index
:
guix
koszko
koszko-scripts
about
su
about
summary
refs
log
tree
commit
diff
log msg
;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2020, 2021 Marius Bakke <marius@gnu.org> ;;; Copyright © 2022 Nicolas Graves <ngraves@ngraves.fr> ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu build chromium-extension) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (gnu packages gnupg) #:use-module (gnu packages tls) #:use-module (gnu packages node-xyz) #:use-module (guix build-system trivial) #:export (make-chromium-extension)) ;;; Commentary: ;;; ;;; Tools to deal with Chromium extensions. ;;; ;;; Code: (define (make-signing-key seed) "Return a derivation for a deterministic PKCS #8 private key using SEED." (computed-file (string-append seed "-signing-key.pem") (with-extensions (list guile-gcrypt) #~(begin (use-modules (gcrypt base16) (gcrypt hash) (ice-9 iconv)) (let* ((sha256sum (bytevector->base16-string (sha256 (string->bytevector #$seed "UTF-8")))) ;; certtool.c wants a 56 byte seed for a 2048 bit key. (key-size 2048) (normalized-seed (string-take sha256sum 56))) (system* #$(file-append gnutls "/bin/certtool") "--generate-privkey" "--key-type=rsa" "--pkcs8" ;; Use the provable FIPS-PUB186-4 algorithm for ;; deterministic results. "--provable" "--password=" "--no-text" (string-append "--bits=" (number->string key-size)) (string-append "--seed=" normalized-seed) "--outfile" #$output)))) #:local-build? #t)) (define* (make-crx signing-key package #:optional (package-output "out")) "Create a signed \".crx\" file from the u
