features/nix: remove PGP check (#414)
* nix: remove PGP check * fix issues
This commit is contained in:
parent
3a579894a0
commit
676e824e92
3 changed files with 1 additions and 46 deletions
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"id": "nix",
|
||||
"version": "1.1.1",
|
||||
"version": "1.1.2",
|
||||
"name": "Nix Package Manager",
|
||||
"documentationURL": "https://github.com/devcontainers/features/tree/main/src/nix",
|
||||
"description": "Installs the Nix package manager and optionally a set of packages.",
|
||||
|
|
|
@ -12,12 +12,6 @@ FLAKEURI="${FLAKEURI:-""}"
|
|||
EXTRANIXCONFIG="${EXTRANIXCONFIG:-""}"
|
||||
USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
|
||||
|
||||
# Nix keys for securely verifying installer download signature per https://nixos.org/download.html#nix-verify-installation
|
||||
NIX_GPG_KEYS="B541D55301270E0BCF15CA5D8170B4726D7198DE"
|
||||
GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com
|
||||
keyserver hkps://keys.openpgp.org
|
||||
keyserver hkp://keyserver.pgp.com"
|
||||
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
|
||||
exit 1
|
||||
|
@ -61,10 +55,6 @@ else
|
|||
find_prev_version_from_git_tags VERSION https://github.com/NixOS/nix "tags/"
|
||||
curl -sSLf -o "${tmpdir}/install-nix" https://releases.nixos.org/nix/nix-${VERSION}/install
|
||||
fi
|
||||
curl -sSLf -o "${tmpdir}/install-nix.asc" https://releases.nixos.org/nix/nix-${VERSION}/install.asc
|
||||
cd "${tmpdir}"
|
||||
receive_gpg_keys NIX_GPG_KEYS
|
||||
gpg2 --verify ./install-nix.asc
|
||||
cd "${FEATURE_DIR}"
|
||||
|
||||
# Do a multi or single-user setup based on feature config
|
||||
|
|
|
@ -82,41 +82,6 @@ detect_user() {
|
|||
fi
|
||||
}
|
||||
|
||||
# Import the specified key in a variable name passed in as
|
||||
receive_gpg_keys() {
|
||||
local keys=${!1}
|
||||
local keyring_args=""
|
||||
if [ ! -z "$2" ]; then
|
||||
mkdir -p "$(dirname \"$2\")"
|
||||
keyring_args="--no-default-keyring --keyring $2"
|
||||
fi
|
||||
|
||||
# Use a temporary location for gpg keys to avoid polluting image
|
||||
export GNUPGHOME="/tmp/tmp-gnupg"
|
||||
mkdir -p ${GNUPGHOME}
|
||||
chmod 700 ${GNUPGHOME}
|
||||
echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf
|
||||
# GPG key download sometimes fails for some reason and retrying fixes it.
|
||||
local retry_count=0
|
||||
local gpg_ok="false"
|
||||
set +e
|
||||
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ];
|
||||
do
|
||||
echo "(*) Downloading GPG key..."
|
||||
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys) 2>&1 && gpg_ok="true"
|
||||
if [ "${gpg_ok}" != "true" ]; then
|
||||
echo "(*) Failed getting key, retring in 10s..."
|
||||
(( retry_count++ ))
|
||||
sleep 10s
|
||||
fi
|
||||
done
|
||||
set -e
|
||||
if [ "${gpg_ok}" = "false" ]; then
|
||||
echo "(!) Failed to get gpg key."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Figure out correct version of a three part version number is not passed
|
||||
find_version_from_git_tags() {
|
||||
local variable_name=$1
|
||||
|
|
Loading…
Reference in a new issue