mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 15:16:42 +00:00
62c8366d20
The 'warn' message was not very effective, because change-time.sh clears the screen right after. Prompt with whiptail instead, which also lets the user know what's happening before we drop them into a series of prompts. Let the user skip changing time if they really want to. While they usually should set the time, it's rather frustrating if Heads forces them to go through these prompts when they don't want to. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>
36 lines
1.7 KiB
Bash
Executable File
36 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e -o pipefail
|
|
. /etc/functions
|
|
. /etc/gui_functions
|
|
|
|
TRACE_FUNC
|
|
|
|
# Post processing of keys
|
|
|
|
# Good system clock is required for GPG to work properly.
|
|
# if system year is less then 2024, prompt user to set correct time
|
|
if [ "$(date +%Y)" -lt 2024 ]; then
|
|
if whiptail_warning --title "System Time Incorrect" \
|
|
--yesno "The system time is incorrect. Please set the correct time." \
|
|
0 80 --yes-button Continue --no-button Skip --clear; then
|
|
change-time.sh
|
|
fi
|
|
fi
|
|
|
|
# Import user's keys if they exist
|
|
if [ -d /.gnupg/keys ]; then
|
|
# This is legacy location for user's keys. cbfs-init takes for granted that keyring and trustdb are in /.gnupg
|
|
# oem-factory-reset generates keyring and trustdb which cbfs-init dumps to /.gnupg
|
|
# TODO: Remove individual key imports. This is still valid for distro keys only below.
|
|
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || warn "Importing user's keys failed"
|
|
fi
|
|
|
|
# Import trusted distro keys allowed for ISO signing
|
|
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || warn "Importing distro keys failed"
|
|
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
|
|
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || warn "Setting distro keys ultimate trust failed"
|
|
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || warn "Updating distro keys trust failed"
|
|
|
|
# Add user's keys to the list of trusted keys for ISO signing
|
|
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || warn "Adding user's keys to distro keys failed"
|