public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/dnscrypt-proxy: log resolver list verification failure

Browse Source 
Otherwise, the service unit just fails for no discernable
reason.  Verifcation failure is bad so it ought to be easily
discoverable.
This commit is contained in:
Joachim Fasting 2017-03-15 00:52:20 +01:00
parent de15e7894b
commit f122f0147b
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/services/networking/dnscrypt-proxy.nix
View File

@ -261,8 +261,11 @@ in
$get -o dnscrypt-resolvers.csv.minisig.tmp \
https://$domain/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv.minisig
mv dnscrypt-resolvers.csv.minisig{.tmp,}
minisign -q -V -p ${upstreamResolverListPubKey} \
-m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig
if ! minisign -q -V -p ${upstreamResolverListPubKey} \
-m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig ; then
echo "failed to verify resolver list!" >&2
exit 1
fi
[[ -f dnscrypt-resolvers.csv ]] && mv dnscrypt-resolvers.csv{,.old}
mv dnscrypt-resolvers.csv{.tmp,}
if cmp dnscrypt-resolvers.csv{,.old} ; then