diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2017-03-15 00:52:20 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-03-15 01:13:08 +0100 |
commit | f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f (patch) | |
tree | 6cc473c7c8e1ffe3e2d32116bf7ee1d53a3a9f4b /nixos/modules/services/networking/dnscrypt-proxy.nix | |
parent | de15e7894b582efffceead81e437cd6992debb9f (diff) | |
download | nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.tar nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.tar.gz nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.tar.bz2 nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.tar.lz nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.tar.xz nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.tar.zst nixlib-f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f.zip |
nixos/dnscrypt-proxy: log resolver list verification failure
Otherwise, the service unit just fails for no discernable reason. Verifcation failure is bad so it ought to be easily discoverable.
Diffstat (limited to 'nixos/modules/services/networking/dnscrypt-proxy.nix')
-rw-r--r-- | nixos/modules/services/networking/dnscrypt-proxy.nix | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 9183700a73dc..d382fa8c9cb2 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -261,8 +261,11 @@ in $get -o dnscrypt-resolvers.csv.minisig.tmp \ https://$domain/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv.minisig mv dnscrypt-resolvers.csv.minisig{.tmp,} - minisign -q -V -p ${upstreamResolverListPubKey} \ - -m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig + if ! minisign -q -V -p ${upstreamResolverListPubKey} \ + -m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig ; then + echo "failed to verify resolver list!" >&2 + exit 1 + fi [[ -f dnscrypt-resolvers.csv ]] && mv dnscrypt-resolvers.csv{,.old} mv dnscrypt-resolvers.csv{.tmp,} if cmp dnscrypt-resolvers.csv{,.old} ; then |