mirrors/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2024-11-19 09:53:54 +01:00
Code Issues Projects Releases Wiki Activity

scripts: use gpg --homedir flag to fix new behavior in 2.4

Browse Source 
With the latest Golang Docker base image we are using the new gpg
version 2.4 is now being installed in the lnd Docker base image.

Apparently the expected value for the --keyring flag is just a file name
and not an absolute path. The path of the file is indicated either by
the $HOME environment variable or the --homedir flag. It looks like 2.4
now finally stopped supporting an absolute path in the --keyring flag
and we need to update our gpg command to make the script work again.

This should be backward compatible and still work on older versions of
gpg.
This commit is contained in:
Oliver Gugger 2023-06-12 09:31:26 +02:00
parent 287b0ac219
commit 8c9f4515b6
No known key found for this signature in database
GPG Key ID: 8E4256593F177720
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
scripts/verify-install.sh
View File

@ -66,8 +66,8 @@ function import_keys() {
USERNAME=$(echo $key | cut -d' ' -f2)
IMPORT_FILE="keys/$USERNAME.asc"
KEY_FILE="$DIR/$IMPORT_FILE"
KEYRING_UNTRUSTED="$TEMP_DIR/$USERNAME.pgp-untrusted"
KEYRING_TRUSTED="$TEMP_DIR/$USERNAME.pgp"
KEYRING_UNTRUSTED="$USERNAME.pgp-untrusted"
KEYRING_TRUSTED="$USERNAME.pgp"
# Because a key file could contain multiple keys, we need to be careful. To
# make sure we only import and use the key with the hard coded key ID of
@ -79,14 +79,14 @@ function import_keys() {
# few lines.
echo ""
echo "Importing key(s) from $KEY_FILE into temporary keyring $KEYRING_UNTRUSTED"
gpg --no-default-keyring --keyring "$KEYRING_UNTRUSTED" \
gpg --homedir "$TEMP_DIR" --no-default-keyring --keyring "$KEYRING_UNTRUSTED" \
--import < "$KEY_FILE"
echo ""
echo "Exporting key $KEY_ID from untrusted keyring to trusted keyring $KEYRING_TRUSTED"
gpg --no-default-keyring --keyring "$KEYRING_UNTRUSTED" \
gpg --homedir "$TEMP_DIR" --no-default-keyring --keyring "$KEYRING_UNTRUSTED" \
--export "$KEY_ID" | \
gpg --no-default-keyring --keyring "$KEYRING_TRUSTED" --import
gpg --homedir "$TEMP_DIR" --no-default-keyring --keyring "$KEYRING_TRUSTED" --import
done
}
@ -137,8 +137,8 @@ function verify_signatures() {
USERNAME=${USERNAME##manifest-}
# If the user is known, they should have a key ring file with only their key.
KEYRING="$TEMP_DIR/$USERNAME.pgp"
if [[ ! -f "$KEYRING" ]]; then
KEYRING="$USERNAME.pgp"
if [[ ! -f "$TEMP_DIR/$KEYRING" ]]; then
echo "User $USERNAME does not have a known key, skipping"
continue
fi
@ -156,7 +156,7 @@ function verify_signatures() {
fi
# Run the actual verification.
gpg --no-default-keyring --keyring "$KEYRING" --status-fd=1 \
gpg --homedir "$TEMP_DIR" --no-default-keyring --keyring "$KEYRING" --status-fd=1 \
--verify "$TEMP_DIR/$signature" "$TEMP_DIR/$MANIFEST" \
> "$STATUS_FILE" 2>&1 || { echo "ERROR: Invalid signature!"; exit 1; }