guix-install.sh: Propose automatically fetching OpenPGP keys.
Via, for example, yes | ./guix-install.sh. * etc/guix-install.sh (prompt_yes_no): New procedure. (chk_gpg_keyring, sys_authorize_build_farms): Use it.
This commit is contained in:
Maxim Cournoyer
parent
e61fe664a4
commit
5b0ce3393b
1 changed files with 33 additions and 14 deletions
|
|
@ -92,6 +92,18 @@ _debug()
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Return true if user answered yes, false otherwise.
|
||||||
|
# $1: The prompt question.
|
||||||
|
prompt_yes_no() {
|
||||||
|
while true; do
|
||||||
|
read -rp "$1" yn
|
||||||
|
case $yn in
|
||||||
|
[Yy]*) return 0;;
|
||||||
|
[Nn]*) return 1;;
|
||||||
|
*) _msg "Please answer yes or no."
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
chk_require()
|
chk_require()
|
||||||
{ # Check that every required command is available.
|
{ # Check that every required command is available.
|
||||||
|
|
@ -123,10 +135,20 @@ chk_gpg_keyring()
|
||||||
# Without --dry-run this command will create a ~/.gnupg owned by root on
|
# Without --dry-run this command will create a ~/.gnupg owned by root on
|
||||||
# systems where gpg has never been used, causing errors and confusion.
|
# systems where gpg has never been used, causing errors and confusion.
|
||||||
if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
|
if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
|
||||||
_err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command:"
|
if prompt_yes_no "${INF}The following OpenPGP public key is \
|
||||||
echo " wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -"
|
required to verify the Guix binary signature: $gpg_key_id.
|
||||||
|
Would you like me to fetch it for you? (yes/no)"; then
|
||||||
|
wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
|
||||||
|
-qO - | gpg --import -
|
||||||
|
else
|
||||||
|
_err "${ERR}Missing OpenPGP public key ($gpg_key_id).
|
||||||
|
Fetch it with this command:
|
||||||
|
|
||||||
|
wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | \
|
||||||
|
sudo -i gpg --import -"
|
||||||
exit_flag=yes
|
exit_flag=yes
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
if [ "$exit_flag" = yes ]; then
|
if [ "$exit_flag" = yes ]; then
|
||||||
exit 1
|
exit 1
|
||||||
|
|
@ -451,17 +473,14 @@ sys_enable_guix_daemon()
|
||||||
|
|
||||||
sys_authorize_build_farms()
|
sys_authorize_build_farms()
|
||||||
{ # authorize the public key of the build farm
|
{ # authorize the public key of the build farm
|
||||||
while true; do
|
if prompt_yes_no "Permit downloading pre-built package binaries from the \
|
||||||
read -rp "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
|
project's build farm? (yes/no) "; then
|
||||||
case $yn in
|
guix archive --authorize \
|
||||||
[Yy]*) guix archive --authorize < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
|
< "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
|
||||||
_msg "${PAS}Authorized public key for ci.guix.gnu.org";
|
&& _msg "${PAS}Authorized public key for ci.guix.gnu.org"
|
||||||
break;;
|
else
|
||||||
[Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
|
_msg "${INF}Skipped authorizing build farm public keys"
|
||||||
break;;
|
fi
|
||||||
*) _msg "Please answer yes or no.";
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sys_create_init_profile()
|
sys_create_init_profile()
|
||||||
|
|
|
||||||
Reference in a new issue