From b7430cbecc9b8dfca8abfbf553f228c77ac25549 Mon Sep 17 00:00:00 2001 From: Thomas B Homburg Date: Fri, 8 May 2020 14:32:14 +0200 Subject: [PATCH] Fix install --- bin/install | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/install b/bin/install index 84cfa4a..5d80926 100755 --- a/bin/install +++ b/bin/install @@ -189,7 +189,7 @@ download_and_verify_checksums() { export GNUPGHOME="${ASDF_DIR:-$HOME/.asdf}/keyrings/nodejs" fi - if ! $gnugp_verify_command_name --keyring asdf-nodejs.gpg --display-charset utf-8 --verify "$signed_checksum_file" 2>/dev/null; then + if ! $gnugp_verify_command_name --no-default-keyring --keyring asdf-nodejs.gpg --display-charset utf-8 --verify "$signed_checksum_file" 2>/dev/null; then # Try default keyring if ! $gnugp_verify_command_name --display-charset utf-8 --verify "$signed_checksum_file" 2>/dev/null; then echo "Authenticity of checksum file can not be assured! Please be sure to check the README of asdf-nodejs in case you did not yet import the needed PGP keys. If you already did that then that is the point to become SUSPICIOUS! There must be a reason why this is failing. If you are installing an older NodeJS version you might need to import OpenPGP keys of previous release managers. Exiting." >&2 @@ -198,6 +198,7 @@ download_and_verify_checksums() { fi ## Mitigates: https://github.com/nodejs/node/issues/6821 local authentic_checksum_file="$tmp_download_dir/authentic_SHASUMS256.txt" + $gnugp_verify_command_name --no-default-keyring --keyring asdf-nodejs.gpg --output "${authentic_checksum_file}" --decrypt "$signed_checksum_file" 2>/dev/null || \ $gnugp_verify_command_name --output "${authentic_checksum_file}" --decrypt "$signed_checksum_file" 2>/dev/null ) elif [ "${NODEJS_CHECK_SIGNATURES}" == "strict" ]; then