From 9e04bba0af3c3d39fe004d55ddb6601ca4caa077 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 26 Oct 2020 13:07:49 +0100 Subject: [PATCH] nixos/dnscrypt-wrapper: fix key rotation script Fix an error in the validation code when the public key is in a nonstandard location. The check command fails and the key is incorrectly assumed to be expiring. --- nixos/modules/services/networking/dnscrypt-wrapper.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index b9333cd19a2a..ee7e9b0454de 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -55,7 +55,10 @@ let rotateKeys = '' # check if keys are not expired keyValid() { - fingerprint=$(dnscrypt-wrapper --show-provider-publickey | awk '{print $(NF)}') + fingerprint=$(dnscrypt-wrapper \ + --show-provider-publickey \ + --provider-publickey-file=${publicKey} \ + | awk '{print $(NF)}') dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \ --resolver-address=127.0.0.1:${toString cfg.port} \ --provider-name=${cfg.providerName} \