1
0
mirror of https://github.com/lxc/lxc-templates.git synced 2024-12-22 14:30:31 +00:00

lxc-alpine: remove unverified apk.static

to prevent its execution on the next run

Signed-off-by: Kaarle Ritvanen <kunkku@alpinelinux.org>
This commit is contained in:
Kaarle Ritvanen 2024-12-10 15:16:18 +02:00
parent 7ff9ef0c48
commit 4908667cc3

View File

@ -224,11 +224,14 @@ fetch_apk_static() {
local sigprefix=$apk.SIGN.RSA. local sigprefix=$apk.SIGN.RSA.
local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1) local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
openssl dgst -sha1 \ if ! openssl dgst -sha1 \
-verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \ -verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
-signature "$keyfile" \ -signature "$keyfile" \
"$apk" \ "$apk"; then
|| die 2 'Signature verification for apk.static failed'
rm -f "$apk"
die 2 'Signature verification for apk.static failed'
fi
# Note: apk doesn't return 0 for --version # Note: apk doesn't return 0 for --version
local out=$("$apk" --version) local out=$("$apk" --version)