ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

confirm_gpg_card: prompt for retry on detection failure

Browse Source 
Initial card detection can sometimes fail, so prompt the user
to remove/reinsert their GPG card before retrying. Since
errexit is likely set, disable it prior to calling --card-status so
we can handle the error ourself, then re-set if necessary when done.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
This commit is contained in:
Matt DeVillier 2019-07-09 16:46:14 -05:00
parent 5ff3849c16
commit c33209add1
No known key found for this signature in database
GPG Key ID: 2BBB776A35B978FD
1 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
initrd/etc/functions
View File

@ -136,8 +136,28 @@ confirm_gpg_card()
# setup the USB so we can reach the GPG card # setup the USB so we can reach the GPG card
enable_usb enable_usb
gpg --card-status \ echo -e "\nVerifying presence of GPG card...\n"
# ensure we don't exit without retrying
errexit=$(set -o | grep errexit | awk '{print $2}')
set +e
gpg --card-status > /dev/null
if [ $? -ne 0 ]; then
# prompt for reinsertion and try a second time
read -n1 -r -p \
"Can't access GPG key; remove and reinsert, then press Enter to retry. " \
ignored
# restore prev errexit state
if [ "$errexit" = "on" ]; then
set -e
fi
# retry card status
gpg --card-status > /dev/null \
|| die "gpg card read failed" || die "gpg card read failed"
fi
# restore prev errexit state
if [ "$errexit" = "on" ]; then
set -e
fi
} }