From f122f0147bb0275bc4cb3eb5d62bbdb3ac34349f Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Wed, 15 Mar 2017 00:52:20 +0100
Subject: [PATCH] nixos/dnscrypt-proxy: log resolver list verification failure

Otherwise, the service unit just fails for no discernable
reason.  Verifcation failure is bad so it ought to be easily
discoverable.
---
 nixos/modules/services/networking/dnscrypt-proxy.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix
index 9183700a73dc..d382fa8c9cb2 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy.nix
@@ -261,8 +261,11 @@ in
         $get -o dnscrypt-resolvers.csv.minisig.tmp \
           https://$domain/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv.minisig
         mv dnscrypt-resolvers.csv.minisig{.tmp,}
-        minisign -q -V -p ${upstreamResolverListPubKey} \
-          -m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig
+        if ! minisign -q -V -p ${upstreamResolverListPubKey} \
+          -m dnscrypt-resolvers.csv.tmp -x dnscrypt-resolvers.csv.minisig ; then
+          echo "failed to verify resolver list!" >&2
+          exit 1
+        fi
         [[ -f dnscrypt-resolvers.csv ]] && mv dnscrypt-resolvers.csv{,.old}
         mv dnscrypt-resolvers.csv{.tmp,}
         if cmp dnscrypt-resolvers.csv{,.old} ; then