ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
heads/initrd/bin/key-init
Jonathon Hall 62c8366d20
key-init: If time resets, tell user to set it, but allow skipping 
The 'warn' message was not very effective, because change-time.sh
clears the screen right after.  Prompt with whiptail instead, which
also lets the user know what's happening before we drop them into a
series of prompts.

Let the user skip changing time if they really want to.  While they
usually should set the time, it's rather frustrating if Heads forces
them to go through these prompts when they don't want to.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-06 09:27:37 -04:00

36 lines
1.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
set -e -o pipefail
. /etc/functions
. /etc/gui_functions
TRACE_FUNC
# Post processing of keys
# Good system clock is required for GPG to work properly.
# if system year is less then 2024, prompt user to set correct time
if [ "$(date +%Y)" -lt 2024 ]; then
if whiptail_warning --title "System Time Incorrect" \
--yesno "The system time is incorrect. Please set the correct time." \
0 80 --yes-button Continue --no-button Skip --clear; then
change-time.sh
fi
fi
# Import user's keys if they exist
if [ -d /.gnupg/keys ]; then
# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
# TODO: Remove individual key imports. This is still valid for distro keys only below.
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
fi
# Import trusted distro keys allowed for ISO signing
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed"
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed"
# Add user's keys to the list of trusted keys for ISO signing
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed"
Reference in New Issue View Git Blame Copy Permalink