-
-
Notifications
You must be signed in to change notification settings - Fork 185
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'github-tlaurion/key-init_fix-time_give-…
…warning-on-gpg-errors' PR #1776
- Loading branch information
Showing
1 changed file
with
22 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,35 @@ | ||
#!/bin/bash | ||
set -e -o pipefail | ||
. /etc/functions | ||
. /etc/gui_functions | ||
|
||
TRACE_FUNC | ||
|
||
# Post processing of keys | ||
|
||
# Import user's keys | ||
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || true | ||
# Good system clock is required for GPG to work properly. | ||
# if system year is less then 2024, prompt user to set correct time | ||
if [ "$(date +%Y)" -lt 2024 ]; then | ||
if whiptail_warning --title "System Time Incorrect" \ | ||
--yesno "The system time is incorrect. Please set the correct time." \ | ||
0 80 --yes-button Continue --no-button Skip --clear; then | ||
change-time.sh | ||
fi | ||
fi | ||
|
||
# Import user's keys if they exist | ||
if [ -d /.gnupg/keys ]; then | ||
# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg | ||
# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg | ||
# TODO: Remove individual key imports. This is still valid for distro keys only below. | ||
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed" | ||
fi | ||
|
||
# Import trusted distro keys allowed for ISO signing | ||
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true | ||
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed" | ||
#Set distro keys trust level to ultimate (trust anything that was signed with these keys) | ||
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true | ||
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true | ||
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed" | ||
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed" | ||
|
||
# Add user's keys to the list of trusted keys for ISO signing | ||
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true | ||
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed" |