guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 1fea6b359fe2f5f7b4ac0b613966766a6dcdcea7
Author: Nilesh Patra <[email protected]>
AuthorDate: Sun Nov 23 03:06:17 2025 +0530
guix-install.sh: Fetch gpg keys from codeberg and public keyservers.
Instead of fetching from no longer responsive gnu.org, fetch from
Codeberg.org, falling back to public keyservers in case codeberg
is down or unresponsive.
* etc/guix-install.sh
(GPG_SIGNING_KEY): Change gnu.org user ids to codeberg usernames.
(PUBLIC_KEYSERVERS): Add variable.
(chk_gpg_keyring): Use codeberg for fetching gpgs and fallback to public
keyservers.
Change-Id: Iddcd31239e2f3460d920194d62443ff00be7c957
Signed-off-by: Rutherther <[email protected]>
---
etc/guix-install.sh | 41 +++++++++++++++++++++++++++++++----------
1 file changed, 31 insertions(+), 10 deletions(-)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 57fd88e509..775a684258 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -105,10 +105,11 @@ DEBUG=0
GNU_URL="https://ftpmirror.gnu.org/gnu/guix/";
# The following associative array holds set of GPG keys used to sign the
-# releases, keyed by their corresponding Savannah user ID.
+# releases, keyed by their corresponding Codeberg user name.
declare -A GPG_SIGNING_KEYS
-GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
-GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
+GPG_SIGNING_KEYS["civodul"]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
+GPG_SIGNING_KEYS["apteryx"]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
+PUBLIC_KEYSERVERS="keys.openpgp.org pgpkeys.eu keyserver.ubuntu.com"
#
------------------------------------------------------------------------------
#+UTILITIES
@@ -203,6 +204,7 @@ chk_gpg_keyring()
for user_id in "${!GPG_SIGNING_KEYS[@]}"; do
gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
+ codeberg_username=$user_id
# Without --dry-run this command will create a ~/.gnupg owned by root
on
# systems where gpg has never been used, causing errors and confusion.
if gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
@@ -211,20 +213,39 @@ chk_gpg_keyring()
if prompt_yes_no "${INF}The following OpenPGP public key is \
required to verify the Guix binary signature: $gpg_key_id.
Would you like me to fetch it for you?"; then
- # Use a reasonable time-out here so users don't report silent
- # ‘freezes’ when Savannah goes out to lunch, as has happened.
- if wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id"; \
- --timeout=30 --no-verbose -O- | gpg --import -; then
+ if wget "https://codeberg.org/$codeberg_username.gpg"; \
+ --tries=1 --timeout=30 --no-verbose -O- | gpg --import -;
then
+ continue
+ fi
+
+ key_obtained=false
+ # Try to fetch keys from an available keyserver
+ for key_server in $PUBLIC_KEYSERVERS; do
+ if gpg --keyserver $key_server --recv-key $gpg_key_id; then
+ key_obtained=true
+ break
+ fi
+ done
+
+ if $key_obtained; then
continue
fi
fi
# If we reach this point, the key is (still) missing. Report further
# missing keys, if any, but then abort the installation.
_err "Missing OpenPGP public key ($gpg_key_id).
-Fetch it with this command:
+Fetch it with codeberg username:
+
+ wget \"https://codeberg.org/$codeberg_username.gpg\"; -O - | \
+sudo -i gpg --import -
+
+If this fails, try to fetch it via a keyserver:
- wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\"; -O - | \
-sudo -i gpg --import -"
+ for key_server in $PUBLIC_KEYSERVERS; do
+ if sudo -i gpg --keyserver $key_server --recv-key $gpg_key_id; then
+ break
+ fi
+ done"
exit_flag=yes
done
if [ "$exit_flag" = yes ]; then
