Merge remote-tracking branch 'github-tlaurion/key-init_fix-time_give-…

…warning-on-gpg-errors' PR #1776
linuxboot · Sep 6, 2024 · b28c257 · b28c257
2 parents 9bb6605 + 62c8366
commit b28c257
Showing 1 changed file with 22 additions and 6 deletions.
diff --git a/initrd/bin/key-init b/initrd/bin/key-init
@@ -1,19 +1,35 @@
 #!/bin/bash
 set -e -o pipefail
 . /etc/functions
+. /etc/gui_functions
 
 TRACE_FUNC
 
 # Post processing of keys
 
-# Import user's keys
-gpg --import /.gnupg/keys/*.key  /.gnupg/keys/*.asc 2>/dev/null || true
+# Good system clock is required for GPG to work properly.
+# if system year is less then 2024, prompt user to set correct time
+if [ "$(date +%Y)" -lt 2024 ]; then
+    if whiptail_warning --title "System Time Incorrect" \
+        --yesno "The system time is incorrect. Please set the correct time." \
+        0 80 --yes-button Continue --no-button Skip --clear; then
+        change-time.sh
+    fi
+fi
+
+# Import user's keys if they exist
+if [ -d /.gnupg/keys ]; then
+    # This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
+    #  oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
+    # TODO: Remove individual key imports. This is still valid for distro keys only below.
+    gpg --import /.gnupg/keys/*.key  /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
+fi
 
 # Import trusted distro keys allowed for ISO signing
-gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true
+gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
 #Set distro keys trust level to ultimate (trust anything that was signed with these keys)
-gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true
-gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true
+gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed"
+gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed"
 
 # Add user's keys to the list of trusted keys for ISO signing
-gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true
+gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed"