mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 07:06:42 +00:00
key-init: only attempt to import individual user keys if legacy dir exists, skip otherwise
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
parent
ebb4d7ab69
commit
9633d6bfb1
@ -13,8 +13,13 @@ if [ "$(date +%Y)" -lt 2024 ]; then
|
|||||||
change-time.sh
|
change-time.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Import user's keys
|
# Import user's keys if they exist
|
||||||
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
|
if [ -d /.gnupg/keys ]; then
|
||||||
|
# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
|
||||||
|
# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
|
||||||
|
# TODO: Remove individual key imports. This is still valid for distro keys only below.
|
||||||
|
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
|
||||||
|
fi
|
||||||
|
|
||||||
# Import trusted distro keys allowed for ISO signing
|
# Import trusted distro keys allowed for ISO signing
|
||||||
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
|
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
|
||||||
|
Loading…
Reference in New Issue
Block a user