check signature behind proxy

[spawnflagger]

found workarounds, but for those who care that the gpg signatures match for the CHECKSUMS file, if there is a timeout importing the key, the installer script shows error, but continues installing the packages anyway (expected behavior would be to abort if it can't check the signature, unless -ns is specified).

Example output:

root@host:~# ubuntu-mainline-kernel.sh -i Finding latest version available on kernel.ubuntu.com Latest version is: v5.13.9, continue? (y/N) Will download 6 files from kernel.ubuntu.com: Downloading amd64/linux-headers-5.13.9-051309-generic_5.13.9-051309.202108080438_amd64.deb: 100% Downloading amd64/linux-headers-5.13.9-051309_5.13.9-051309.202108080438_all.deb: 100% Downloading amd64/linux-image-unsigned-5.13.9-051309-generic_5.13.9-051309.202108080438_amd64.deb: 100% Downloading amd64/linux-modules-5.13.9-051309-generic_5.13.9-051309.202108080438_amd64.deb: 100% Downloading amd64/CHECKSUMS: 100% Downloading amd64/CHECKSUMS.gpg: 100% Importing kernel-ppa gpg key failedUnable to check signature Checksums of deb files have been successfully verified with sha256sum Installing 4 packages Cleaning up work folder

The problem is the gpg command doesn't honor the environment variable $http_proxy (whereas wget does), so it times out. The warning is found at lines 706-708, but shouldn't that be an error/exit, just like it behaves when the gpg --verify command fails?

workarounds

1. import the key once, using the following gpg --keyserver-options http-proxy=$http_proxy --keyserver hkp://keyserver.ubuntu.com:80 --recv 17C622B0
2. or, update gpg.conf (double quotes important so shell expands $http_proxy's value) echo "keyserver-options http-proxy=$http_proxy" >> ~/.gnupg/gpg.conf

then running ubuntu-mainline-kernel.sh -i can proceed without timing out, and the CHECKSUMS file is properly verified.