neil/lxc-templates
1
0
Fork 1
mirror of https://github.com/lxc/lxc-templates.git synced 2024-12-22 06:20:13 +00:00
Code Issues Projects Releases Wiki Activity

lxc-alpine: more specific SHA1 sig file match

Browse Source 
that avoids matching the SHA256 file

Signed-off-by: Kaarle Ritvanen <kunkku@alpinelinux.org>
This commit is contained in:
Kaarle Ritvanen 2024-12-10 15:16:15 +02:00
parent 7c3b65b0ef
commit 7ff9ef0c48
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
templates/lxc-alpine.in
View File

@ -222,10 +222,11 @@ fetch_apk_static() {
local apk=$dest/sbin/apk.static
[ -s "$apk" ] || die 2 'apk.static not found'
local keyname=$(echo "$apk".*.pub | sed 's/.*\.SIGN\.RSA\.//')
local sigprefix=$apk.SIGN.RSA.
local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
openssl dgst -sha1 \
-verify "$APK_KEYS_DIR/$keyname" \
-signature "$dest/sbin/apk.static.SIGN.RSA.$keyname" \
-verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
-signature "$keyfile" \
"$apk" \
|| die 2 'Signature verification for apk.static failed'