nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

amnezia-vpn: rework premium

Browse Source
This commit is contained in:
sund3RRR
2026-05-08 17:23:26 +03:00
parent 8d303adce8
commit fc35ff6c85
3 changed files with 56 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkgs/by-name/am/amnezia-vpn/dev_agw_public_key Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwMJbYlGxn3l+0XiGA9I/
BHK8HX/aet7A9GVL817apDUeL6sdISRBdopv5Y0FdrBHSJWSUdWtVxVazJB46J8x
327/5H5pi0nkfRbcgxBGSGxhKOvwRe+WPVb2f81jlkenZK46c9C7dNmX/310rlHY
BwOnZcdw2oKu6hTNDwk3nyUo2v2/leNIMLsv84RlHAX6Tyx5slq8ysewhcmdfv17
WQjF7albq12ZafTSjtXqDcsrk2oF8mfyzxLjSXbxQHKIDHkfz3SUXCs/H9tt1ydK
2Yj6nIxv98HESZ8Ng40OZPhHDex8Ru1NjcWlo2EWNM1xT8IqmBT21PLuyzGjNSwG
Ojnm1V2EcjerVmRNhFTJG70RkURD/i2MDbG+ZKpqPtW1uL8wEt2IkSqNfKcf+TF+
UJZZfm1lDUMpWJ2eWJGrgOUX8/f8v/GB+x4PxUo1m7V/pDLqCUPm3l2dkaM9P0sM
6lO0+jKqfIFnG1zjc3if7r1YbDsZlyl389q9Hrh7t+Lwj/JXkDxFaTnudM8egaXk
GX5YxZiEDmCCLRskRwBBUaYffXIpFbI8sO2Xj0J5/im5xtu7TtfJktcPzDL9uyG1
Ebt8oSA4FTzTid6Zwj55YgDfz0FMnNmXh80T1xMzlbi6y+BCuna+I+7McMRo8yz3
VzzYJ0/J7PpHpXoZv7K1qDsCAwEAAQ==
-----END PUBLIC KEY-----

36
pkgs/by-name/am/amnezia-vpn/package.nix
View File

@@ -58,13 +58,26 @@ let
amnezia-xray = callPackage ./xray-lib.nix { };
amneziaPremiumConfig = fetchurl {
url = "https://raw.githubusercontent.com/amnezia-vpn/amnezia-client-lite/f45d6b242c1ac635208a72914e8df76ccb3aa44c/macos-signed-build.sh";
hash = "sha256-PnaPVPlyglUphhknWwP7ziuwRz+WOz0k9WRw6Q0nG2c=";
postFetch = ''
sed -nri '/PROD_AGW_PUBLIC_KEY|PROD_S3_ENDPOINT/p' $out
'';
};
# Amnezia Gateway (AGW) public keys for premium server list verification.
# These PEM-formatted RSA public keys are hardcoded in the upstream binary
# and used to verify signatures on server list responses from the AGW service.
# The original values were extracted from the upstream linux binary using
# `strings` command, as they are not present in any public source files.
# Newlines are escaped (\n -> \\n) to prevent Makefile generation failures
# during build when these variables are exported via preConfigure.
dev-agw-public-key = lib.replaceStrings [ "\n" ] [ "\\n" ] (builtins.readFile ./dev_agw_public_key);
dev-agw-endpoint = "http://gw.dev.amzsvc.com:80/";
dev-s3-endpoint = "https://s3.eu-north-1.amazonaws.com/amnezia-dev/";
prod-agw-public-key = lib.replaceStrings [ "\n" ] [ "\\n" ] (
builtins.readFile ./prod_agw_public_key
);
prod-s3-endpoint = lib.concatStringsSep ", " [
"https://s3.eu-north-1.amazonaws.com/amnezia/"
"https://amnzstrg01.blob.core.windows.net/lambda-list/"
"https://storage.googleapis.com/lambda-list/"
"https://objectstorage.eu-zurich-1.oraclecloud.com/n/zrhfyaq6qxvh/b/lambda-list/o/"
];
in
stdenv.mkDerivation (finalAttrs: {
pname = "amnezia-vpn";
@@ -134,8 +147,15 @@ stdenv.mkDerivation (finalAttrs: {
qt6.qttools
];
# These environment variables are baked into the binary at build time.
# They configure which Amnezia Gateway servers and S3 endpoints the client
# uses for fetching verified server lists (premium functionality).
preConfigure = ''
source ${amneziaPremiumConfig}
export DEV_AGW_PUBLIC_KEY="${dev-agw-public-key}"
export DEV_AGW_ENDPOINT="${dev-agw-endpoint}"
export DEV_S3_ENDPOINT="${dev-s3-endpoint}"
export PROD_AGW_PUBLIC_KEY="${prod-agw-public-key}"
export PROD_S3_ENDPOINT="${prod-s3-endpoint}"
'';
installPhase = ''

14
pkgs/by-name/am/amnezia-vpn/prod_agw_public_key Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAj5mxl/4DL3Sk89ntxs5G
X3JawGQWIoq6rvNkOzNGuNgedNS2+pi6hZl3Izl1Io9om4KiUlMT6mgLO1hTr9q+
s7CYhlvroFA7ErucF+9L+7FCt0Igi0kIK/R2/vxd/2HaUrorn/aSvvutkYwbfxqW
SwtzE+RuBeDWGvEt937OW0oqYONPYv9E4T56Dz/EZ6v2t8ejAnKLbGD/GocMmipK
7etFSiSMAB2RmaztqTq4NleBepfO80XpYlW9pCSXuHcE8wxHczkzxsbyMAMsG/K3
vUQY6qPtohqqzSSBwa/8u2ptNHBeor7l7DdYXeR/Nqcc4z92VUkZ5lOVR4evkS5V
/wQqp5tnOJEj3NjUhEhXFoNEapbZd1bh6iQoUk7jC1TdvKJ/nPKGZAsHRpr0rNKz
fx/N/Oo6lr2yh/+ps6VxTkbPmB6E85WOO3UvjImZUY0XQdBjWle/4iJLdEC77Nr0
jXhdgeypucy6jkB6iBHMeVMlrNMEV7UxoBR/cCNx55zu/8sml5ByiDvCDT7sRomN
NgVt5S/FaVjYuzFUifJ12ToChXFgESKFmuso7WluEaWvMIGREdrMrKQKHfYLOzWF
2B5ZJDqw4o03fU4J/6rw61M1b+rjVpXMjPnzc2A+RgcjTvXv955gfZkwe4lt5wk/
3j8zMVo3+zLrMTAaEeIUM0UCAwEAAQ==
-----END PUBLIC KEY-----