Skip to content

Commit b28c257

Browse files
JonathonHall-PurismJonathonHall-Purism
committed
Merge remote-tracking branch 'github-tlaurion/key-init_fix-time_give-warning-on-gpg-errors'
PR #1776
2 parents 9bb6605 + 62c8366 commit b28c257

File tree

1 file changed

+22
-6
lines changed

1 file changed

+22
-6
lines changed

initrd/bin/key-init

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,35 @@
11
#!/bin/bash
22
set -e -o pipefail
33
. /etc/functions
4+
. /etc/gui_functions
45

56
TRACE_FUNC
67

78
# Post processing of keys
89

9-
# Import user's keys
10-
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || true
10+
# Good system clock is required for GPG to work properly.
11+
# if system year is less then 2024, prompt user to set correct time
12+
if [ "$(date +%Y)" -lt 2024 ]; then
13+
if whiptail_warning --title "System Time Incorrect" \
14+
--yesno "The system time is incorrect. Please set the correct time." \
15+
0 80 --yes-button Continue --no-button Skip --clear; then
16+
change-time.sh
17+
fi
18+
fi
19+
20+
# Import user's keys if they exist
21+
if [ -d /.gnupg/keys ]; then
22+
# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
23+
# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
24+
# TODO: Remove individual key imports. This is still valid for distro keys only below.
25+
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
26+
fi
1127

1228
# Import trusted distro keys allowed for ISO signing
13-
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true
29+
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
1430
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
15-
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true
16-
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true
31+
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed"
32+
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed"
1733

1834
# Add user's keys to the list of trusted keys for ISO signing
19-
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true
35+
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed"

0 commit comments

Comments
 (0)