8MF3NtPPFfzxswOThXNlEzie5ETAqcouT6mnlfTnB8UL4wjBoP +GueatUqvtO99RUZbM2otZdz1bBAmOQ/R92wcqsC46zY+PdIXX3YuiGVEfZHjuAU7 +3FlajlZeWvp2NgZzLHFAjjWt67IeYkvfsv4bvq9EANXebI0Srq/g0o2Ego+kfBsZ +Ca+2jMgxo9+6X69+WJEe46G9bHatpl2dStylgWRhroEbkV83bIFwwE8Q9QOX4uJW +FB16kl/qTuBiG/rDgVT8eZuCYJXFKQtgPoslEramQuURyUfKFrOAyL7mQHHGSZab +mgI8kKI//DvTD3t/BspikmdgZLQL4zoXKIFFPuES+TQO+BHoB+TikjZC81mcyZOX +Sh+Eg21pO3B+HMOXkpv0aj3ZCUt55hslWUom8huQxY7sUdg4KIkCNgQwAQoAIBYh +BNTQ0yAvwGhJolezjelGGDNMZ0tABQJlCaa2Ah0gAAoJEOlGGDNMZ0tA4uYQAJuP +GEiE6/XO10lG8feXk5EIpTgFT8XiF7/CEFrGdPOgb/2HQ2G0QXGfrYI5VTJPdgsG +Mj2JgTcFX12fyKvGpb0HXMdvqNEtNUV4z5wrhUkItPFF4wJ2YAeFuJpdgsTU3RYL +mct30Dcr79M0JSsOO3erjAqsMj+GlTWbHMEzM86regfe0KTU9f4G8DIYRoM+Zu3E +P3BgpKm2miyEW++vuK+/Q+cWPSi7ztRPQ9CoswPb/xEFuxnzRCbdmwGqRUJzFfQJ +3uMTSt5JACn1mn/Bojn8IcAhCKJsBNL3MHAqkJVPdzzQhsr2z0bevVBhhbBabaub +zbFOIHluSge5/IGr7bFjldql/UflYavrV1+aH2CzI/YEgBxZZoIgYl9N5n+vO1GI +Xn39axQ4Lhf7mJc5Y89ojZkhT7sHgpCceyzsFWrBrcLXhhFCafTBcVQd+U1xk5Xf +SV+3TTbWz1woIzVJ6ef5wUYI0qZBuXDef6kIEBnFUwbn5Iu834NtthSkam9LeDcJ +NDISaoCOd+cRgKSTrGkLEIF7hzlF901S/jTDDaKGs9JnruhokxjmyxJvFcowP4Lo +O8J+782+e1QiL49M97tvnYwzLU/iGieG6kWgQcJHVy5ZJdDNMfkZMNR6Ek4dzBVQ +c5pgVp882o9l61xdCQq6o/oSBSCbOGe8Ujr1tGpXiQJUBBMBCgA+AhsDBQsJCAcD +BRUKCQgLBRYCAwEAAh4BAheAFiEE1NDTIC/AaEmiV7ON6UYYM0xnS0AFAmUJpwMF +CQ74gyIACgkQ6UYYM0xnS0Dnww//fMTpZ66XJK15CqbqqFHOlkneoV/X2Oo1CN/t +qIiG6s1TMA/ZwF1dmHSZh46tAd2TK0qTxR4kxXlVq5oO5HbzIA9n/hvJJA8ZXk3g +QieX4L5uITdHmAzChhf0N0jAQT8Oe72SocRMgPCI8c3ZKhBHYqI1PCTUSQKD6+dS +D0zHGZhtPJctDBJGVDCT8jaS4JeDVBU0UijzxLo6qkZvSIXoTxjQHQILFZq4biCs +2gLQ6aJ870TtQz/PiZkL+o5XImY+nPoAyEIC+mDSgO4kb5ELJ5U66vDMpR75FFpW +t/wU0/0q7W9wIzifdRuctVDyh88/5ycg4zrVyX0PmNrx27EGIhL1sEPfLnzMU7am +FqffWVtjvWrPtOiJE6vYRZA1IhallNY1eVI2NcEAj3+gSUsQx5rl7loP+axB7eSM +BKNUBlTptKrCMCWiYVrIFHDG7rHpNc/8G7mpjQCZtUyTNfRG87991JI9nAXHqntr +Slvr2t1TBaNkJQn06/Vx4StR8dNHvN09OzmriPibjxVXfW1fbiPD8mNPM1q1ll37 +15IaZJLJfxA0tz5hhK1J9/asM80GMRfJmbGprZqkbDEFoi4QlLGJfYM5YeHi/TKB +j0IBS7Kh0rZ0y2YpwYRGJjeL+RMwRdbFV0vIayyZ8AS6mXbYVFfpgDnQQ2mJUkm2 +XNpucCm5Ag0EXZXx4QEQAMkaRHXCSMDjBJ+7hQp5+OW7vhRb3jJ5RvveGJpMaV9z +/6UTo+VhI1AzkKKFZ/gwk7fJWm5cuE9fA6rc+h5eHbTtDkcPxAQk58YJyNdKj1t+ +XncvU3Nhb8C/+cChQrnxAlQeFeSk2VUnxh7eTU4jwZo89N+cLJCzz0gIBbmOtTS6 +zcdVaAhi0ePmD496kFxOz0ccGtukeXE38VdUM5PfSSEE8Cy+pokgFjyUSXBefW9u +XsETpw12KvF6xBizFYBTsMmGQQqxtk5bO/bQly61798gcFsxnrMPxBDyENJPkNEJ +s7tdCWEQB2dA8BZw7tN7sItVQabTmz4gUlmRSfsZfZbNZy7nL3zIBXRBZ6I9OPOp +m7BCUlOEQgJQru3RJdfnFVaNUURTd0Up+t+lACuUXXuMlrDbjAFlIGN0YR86JN6b +yAv2s9V5U/3R6QV50BRkj1qQehwUKRQYNMMeSs0I63zHgWOLjXwqr1O0U2/x+8o+ ++UOUVCvsicQcl2CDLbC4C+xntZSKUwYmWtAWjkiDp5Fk2Fxyj9vK5TSym+ur3AAH +gZVugkoM5yMhiOIJVPKGB1aAnQNmQVYREEpJBTtFqbURraqObqiHKPF6MKAL+AW4 +jv2Lms0gJ2S5rSmP/Zi0CiABYg1pppojYlrHp1vXb251o7WlPgwf6nKKLTi8byTN +ABEBAAGJAjwEGAEKACYCGwwWIQTU0NMgL8BoSaJXs43pRhgzTGdLQAUCZQmnLAUJ +DviDSwAKCRDpRhgzTGdLQNAwD/0ThrnXqwZ+dyFK4M73nqSXwWjED/xHAQYmrEAr +kVoox3GZYlTFlQlCQZTi+yOsrFdiP7EfWM8jbc6BqEh4fhn1f+wUIiZQELl+6M/U +rHrPz5h4c9rD/+M62awPa6HdauaHkUrF3nAax9EOTVQJvxKLpuaE9Ki9p2ZMEQOK +HakTDtLL2BeXiJG1I/SH1thBPuGL4hReY8qrj0ryYMrlYdu7l+RJrQUemLVD/eQI +S8MqH8E5HjZKS7QNSCEEeHgFw1Yu28C+AnjHQHS5gDugw8ire/NetFxI8Wx5nOOU +oCRR3P1U5IFWqj+Yukc3rB0z9+kSK3cic1jdCRy26JYxz9xuBbAqcnKoGtrB3HVI +Y2pdQKN4kTpifGDriSEe6epuEvvObBovYJE3lc4AWr8VNFJd4UYphJ/9Px+5xajo +ZBicNI9pGq0gTDuBb+tBwTt2dw8tFSCLyJ+C1dFRZX8NM3FlnpjeJQb7SCcLT4PZ +h4+CyElfF/HkcVZHjjanpXZdP91clgmRidnlDBQ07BmaTgvxdlkwHJFGqGcuZn1A +y1p23CECTYiFxFxgMvVjNHSPSyrEnNC0ash+BIGuxvYfm/7CioThFXw9TbwQXn6C +IsgINPAvnKVmW6Ui0jLvtlIWV/TW2yDFjPoC2ilVexwt9QdvtBf5baT8GCilb5Yo +EmR2yA== +=t5JY +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/applications/blockchains/sparrow/update.sh b/pkgs/applications/blockchains/sparrow/update.sh deleted file mode 100755 index 7a520b351aa4a..0000000000000 --- a/pkgs/applications/blockchains/sparrow/update.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -p coreutils curl jq gnused gnupg common-updater-scripts - -set -eu -o pipefail - -version="$(curl -s https://api.github.com/repos/sparrowwallet/sparrow/releases| jq '.[] | {name} | limit(1;.[])' | sed 's/[\"v]//g' | head -n 1)" -depname="sparrow-$version-x86_64.tar.gz" -src_root="https://github.com/sparrowwallet/sparrow/releases/download/$version"; -src="$src_root/$depname"; -manifest="$src_root/sparrow-$version-manifest.txt" -signature="$src_root/sparrow-$version-manifest.txt.asc" -key="D4D0 D320 2FC0 6849 A257 B38D E946 1833 4C67 4B40" - -pushd $(mktemp -d --suffix=-sparrow-updater) -export GNUPGHOME=$PWD/gnupg -mkdir -m 700 -p "$GNUPGHOME" -curl -L -o "$depname" -- "$src" -curl -L -o manifest.txt -- "$manifest" -curl -L -o signature.asc -- "$signature" -gpg --batch --recv-keys "$key" -gpg --batch --verify signature.asc manifest.txt -sha256sum -c --ignore-missing manifest.txt -sha256=$(nix-prefetch-url --type sha256 "file://$PWD/$depname") -popd - -update-source-version sparrow-unwrapped "$version" "$sha256" |