qubes-installer-qubes-os/rpm_verify

#!/bin/sh

verify_rpm() {
RPM=$1

if ! [ -f $RPM ]; then
    echo -n "No such file... "
    return
fi

if ! rpm --checksig $RPM > /dev/null; then
    echo "Wrong PGP signature on $RPM!"
    exit 1
fi

# Even if rpm returns success (ret = 0) that doesn't
# mean that the rpm has been signed! It might simply
# have no PGP signature at all. Yes, stupidity...

if ! rpm --checksig $RPM | grep pgp > /dev/null ; then
    echo "No PGP signature found!"

    if [ "$NO_SIGN" == "1" ] ; then
        # When signing is disabed in qubes-builder
        # This is used to build unsigned ISO
        # This should only be used for testing builds
        return 0
    fi

    exit 2
fi
}


if [ $# -lt 1 ]; then
    echo "Usage: $0 <rpm file>"
    exit 1
fi

for FILE in "$@"; do
        verify_rpm $FILE || exit 1
done
User rpm_verify instead of repeated manual parsing of rpm --checksign output Additionally, rpm_verify understands the NO_SIGN enviroment variable. 2011-11-10 17:01:19 +00:00			`#!/bin/sh`

			`verify_rpm() {`
			`RPM=$1`

rpm_verify: do not panic when the file doesn't exist It turns out revisor attempts to verify some non-existent files, and this should not cause an abort. 2011-11-10 17:33:04 +00:00			`if ! [ -f $RPM ]; then`
			`echo -n "No such file... "`
			`return`
			`fi`

			`if ! rpm --checksig $RPM > /dev/null; then`
rpm_verify: reduce verbosity, and at the same time print more info on error 2012-11-19 16:43:09 +00:00			`echo "Wrong PGP signature on $RPM!"`
User rpm_verify instead of repeated manual parsing of rpm --checksign output Additionally, rpm_verify understands the NO_SIGN enviroment variable. 2011-11-10 17:01:19 +00:00			`exit 1`
			`fi`

			`# Even if rpm returns success (ret = 0) that doesn't`
			`# mean that the rpm has been signed! It might simply`
			`# have no PGP signature at all. Yes, stupidity...`

rpm_verify: do not panic when the file doesn't exist It turns out revisor attempts to verify some non-existent files, and this should not cause an abort. 2011-11-10 17:33:04 +00:00			`if ! rpm --checksig $RPM \| grep pgp > /dev/null ; then`
User rpm_verify instead of repeated manual parsing of rpm --checksign output Additionally, rpm_verify understands the NO_SIGN enviroment variable. 2011-11-10 17:01:19 +00:00			`echo "No PGP signature found!"`

			`if [ "$NO_SIGN" == "1" ] ; then`
			`# When signing is disabed in qubes-builder`
			`# This is used to build unsigned ISO`
			`# This should only be used for testing builds`
rpm_verify: verify all packages even with NO_SIGN Do not stop verifyng on first not signed package. 2011-11-28 22:05:51 +00:00			`return 0`
User rpm_verify instead of repeated manual parsing of rpm --checksign output Additionally, rpm_verify understands the NO_SIGN enviroment variable. 2011-11-10 17:01:19 +00:00			`fi`

			`exit 2`
			`fi`
			`}`


			`if [ $# -lt 1 ]; then`
			`echo "Usage: $0 <rpm file>"`
			`exit 1`
			`fi`

			`for FILE in "$@"; do`
rpm_verify: reduce verbosity, and at the same time print more info on error 2012-11-19 16:43:09 +00:00			`verify_rpm $FILE \|\| exit 1`
User rpm_verify instead of repeated manual parsing of rpm --checksign output Additionally, rpm_verify understands the NO_SIGN enviroment variable. 2011-11-10 17:01:19 +00:00			`done`