From a5650d32518523cbf3e44be5a62a66efb0c26bb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Wed, 13 May 2015 02:36:38 +0200
Subject: [PATCH] dom0-update: improve package validation regexp - include DSA
 case (#988)

Apparently when package is signed with DSA key, rpm -K output is totally
different. This is the case for bumblebee package on rpmfusion.

Fixes qubesos/qubes-issues#988
---
 dom0-updates/qubes-receive-updates | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dom0-updates/qubes-receive-updates b/dom0-updates/qubes-receive-updates
index d402941..6928cf6 100755
--- a/dom0-updates/qubes-receive-updates
+++ b/dom0-updates/qubes-receive-updates
@@ -40,7 +40,13 @@ if os.path.exists('/usr/share/qubes/Qubes-comps.xml'):
     comps_file = '/usr/share/qubes/Qubes-comps.xml'
 
 package_regex = re.compile(r"^[A-Za-z0-9._+-]{1,128}.rpm$")
-gpg_ok_regex = re.compile(r"pgp md5 OK$")
+# example valid outputs:
+#  .....rpm: rsa sha1 (md5) pgp md5 OK
+#  .....rpm: (sha1) dsa sha1 md5 gpg OK
+# example INVALID outputs:
+#  .....rpm: sha1 md5 OK
+#  .....rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#246110c1)
+gpg_ok_regex = re.compile(r": [a-z0-9() ]* (pgp|gpg) [a-z0-9 ]*OK$")
 
 def dom0updates_fatal(pkg, msg):
     global updates_error_file_handle