From 7ff9ef0c48b1f2aa0f463a25a04238239706fefd Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kunkku@alpinelinux.org>
Date: Tue, 10 Dec 2024 15:16:15 +0200
Subject: [PATCH] lxc-alpine: more specific SHA1 sig file match

that avoids matching the SHA256 file

Signed-off-by: Kaarle Ritvanen <kunkku@alpinelinux.org>
---
 templates/lxc-alpine.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 5667144..beadd53 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -222,10 +222,11 @@ fetch_apk_static() {
 	local apk=$dest/sbin/apk.static
 	[ -s "$apk" ] || die 2 'apk.static not found'
 
-	local keyname=$(echo "$apk".*.pub | sed 's/.*\.SIGN\.RSA\.//')
+	local sigprefix=$apk.SIGN.RSA.
+	local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
 	openssl dgst -sha1 \
-		-verify "$APK_KEYS_DIR/$keyname" \
-		-signature "$dest/sbin/apk.static.SIGN.RSA.$keyname" \
+		-verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
+		-signature "$keyfile" \
 		"$apk" \
 		|| die 2 'Signature verification for apk.static failed'