public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/dnscrypt-proxy: log resolver list verification failure

Browse Source 
Otherwise, the service unit just fails for no discernable
reason.  Verifcation failure is bad so it ought to be easily
discoverable.
This commit is contained in:
Joachim Fasting
2017-03-15 00:52:20 +01:00
parent de15e7894b
commit f122f0147b
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/services/networking/dnscrypt-proxy.nix
View File

@@ -261,8 +261,11 @@ in
$get -o dnscrypt-resolvers.csv.minisig.tmp \
https://$domain/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv.minisig
mv dnscrypt-resolvers.csv.minisig{.tmp,}
minisign -q -V -p ${upstreamResolverListPubKey} \
-m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig
if ! minisign -q -V -p ${upstreamResolverListPubKey} \
-m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig ; then
echo "failed to verify resolver list!" >&2
exit 1
fi
[[ -f dnscrypt-resolvers.csv ]] && mv dnscrypt-resolvers.csv{,.old}
mv dnscrypt-resolvers.csv{.tmp,}
if cmp dnscrypt-resolvers.csv{,.old} ; then