@@ -145,8 +145,9 @@ defmodule Nodelix.VersionManager do
145145 Logger . debug ( "Using GPG to retrieve #{ length ( missing_keys ) } )
146146
147147 { messages , _ } =
148- GPGex . cmd! ( [ "--keyserver" , "hkps://keys.openpgp.org" , "--recv-keys" ] ++ missing_keys ,
149- keystore: keystore
148+ receive_pgp_keys_ignore_revoked! ( missing_keys ,
149+ keystore: keystore ,
150+ keyserver: "hkps://keyserver.ubuntu.com"
150151 )
151152
152153 imported_keys =
@@ -163,12 +164,8 @@ defmodule Nodelix.VersionManager do
163164
164165 still_missing_keys = missing_keys -- imported_keys
165166
166- # because some keys are unverified on keys.openpgp.org,
167- # we make a subsequent call to the Ubuntu keyserver
168- GPGex . cmd! (
169- [ "--keyserver" , "hkps://keyserver.ubuntu.com" , "--recv-keys" ] ++ still_missing_keys ,
170- keystore: keystore
171- )
167+ if length ( still_missing_keys ) > 0 ,
168+ do: Logger . debug ( "Couldn't import following keys: #{ Enum . join ( still_missing_keys , ", " ) } )
172169 end
173170
174171 GPGex . cmd! ( [ "--verify" , checksums_path ] , keystore: keystore )
@@ -274,4 +271,26 @@ defmodule Nodelix.VersionManager do
274271 |> String . replace ( "$target" , target ( ) )
275272 |> String . replace ( "$ext" , extension ( ) )
276273 end
274+
275+ defp receive_pgp_keys_ignore_revoked! ( key_ids , opts ) do
276+ keystore = Keyword . get ( opts , :keystore )
277+ keyserver = Keyword . get ( opts , :keyserver )
278+
279+ keyserver_opts = if keyserver , do: [ "--keyserver" , keyserver ] , else: [ ]
280+
281+ case GPGex . cmd ( keyserver_opts ++ [ "--recv-keys" ] ++ key_ids , keystore: keystore ) do
282+ { :ok , res } ->
283+ res
284+
285+ { :error , { _ , [ first_message | _ ] = stdout , args } } ->
286+ case first_message =~ "can't apply revocation certificate" do
287+ true ->
288+ { [ ] , [ ] }
289+
290+ false ->
291+ raise RuntimeError ,
292+ "GPG command 'gpg #{ Enum . join ( args , " " ) } \n #{ Enum . join ( stdout , "\n " ) }
293+ end
294+ end
295+ end
277296end
0 commit comments