NeonXP/features
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

features/nix: remove PGP check (#414)

Browse source 
* nix: remove PGP check

* fix issues
This commit is contained in:
dylhack.dev 2023-01-24 12:28:54 -06:00 committed by GitHub
parent 3a579894a0
commit 676e824e92
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 1 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/nix/devcontainer-feature.json
View file

@ -1,6 +1,6 @@
{ {
"id": "nix", "id": "nix",
"version": "1.1.1", "version": "1.1.2",
"name": "Nix Package Manager", "name": "Nix Package Manager",
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/nix", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/nix",
"description": "Installs the Nix package manager and optionally a set of packages.", "description": "Installs the Nix package manager and optionally a set of packages.",

10
src/nix/install.sh
View file

@ -12,12 +12,6 @@ FLAKEURI="${FLAKEURI:-""}"
EXTRANIXCONFIG="${EXTRANIXCONFIG:-""}" EXTRANIXCONFIG="${EXTRANIXCONFIG:-""}"
USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
# Nix keys for securely verifying installer download signature per https://nixos.org/download.html#nix-verify-installation
NIX_GPG_KEYS="B541D55301270E0BCF15CA5D8170B4726D7198DE"
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
keyserver hkps://keys.openpgp.org
keyserver hkp://keyserver.pgp.com"
if [ "$(id -u)" -ne 0 ]; then if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1 exit 1
@ -61,10 +55,6 @@ else
find_prev_version_from_git_tags VERSION https://github.com/NixOS/nix "tags/" find_prev_version_from_git_tags VERSION https://github.com/NixOS/nix "tags/"
curl -sSLf -o "${tmpdir}/install-nix" https://releases.nixos.org/nix/nix-${VERSION}/install curl -sSLf -o "${tmpdir}/install-nix" https://releases.nixos.org/nix/nix-${VERSION}/install
fi fi
curl -sSLf -o "${tmpdir}/install-nix.asc" https://releases.nixos.org/nix/nix-${VERSION}/install.asc
cd "${tmpdir}"
receive_gpg_keys NIX_GPG_KEYS
gpg2 --verify ./install-nix.asc
cd "${FEATURE_DIR}" cd "${FEATURE_DIR}"
# Do a multi or single-user setup based on feature config # Do a multi or single-user setup based on feature config

35
src/nix/utils.sh
View file

@ -82,41 +82,6 @@ detect_user() {
fi fi
} }
# Import the specified key in a variable name passed in as
receive_gpg_keys() {
local keys=${!1}
local keyring_args=""
if [ ! -z "$2" ]; then
mkdir -p "$(dirname \"$2\")"
keyring_args="--no-default-keyring --keyring $2"
fi
# Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0
local gpg_ok="false"
set +e
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ];
do
echo "(*) Downloading GPG key..."
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys) 2>&1 && gpg_ok="true"
if [ "${gpg_ok}" != "true" ]; then
echo "(*) Failed getting key, retring in 10s..."
(( retry_count++ ))
sleep 10s
fi
done
set -e
if [ "${gpg_ok}" = "false" ]; then
echo "(!) Failed to get gpg key."
exit 1
fi
}
# Figure out correct version of a three part version number is not passed # Figure out correct version of a three part version number is not passed
find_version_from_git_tags() { find_version_from_git_tags() {
local variable_name=$1 local variable_name=$1