From c33209add18122894c10b8fef810de7eec04d559 Mon Sep 17 00:00:00 2001
From: Matt DeVillier <matt.devillier@puri.sm>
Date: Tue, 9 Jul 2019 16:46:14 -0500
Subject: [PATCH] confirm_gpg_card: prompt for retry on detection failure

Initial card detection can sometimes fail, so prompt the user
to remove/reinsert their GPG card before retrying. Since
errexit is likely set, disable it prior to calling --card-status so
we can handle the error ourself, then re-set if necessary when done.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
---
 initrd/etc/functions | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/initrd/etc/functions b/initrd/etc/functions
index 7a2cfdac..d6cf0c14 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -136,8 +136,28 @@ confirm_gpg_card()
 	# setup the USB so we can reach the GPG card
 	enable_usb
 
-	gpg --card-status \
-	|| die "gpg card read failed"
+	echo -e "\nVerifying presence of GPG card...\n"
+	# ensure we don't exit without retrying
+	errexit=$(set -o | grep errexit | awk '{print $2}')
+	set +e
+	gpg --card-status > /dev/null
+	if [ $? -ne 0 ]; then
+	  # prompt for reinsertion and try a second time
+	  read -n1 -r -p \
+	      "Can't access GPG key; remove and reinsert, then press Enter to retry. " \
+	      ignored
+	  # restore prev errexit state
+	  if [ "$errexit" = "on" ]; then
+	    set -e
+	  fi
+	  # retry card status
+	  gpg --card-status > /dev/null \
+	  	|| die "gpg card read failed"
+	fi
+	# restore prev errexit state
+	if [ "$errexit" = "on" ]; then
+	  set -e
+	fi
 }