diff options
| author | rnhmjoj <rnhmjoj@inventati.org> | 2020-10-26 13:07:49 +0100 |
|---|---|---|
| committer | rnhmjoj <rnhmjoj@inventati.org> | 2020-10-26 13:07:49 +0100 |
| commit | 9e04bba0af3c3d39fe004d55ddb6601ca4caa077 (patch) | |
| tree | 1c05eb3022e75430d83dff0f4e481895d3ff8ffd /nixos/modules/services/networking/dnscrypt-wrapper.nix | |
| parent | 81573a64358c121366c8da519a0abd81a1489ca6 (diff) | |
| download | nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.tar nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.tar.gz nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.tar.bz2 nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.tar.lz nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.tar.xz nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.tar.zst nixpkgs-9e04bba0af3c3d39fe004d55ddb6601ca4caa077.zip | |
nixos/dnscrypt-wrapper: fix key rotation script
Fix an error in the validation code when the public key is in a nonstandard location. The check command fails and the key is incorrectly assumed to be expiring.
Diffstat (limited to 'nixos/modules/services/networking/dnscrypt-wrapper.nix')
| -rw-r--r-- | nixos/modules/services/networking/dnscrypt-wrapper.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index b9333cd19a2..ee7e9b0454d 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -55,7 +55,10 @@ let rotateKeys = '' # check if keys are not expired keyValid() { - fingerprint=$(dnscrypt-wrapper --show-provider-publickey | awk '{print $(NF)}') + fingerprint=$(dnscrypt-wrapper \ + --show-provider-publickey \ + --provider-publickey-file=${publicKey} \ + | awk '{print $(NF)}') dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \ --resolver-address=127.0.0.1:${toString cfg.port} \ --provider-name=${cfg.providerName} \ |