TODO: remove path dependency of rpm_verify in builder-rpm and infrastructurepull/34/head
parent
fd5b7355d0
commit
bf09161732
@ -1,48 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
verify_rpm() {
|
||||
RPM=$1
|
||||
|
||||
if ! [ -f $RPM ]; then
|
||||
echo -n "No such file... "
|
||||
return
|
||||
fi
|
||||
|
||||
if ! rpm --checksig $RPM > /dev/null; then
|
||||
echo "Wrong PGP signature on $RPM!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Even if rpm returns success (ret = 0) that doesn't
|
||||
# mean that the rpm has been signed! It might simply
|
||||
# have no PGP signature at all. Yes, stupidity...
|
||||
|
||||
if ! rpm --checksig $RPM | grep ' pgp ' > /dev/null ; then
|
||||
if [ "$NO_SIGN" == "1" ] ; then
|
||||
# When signing is disabed in qubes-builder
|
||||
# This is used to build unsigned ISO
|
||||
# This should only be used for testing builds
|
||||
return 0
|
||||
fi
|
||||
|
||||
echo "No PGP signature found!"
|
||||
|
||||
exit 2
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: $0 <rpm file>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -w /var/lib/rpm ]; then
|
||||
# Make sure that the right Qubes release key is imported (in chroot)
|
||||
rpm --import `dirname $0`/qubes-release/RPM-GPG-KEY-qubes-*-primary
|
||||
fi
|
||||
|
||||
for FILE in "$@"; do
|
||||
verify_rpm $FILE || exit 1
|
||||
done
|
||||
|
@ -0,0 +1 @@
|
||||
scripts/rpm_verify
|
@ -0,0 +1,48 @@
|
||||
#!/bin/sh
|
||||
|
||||
verify_rpm() {
|
||||
RPM=$1
|
||||
|
||||
if ! [ -f $RPM ]; then
|
||||
echo -n "No such file... "
|
||||
return
|
||||
fi
|
||||
|
||||
if ! rpm --checksig $RPM > /dev/null; then
|
||||
echo "Wrong PGP signature on $RPM!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Even if rpm returns success (ret = 0) that doesn't
|
||||
# mean that the rpm has been signed! It might simply
|
||||
# have no PGP signature at all. Yes, stupidity...
|
||||
|
||||
if ! rpm --checksig $RPM | grep ' pgp ' > /dev/null ; then
|
||||
if [ "$NO_SIGN" == "1" ] ; then
|
||||
# When signing is disabed in qubes-builder
|
||||
# This is used to build unsigned ISO
|
||||
# This should only be used for testing builds
|
||||
return 0
|
||||
fi
|
||||
|
||||
echo "No PGP signature found!"
|
||||
|
||||
exit 2
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: $0 <rpm file>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -w /var/lib/rpm ]; then
|
||||
# Make sure that the right Qubes release key is imported (in chroot)
|
||||
rpm --import `dirname $0`/qubes-release/RPM-GPG-KEY-qubes-*-primary
|
||||
fi
|
||||
|
||||
for FILE in "$@"; do
|
||||
verify_rpm $FILE || exit 1
|
||||
done
|
||||
|
Loading…
Reference in new issue