zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

debug
All checks were successful
Check Flake / check-flake (push) Successful in 3m21s
Details

Browse Source
This commit is contained in:
Zuckerberg
2026-02-26 22:16:04 -08:00
parent 9fdadd321c
commit 96d1a443b6
1 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
common/network/pia-vpn/scripts.nix
View File

@@ -22,21 +22,18 @@ in
fi fi
} }
# Verify a raw PIA API response (line 1 = JSON, lines 3+ = base64 RSA-SHA256 signature). # Debug: log what comes after line 1 in a PIA API response.
verifyPIAResponse() { verifyPIAResponse() {
local raw=$1 label=$2 local raw=$1 label=$2
local sig_file local line_count trailing
sig_file=$(mktemp) line_count=$(echo "$raw" | wc -l)
echo "$raw" | tail -n +3 | base64 -d > "$sig_file" echo "DEBUG $label: response has $line_count line(s)"
if ! echo -n "$(echo "$raw" | head -n 1 | tr -d '\n')" | \ if [[ "$line_count" -gt 1 ]]; then
openssl dgst -sha256 -verify "${pubKeyPath}" \ trailing=$(echo "$raw" | tail -n +2)
-signature "$sig_file"; then echo "DEBUG $label: trailing data: $trailing"
echo "ERROR: $label signature verification failed" >&2 else
rm -f "$sig_file" echo "DEBUG $label: no trailing data (single-line response)"
return 1
fi fi
echo "$label signature verified"
rm -f "$sig_file"
} }
fetchPIAToken() { fetchPIAToken() {