fix: fix trying to import revoked key

nodejs/release-keys#28
sheerlox · Jun 10, 2024 · e20eb9b · e20eb9b
1 parent c829351
commit e20eb9b
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/lib/nodelix/version_manager.ex b/lib/nodelix/version_manager.ex
@@ -145,7 +145,7 @@ defmodule Nodelix.VersionManager do
       Logger.debug("Using GPG to retrieve #{length(missing_keys)} missing signing keys")
 
       {messages, _} =
-        GPGex.cmd!(["--keyserver", "hkps://keys.openpgp.org", "--recv-keys"] ++ missing_keys,
+        GPGex.cmd!(["--keyserver", "hkps://keyserver.ubuntu.com", "--recv-keys"] ++ missing_keys,
           keystore: keystore
         )
 
@@ -163,12 +163,9 @@ defmodule Nodelix.VersionManager do
 
       still_missing_keys = missing_keys -- imported_keys
 
-      # because some keys are unverified on keys.openpgp.org,
-      # we make a subsequent call to the Ubuntu keyserver
-      GPGex.cmd!(
-        ["--keyserver", "hkps://keyserver.ubuntu.com", "--recv-keys"] ++ still_missing_keys,
-        keystore: keystore
-      )
+      if length(still_missing_keys) > 0,
+        do:
+          Logger.warning("Couldn't import following keys: #{Enum.join(still_missing_keys, ", ")}")
     end
 
     GPGex.cmd!(["--verify", checksums_path], keystore: keystore)