neil/lxc-templates
1
0
Fork 1
mirror of https://github.com/lxc/lxc-templates.git synced 2024-12-22 06:20:13 +00:00
Code Issues Projects Releases Wiki Activity

lxc-alpine: remove unverified apk.static

Browse Source 
to prevent its execution on the next run

Signed-off-by: Kaarle Ritvanen <kunkku@alpinelinux.org>
This commit is contained in:
Kaarle Ritvanen 2024-12-10 15:16:18 +02:00
parent 7ff9ef0c48
commit 4908667cc3
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
templates/lxc-alpine.in
View File

@ -224,11 +224,14 @@ fetch_apk_static() {
local sigprefix=$apk.SIGN.RSA. local sigprefix=$apk.SIGN.RSA.
local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1) local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
openssl dgst -sha1 \ if ! openssl dgst -sha1 \
-verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \ -verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
-signature "$keyfile" \ -signature "$keyfile" \
"$apk" \ "$apk"; then
|| die 2 'Signature verification for apk.static failed'
rm -f "$apk"
die 2 'Signature verification for apk.static failed'
fi
# Note: apk doesn't return 0 for --version # Note: apk doesn't return 0 for --version
local out=$("$apk" --version) local out=$("$apk" --version)