From 5b0ce3393b7f8853d3154ede930482446a7c0376 Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 4 May 2021 22:25:34 -0400
Subject: guix-install.sh: Propose automatically fetching OpenPGP keys.

Via, for example, yes | ./guix-install.sh.

* etc/guix-install.sh (prompt_yes_no): New procedure.
(chk_gpg_keyring, sys_authorize_build_farms): Use it.
---
 etc/guix-install.sh | 47 +++++++++++++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 14 deletions(-)

(limited to 'etc/guix-install.sh')

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 6a8f7a20c1..9f7bd2038a 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -92,6 +92,18 @@ _debug()
     fi
 }
 
+# Return true if user answered yes, false otherwise.
+# $1: The prompt question.
+prompt_yes_no() {
+    while true; do
+        read -rp "$1" yn
+        case $yn in
+            [Yy]*) return 0;;
+            [Nn]*) return 1;;
+            *) _msg "Please answer yes or no."
+        esac
+    done
+}
 
 chk_require()
 { # Check that every required command is available.
@@ -123,9 +135,19 @@ chk_gpg_keyring()
         # Without --dry-run this command will create a ~/.gnupg owned by root on
         # systems where gpg has never been used, causing errors and confusion.
         if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
-            _err "${ERR}Missing OpenPGP public key ($gpg_key_id).  Fetch it with this command:"
-            echo "  wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -"
-            exit_flag=yes
+            if prompt_yes_no "${INF}The following OpenPGP public key is \
+required to verify the Guix binary signature: $gpg_key_id.
+Would you like me to fetch it for you? (yes/no)"; then
+                wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
+                     -qO - | gpg --import -
+            else
+                _err "${ERR}Missing OpenPGP public key ($gpg_key_id).
+Fetch it with this command:
+
+  wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | \
+sudo -i gpg --import -"
+                exit_flag=yes
+            fi
         fi
     done
     if [ "$exit_flag" = yes ]; then
@@ -451,17 +473,14 @@ sys_enable_guix_daemon()
 
 sys_authorize_build_farms()
 { # authorize the public key of the build farm
-    while true; do
-        read -rp "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
-        case $yn in
-            [Yy]*) guix archive --authorize < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
-                       _msg "${PAS}Authorized public key for ci.guix.gnu.org";
-                   break;;
-            [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
-                   break;;
-            *) _msg "Please answer yes or no.";
-        esac
-    done
+    if prompt_yes_no "Permit downloading pre-built package binaries from the \
+project's build farm? (yes/no) "; then
+        guix archive --authorize \
+             < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
+            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
+        else
+            _msg "${INF}Skipped authorizing build farm public keys"
+    fi
 }
 
 sys_create_init_profile()
-- 
cgit v1.2.3