From b03f663629469fbc84aaf6bc979d491d5a4da7d2 Mon Sep 17 00:00:00 2001 From: Joel Watson Date: Wed, 21 Feb 2024 15:16:46 -0600 Subject: [PATCH] Add error handling for use-keyboxd incompatibility --- scripts/install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install.sh b/scripts/install.sh index 505c5080..2a956478 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -7,6 +7,7 @@ set -e # 2 insufficient perms # 3 gnupg package not installed # 4 ~/.gnupg ownership issue +# 5 incompatible use-keyboxd option enabled DOPPLER_DOMAIN="cli.doppler.com" DEBUG=0 @@ -473,6 +474,9 @@ log "Verifying signature" if [ -d ~/.gnupg ]; then # Run sudo chown -r $(whoami) ~/.gnupg to fix this ls -l ~/.gnupg > /dev/null 2>&1 || (log "Failed to read ~/.gnupg. Please verify the directory's ownership, or run 'sudo chown -R $(whoami) ~/.gnupg' to fix this." && clean_exit 4) + + # Make sure use-keyboxd isn't set. This causes gpg to ignore ALL keyrings, so --no-default-keyring and --keyring are ignored if that's enabled. + gpgconf --list-options gpg | grep use_keyboxd | grep "0::" > /dev/null 2>&1 || (log "Incompatible gpg option 'use-keyboxd' is enabled. Please disable that option or manually import the public key from https://cli.doppler.com/keys/public." && clean_exit 5) fi gpg --no-default-keyring --keyring "$key_filename" --verify "$sig_filename" "$filename" > /dev/null 2>&1 || (log "Failed to verify binary signature" && clean_exit 1) log_debug "Signature successfully verified!"