From 676e824e92c7b2abe45f46c89580c96f99a8d43f Mon Sep 17 00:00:00 2001 From: "dylhack.dev" Date: Tue, 24 Jan 2023 12:28:54 -0600 Subject: features/nix: remove PGP check (#414) * nix: remove PGP check * fix issues --- src/nix/devcontainer-feature.json | 2 +- src/nix/install.sh | 10 ---------- src/nix/utils.sh | 35 ----------------------------------- 3 files changed, 1 insertion(+), 46 deletions(-) diff --git a/src/nix/devcontainer-feature.json b/src/nix/devcontainer-feature.json index b112040..664f68c 100644 --- a/src/nix/devcontainer-feature.json +++ b/src/nix/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "nix", - "version": "1.1.1", + "version": "1.1.2", "name": "Nix Package Manager", "documentationURL": "https://github.com/devcontainers/features/tree/main/src/nix", "description": "Installs the Nix package manager and optionally a set of packages.", diff --git a/src/nix/install.sh b/src/nix/install.sh index 80f9ace..ed048fe 100755 --- a/src/nix/install.sh +++ b/src/nix/install.sh @@ -12,12 +12,6 @@ FLAKEURI="${FLAKEURI:-""}" EXTRANIXCONFIG="${EXTRANIXCONFIG:-""}" USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}" -# Nix keys for securely verifying installer download signature per https://nixos.org/download.html#nix-verify-installation -NIX_GPG_KEYS="B541D55301270E0BCF15CA5D8170B4726D7198DE" -GPG_KEY_SERVERS="keyserver hkp://keyserver.ubuntu.com -keyserver hkps://keys.openpgp.org -keyserver hkp://keyserver.pgp.com" - if [ "$(id -u)" -ne 0 ]; then echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' exit 1 @@ -61,10 +55,6 @@ else find_prev_version_from_git_tags VERSION https://github.com/NixOS/nix "tags/" curl -sSLf -o "${tmpdir}/install-nix" https://releases.nixos.org/nix/nix-${VERSION}/install fi - curl -sSLf -o "${tmpdir}/install-nix.asc" https://releases.nixos.org/nix/nix-${VERSION}/install.asc - cd "${tmpdir}" - receive_gpg_keys NIX_GPG_KEYS - gpg2 --verify ./install-nix.asc cd "${FEATURE_DIR}" # Do a multi or single-user setup based on feature config diff --git a/src/nix/utils.sh b/src/nix/utils.sh index 7cb55f2..f94fd3d 100755 --- a/src/nix/utils.sh +++ b/src/nix/utils.sh @@ -82,41 +82,6 @@ detect_user() { fi } -# Import the specified key in a variable name passed in as -receive_gpg_keys() { - local keys=${!1} - local keyring_args="" - if [ ! -z "$2" ]; then - mkdir -p "$(dirname \"$2\")" - keyring_args="--no-default-keyring --keyring $2" - fi - - # Use a temporary location for gpg keys to avoid polluting image - export GNUPGHOME="/tmp/tmp-gnupg" - mkdir -p ${GNUPGHOME} - chmod 700 ${GNUPGHOME} - echo -e "disable-ipv6\n${GPG_KEY_SERVERS}" > ${GNUPGHOME}/dirmngr.conf - # GPG key download sometimes fails for some reason and retrying fixes it. - local retry_count=0 - local gpg_ok="false" - set +e - until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ]; - do - echo "(*) Downloading GPG key..." - ( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys) 2>&1 && gpg_ok="true" - if [ "${gpg_ok}" != "true" ]; then - echo "(*) Failed getting key, retring in 10s..." - (( retry_count++ )) - sleep 10s - fi - done - set -e - if [ "${gpg_ok}" = "false" ]; then - echo "(!) Failed to get gpg key." - exit 1 - fi -} - # Figure out correct version of a three part version number is not passed find_version_from_git_tags() { local variable_name=$1 -- cgit v1.2.3