From 54c0b5c45767729b053574c2b2a62b17594f42ab Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 16 Oct 2022 02:00:04 +0200 Subject: guix-install.sh: Suggest what to do if fetching OpenPGP key(s) fails. * etc/guix-install.sh (chk_gpg_keyring): Report an _err and set the exit_flag if wget | gpg --import fails. --- etc/guix-install.sh | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'etc/guix-install.sh') diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 3fad9deb1f..353fc68aab 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -3,7 +3,7 @@ # Copyright © 2017 sharlatan # Copyright © 2018 Ricardo Wurmus # Copyright © 2018 Efraim Flashner -# Copyright © 2019, 2020 Tobias Geerinckx-Rice +# Copyright © 2019–2020, 2022 Tobias Geerinckx-Rice # Copyright © 2020 Morgan Smith # Copyright © 2020 Simon Tournier # Copyright © 2020 Daniel Brooks @@ -137,23 +137,27 @@ chk_gpg_keyring() gpg_key_id=${GPG_SIGNING_KEYS[$user_id]} # Without --dry-run this command will create a ~/.gnupg owned by root on # systems where gpg has never been used, causing errors and confusion. - if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then - if prompt_yes_no "${INF}The following OpenPGP public key is \ + if gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then + continue + fi + if prompt_yes_no "${INF}The following OpenPGP public key is \ required to verify the Guix binary signature: $gpg_key_id. Would you like me to fetch it for you?"; then - # Use a reasonable time-out here so users don't report silent - # ‘freezes’ when Savannah goes out to lunch, as has happened. - wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \ - --timeout=30 --no-verbose -O- | gpg --import - - else - _err "${ERR}Missing OpenPGP public key ($gpg_key_id). + # Use a reasonable time-out here so users don't report silent + # ‘freezes’ when Savannah goes out to lunch, as has happened. + if wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \ + --timeout=30 --no-verbose -O- | gpg --import -; then + continue + fi + fi + # If we reach this point, the key is (still) missing. Report further + # missing keys, if any, but then abort the installation. + _err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command: wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - | \ sudo -i gpg --import -" - exit_flag=yes - fi - fi + exit_flag=yes done if [ "$exit_flag" = yes ]; then exit 1 -- cgit 1.4.1