mirror of
https://github.com/lxc/lxc-templates.git
synced 2024-12-22 14:30:31 +00:00
lxc-alpine: remove unverified apk.static
to prevent its execution on the next run Signed-off-by: Kaarle Ritvanen <kunkku@alpinelinux.org>
This commit is contained in:
parent
7ff9ef0c48
commit
4908667cc3
@ -224,11 +224,14 @@ fetch_apk_static() {
|
|||||||
|
|
||||||
local sigprefix=$apk.SIGN.RSA.
|
local sigprefix=$apk.SIGN.RSA.
|
||||||
local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
|
local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
|
||||||
openssl dgst -sha1 \
|
if ! openssl dgst -sha1 \
|
||||||
-verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
|
-verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
|
||||||
-signature "$keyfile" \
|
-signature "$keyfile" \
|
||||||
"$apk" \
|
"$apk"; then
|
||||||
|| die 2 'Signature verification for apk.static failed'
|
|
||||||
|
rm -f "$apk"
|
||||||
|
die 2 'Signature verification for apk.static failed'
|
||||||
|
fi
|
||||||
|
|
||||||
# Note: apk doesn't return 0 for --version
|
# Note: apk doesn't return 0 for --version
|
||||||
local out=$("$apk" --version)
|
local out=$("$apk" --version)
|
||||||
|
Loading…
Reference in New Issue
Block a user