[PATCH] etc: Automatically download the pgp key

  • Done
  • quality assurance status badge
Details
2 participants
  • Julien Lepiller
  • Ludovic Courtès
Owner
unassigned
Submitted by
Julien Lepiller
Severity
normal
J
J
Julien Lepiller wrote on 20 Feb 2020 02:22
(address . guix-patches@gnu.org)
20200220022220.04906816@tachikoma.lepiller.eu
Hi guix,

this patch should improve the way the gpg key is fetched. Instead of
asking the user to copy the command, when the user passes
--allow-import-gpg, the script will import the gpg key by itself.

The rationale behind this is a user complaining a few weeks ago on the
Fediverse that the installation video didn't work. In fact, they didn't
understand the gpg command and failed to import the key; mentionning
--allow-import-gpg in the video should help in that case :)
J
J
Julien Lepiller wrote on 20 Feb 2020 13:41
(address . 39684@debbugs.gnu.org)
20200220134159.70db5633@tachikoma.lepiller.eu
Le Thu, 20 Feb 2020 02:22:20 +0100,
Julien Lepiller <julien@lepiller.eu> a écrit :

Toggle quote (15 lines)
> Hi guix,
>
> this patch should improve the way the gpg key is fetched. Instead of
> asking the user to copy the command, when the user passes
> --allow-import-gpg, the script will import the gpg key by itself.
>
> The rationale behind this is a user complaining a few weeks ago on the
> Fediverse that the installation video didn't work. In fact, they
> didn't understand the gpg command and failed to import the key;
> mentionning --allow-import-gpg in the video should help in that case
> :)
>
>
>

Here is the patch :)
From aebea6bcfa615bc644c9afa1120eeb34f0956c5a Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Thu, 20 Feb 2020 02:14:39 +0100
Subject: [PATCH] etc: Add an `allow-import-gpg' option to the installer
script.

* etc/guix-install.sh: Add an `allow-import-gpg' option to support
fetching the OpenPGP public key automatically.
---
etc/guix-install.sh | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)

Toggle diff (51 lines)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index bfd3842933..d96c5838b8 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -57,6 +57,7 @@ INF="[ INFO ] "
DEBUG=0
GNU_URL="https://ftp.gnu.org/gnu/guix/"
OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
+GPG_IMPORT=0
# This script needs to know where root's home directory is. However, we
# cannot simply use the HOME environment variable, since there is no guarantee
@@ -109,9 +110,14 @@ chk_gpg_keyring()
# Without --dry-run this command will create a ~/.gnupg owned by root on
# systems where gpg has never been used, causing errors and confusion.
gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
- _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
- echo " wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -"
- exit 1
+ if [ "${GPG_IMPORT}" = "1" ]; then
+ wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -
+ else
+ _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
+ echo " wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -"
+ _err "or run this script with the --allow-import-gpg option"
+ exit 1
+ fi
)
}
@@ -484,4 +490,18 @@ main()
_msg "${INF}Run 'info guix' to read the manual."
}
+# Reading options
+while [[ $# -gt 0 ]]; do
+ case "$1" in
+ --allow-import-gpg)
+ GPG_IMPORT=1
+ shift
+ ;;
+ *)
+ _err "Unknown option $1"
+ exit 1
+ ;;
+ esac
+done
+
main "$@"
--
2.24.0
L
L
Ludovic Courtès wrote on 18 Mar 2020 10:59
(name . Julien Lepiller)(address . julien@lepiller.eu)(address . 39684@debbugs.gnu.org)
87o8su9e6z.fsf@gnu.org
Hi Julien!

Julien Lepiller <julien@lepiller.eu> skribis:

Toggle quote (9 lines)
>>From aebea6bcfa615bc644c9afa1120eeb34f0956c5a Mon Sep 17 00:00:00 2001
> From: Julien Lepiller <julien@lepiller.eu>
> Date: Thu, 20 Feb 2020 02:14:39 +0100
> Subject: [PATCH] etc: Add an `allow-import-gpg' option to the installer
> script.
>
> * etc/guix-install.sh: Add an `allow-import-gpg' option to support
> fetching the OpenPGP public key automatically.

Sounds like a good idea.

Toggle quote (8 lines)
> --- a/etc/guix-install.sh
> +++ b/etc/guix-install.sh
> @@ -57,6 +57,7 @@ INF="[ INFO ] "
> DEBUG=0
> GNU_URL="https://ftp.gnu.org/gnu/guix/"
> OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
> +GPG_IMPORT=0

Perhaps define:


and use it everywhere?

Toggle quote (12 lines)
> # This script needs to know where root's home directory is. However, we
> # cannot simply use the HOME environment variable, since there is no guarantee
> @@ -109,9 +110,14 @@ chk_gpg_keyring()
> # Without --dry-run this command will create a ~/.gnupg owned by root on
> # systems where gpg has never been used, causing errors and confusion.
> gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
> - _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
> - echo " wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -"
> - exit 1
> + if [ "${GPG_IMPORT}" = "1" ]; then
> + wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -

This would become wget "$OPENPGP_KEY_URL" (better use quotes).

Thanks!

Ludo’.
J
J
Julien Lepiller wrote on 19 Nov 2021 16:38
etc: Automatically download the gpg key
(address . 39684-close@debbugs.gnu.org)
65FB426E-E051-4ADB-93D5-BC5D141B7FEE@lepiller.eu
An equivalent functionnality was implemented independently, so closing. Thanks!
Attachment: file
?