guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

23/33: guix-install.sh: Suggest what to do if fetching OpenPGP key(s) fa

From: guix-commits
Subject: 23/33: guix-install.sh: Suggest what to do if fetching OpenPGP key(s) fails.
Date: Fri, 21 Oct 2022 13:20:54 -0400 (EDT) 
nckx pushed a commit to branch master
in repository guix.

commit 54c0b5c45767729b053574c2b2a62b17594f42ab
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Sun Oct 16 02:00:04 2022 +0200

    guix-install.sh: Suggest what to do if fetching OpenPGP key(s) fails.
    
    * etc/guix-install.sh (chk_gpg_keyring): Report an _err and set the
    exit_flag if wget | gpg --import fails.
---
 etc/guix-install.sh | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 3fad9deb1f..353fc68aab 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -3,7 +3,7 @@
 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
-# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+# Copyright © 2019–2020, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
 # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
 # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
 # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
@@ -137,23 +137,27 @@ chk_gpg_keyring()
         gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
         # Without --dry-run this command will create a ~/.gnupg owned by root 
on
         # systems where gpg has never been used, causing errors and confusion.
-        if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
-            if prompt_yes_no "${INF}The following OpenPGP public key is \
+        if gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
+            continue
+        fi
+        if prompt_yes_no "${INF}The following OpenPGP public key is \
 required to verify the Guix binary signature: $gpg_key_id.
 Would you like me to fetch it for you?"; then
-               # Use a reasonable time-out here so users don't report silent
-               # ‘freezes’ when Savannah goes out to lunch, as has happened.
-                wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id"; \
-                     --timeout=30 --no-verbose -O- | gpg --import -
-            else
-                _err "${ERR}Missing OpenPGP public key ($gpg_key_id).
+            # Use a reasonable time-out here so users don't report silent
+            # ‘freezes’ when Savannah goes out to lunch, as has happened.
+            if wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id"; \
+                    --timeout=30 --no-verbose -O- | gpg --import -; then
+                continue
+            fi
+        fi
+       # If we reach this point, the key is (still) missing.  Report further
+       # missing keys, if any, but then abort the installation.
+        _err "${ERR}Missing OpenPGP public key ($gpg_key_id).
 Fetch it with this command:
 
   wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\"; -O - | \
 sudo -i gpg --import -"
-                exit_flag=yes
-            fi
-        fi
+        exit_flag=yes
     done
     if [ "$exit_flag" = yes ]; then
         exit 1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]