mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-12 06:06:53 -05:00
guix-install.sh: Add support for more than one signing key.
The forthcoming 1.3.0 release will be signed with my personal GnuPG key; the installation script need to tell users how fetch it. * etc/guix-install.sh (OPENPGP_SIGNING_KEY_ID): Remove variable. (GPG_SIGNING_KEYS): New associative array. (chk_gpg_keyring): Process all the keys contained in the above array. (main) <GUIX_BINARY_FILE_NAME>: Double quote variable.
This commit is contained in:
parent
0084f0054f
commit
185709221d
1 changed files with 21 additions and 9 deletions
|
@ -64,7 +64,12 @@ INF="[ INFO ] "
|
||||||
DEBUG=0
|
DEBUG=0
|
||||||
GNU_URL="https://ftp.gnu.org/gnu/guix/"
|
GNU_URL="https://ftp.gnu.org/gnu/guix/"
|
||||||
#GNU_URL="https://alpha.gnu.org/gnu/guix/"
|
#GNU_URL="https://alpha.gnu.org/gnu/guix/"
|
||||||
OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
|
|
||||||
|
# The following associative array holds set of GPG keys used to sign the
|
||||||
|
# releases, keyed by their corresponding Savannah user ID.
|
||||||
|
declare -A GPG_SIGNING_KEYS
|
||||||
|
GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
|
||||||
|
GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
|
||||||
|
|
||||||
# This script needs to know where root's home directory is. However, we
|
# This script needs to know where root's home directory is. However, we
|
||||||
# cannot simply use the HOME environment variable, since there is no guarantee
|
# cannot simply use the HOME environment variable, since there is no guarantee
|
||||||
|
@ -113,14 +118,21 @@ chk_require()
|
||||||
chk_gpg_keyring()
|
chk_gpg_keyring()
|
||||||
{ # Check whether the Guix release signing public key is present.
|
{ # Check whether the Guix release signing public key is present.
|
||||||
_debug "--- [ $FUNCNAME ] ---"
|
_debug "--- [ $FUNCNAME ] ---"
|
||||||
|
local user_id
|
||||||
|
local gpg_key_id
|
||||||
|
local exit_flag
|
||||||
|
|
||||||
# Without --dry-run this command will create a ~/.gnupg owned by root on
|
for user_id in "${!GPG_SIGNING_KEYS[@]}"; do
|
||||||
# systems where gpg has never been used, causing errors and confusion.
|
gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
|
||||||
gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
|
# Without --dry-run this command will create a ~/.gnupg owned by root on
|
||||||
_err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
|
# systems where gpg has never been used, causing errors and confusion.
|
||||||
echo " wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | sudo -i gpg --import -"
|
if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
|
||||||
exit 1
|
_err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command:"
|
||||||
)
|
echo " wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -"
|
||||||
|
exit_flag=yes
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
test "$exit_flag" = yes && exit 1 || true
|
||||||
}
|
}
|
||||||
|
|
||||||
chk_term()
|
chk_term()
|
||||||
|
@ -563,7 +575,7 @@ main()
|
||||||
_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
|
_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
|
||||||
fi
|
fi
|
||||||
_msg "Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
|
_msg "Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
|
||||||
GUIX_BINARY_FILE_NAME=$(realpath $GUIX_BINARY_FILE_NAME)
|
GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
|
sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
|
||||||
|
|
Loading…
Reference in a new issue