debug

common/network/pia-vpn/scripts.nix

@@ -22,21 +22,18 @@ in
       fi
     }
 
-    # Verify a raw PIA API response (line 1 = JSON, lines 3+ = base64 RSA-SHA256 signature).
+    # Debug: log what comes after line 1 in a PIA API response.
     verifyPIAResponse() {
       local raw=$1 label=$2
-      local sig_file
-      sig_file=$(mktemp)
-      echo "$raw" | tail -n +3 | base64 -d > "$sig_file"
-      if ! echo -n "$(echo "$raw" | head -n 1 | tr -d '\n')" | \
-           openssl dgst -sha256 -verify "${pubKeyPath}" \
-           -signature "$sig_file"; then
-        echo "ERROR: $label signature verification failed" >&2
-        rm -f "$sig_file"
-        return 1
+      local line_count trailing
+      line_count=$(echo "$raw" | wc -l)
+      echo "DEBUG $label: response has $line_count line(s)"
+      if [[ "$line_count" -gt 1 ]]; then
+        trailing=$(echo "$raw" | tail -n +2)
+        echo "DEBUG $label: trailing data: $trailing"
+      else
+        echo "DEBUG $label: no trailing data (single-line response)"
       fi
-      echo "$label signature verified"
-      rm -f "$sig_file"
     }
 
     fetchPIAToken() {