features/nix: remove PGP check (#414)
* nix: remove PGP check * fix issues
This commit is contained in:
parent
3a579894a0
commit
676e824e92
3 changed files with 1 additions and 46 deletions
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"id": "nix",
|
"id": "nix",
|
||||||
"version": "1.1.1",
|
"version": "1.1.2",
|
||||||
"name": "Nix Package Manager",
|
"name": "Nix Package Manager",
|
||||||
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/nix",
|
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/nix",
|
||||||
"description": "Installs the Nix package manager and optionally a set of packages.",
|
"description": "Installs the Nix package manager and optionally a set of packages.",
|
||||||
|
|
|
@ -12,12 +12,6 @@ FLAKEURI="${FLAKEURI:-""}"
|
||||||
EXTRANIXCONFIG="${EXTRANIXCONFIG:-""}"
|
EXTRANIXCONFIG="${EXTRANIXCONFIG:-""}"
|
||||||
USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
|
USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
|
||||||
|
|
||||||
# Nix keys for securely verifying installer download signature per https://nixos.org/download.html#nix-verify-installation
|
|
||||||
NIX_GPG_KEYS="B541D55301270E0BCF15CA5D8170B4726D7198DE"
|
|
||||||
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
|
|
||||||
keyserver hkps://keys.openpgp.org
|
|
||||||
keyserver hkp://keyserver.pgp.com"
|
|
||||||
|
|
||||||
if [ "$(id -u)" -ne 0 ]; then
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
|
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -61,10 +55,6 @@ else
|
||||||
find_prev_version_from_git_tags VERSION https://github.com/NixOS/nix "tags/"
|
find_prev_version_from_git_tags VERSION https://github.com/NixOS/nix "tags/"
|
||||||
curl -sSLf -o "${tmpdir}/install-nix" https://releases.nixos.org/nix/nix-${VERSION}/install
|
curl -sSLf -o "${tmpdir}/install-nix" https://releases.nixos.org/nix/nix-${VERSION}/install
|
||||||
fi
|
fi
|
||||||
curl -sSLf -o "${tmpdir}/install-nix.asc" https://releases.nixos.org/nix/nix-${VERSION}/install.asc
|
|
||||||
cd "${tmpdir}"
|
|
||||||
receive_gpg_keys NIX_GPG_KEYS
|
|
||||||
gpg2 --verify ./install-nix.asc
|
|
||||||
cd "${FEATURE_DIR}"
|
cd "${FEATURE_DIR}"
|
||||||
|
|
||||||
# Do a multi or single-user setup based on feature config
|
# Do a multi or single-user setup based on feature config
|
||||||
|
|
|
@ -82,41 +82,6 @@ detect_user() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Import the specified key in a variable name passed in as
|
|
||||||
receive_gpg_keys() {
|
|
||||||
local keys=${!1}
|
|
||||||
local keyring_args=""
|
|
||||||
if [ ! -z "$2" ]; then
|
|
||||||
mkdir -p "$(dirname \"$2\")"
|
|
||||||
keyring_args="--no-default-keyring --keyring $2"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Use a temporary location for gpg keys to avoid polluting image
|
|
||||||
export GNUPGHOME="/tmp/tmp-gnupg"
|
|
||||||
mkdir -p ${GNUPGHOME}
|
|
||||||
chmod 700 ${GNUPGHOME}
|
|
||||||
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
|
|
||||||
# GPG key download sometimes fails for some reason and retrying fixes it.
|
|
||||||
local retry_count=0
|
|
||||||
local gpg_ok="false"
|
|
||||||
set +e
|
|
||||||
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ];
|
|
||||||
do
|
|
||||||
echo "(*) Downloading GPG key..."
|
|
||||||
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys) 2>&1 && gpg_ok="true"
|
|
||||||
if [ "${gpg_ok}" != "true" ]; then
|
|
||||||
echo "(*) Failed getting key, retring in 10s..."
|
|
||||||
(( retry_count++ ))
|
|
||||||
sleep 10s
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
set -e
|
|
||||||
if [ "${gpg_ok}" = "false" ]; then
|
|
||||||
echo "(!) Failed to get gpg key."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Figure out correct version of a three part version number is not passed
|
# Figure out correct version of a three part version number is not passed
|
||||||
find_version_from_git_tags() {
|
find_version_from_git_tags() {
|
||||||
local variable_name=$1
|
local variable_name=$1
|
||||||
|
|
Loading…
Reference in a new issue