ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'github-tlaurion/key-init_fix-time_give-warning-on-gpg-errors'

Browse Source 
PR #1776
This commit is contained in:
Jonathon Hall 2024-09-06 09:36:10 -04:00
commit b28c257b85
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
initrd/bin/key-init
View File

@ -1,19 +1,35 @@
#!/bin/bash
set -e -o pipefail
. /etc/functions
. /etc/gui_functions
TRACE_FUNC
# Post processing of keys
# Import user's keys
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || true
# Good system clock is required for GPG to work properly.
# if system year is less then 2024, prompt user to set correct time
if [ "$(date +%Y)" -lt 2024 ]; then
if whiptail_warning --title "System Time Incorrect" \
--yesno "The system time is incorrect. Please set the correct time." \
0 80 --yes-button Continue --no-button Skip --clear; then
change-time.sh
fi
fi
# Import user's keys if they exist
if [ -d /.gnupg/keys ]; then
# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
# TODO: Remove individual key imports. This is still valid for distro keys only below.
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
fi
# Import trusted distro keys allowed for ISO signing
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed"
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed"
# Add user's keys to the list of trusted keys for ISO signing
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed"