From 78f834f8d5b5f1ff56e04bb2b40cbb4fc4c21a12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 21 Apr 2016 13:46:33 +0200 Subject: [PATCH] verify packages signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Organization: Invisible Things Lab Cc: Marek Marczykowski-Górecki Signed-off-by: Marek Marczykowski-Górecki --- src/pylorax/ltmpl.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/pylorax/ltmpl.py b/src/pylorax/ltmpl.py index 7fc4d54..661790d 100644 --- a/src/pylorax/ltmpl.py +++ b/src/pylorax/ltmpl.py @@ -578,6 +578,24 @@ class LoraxTemplateRunner(object): logger.error("Failed to download the following packages: %s", e) raise + try: + for po in pkgs_to_download: + # before doing anything with the package, verify its signature + result, errmsg = self.dbo.sigCheckPkg(po) + if result == 0: + # Verified ok, or verify not req'd + pass + elif result == 1: + # keys are provided through kickstart, so treat this as consent + # for importing them + self.dbo.getKeyForPackage(po, lambda x, y, z: True) + else: + # Fatal error + raise dnf.exceptions.Error(errmsg) + except dnf.exceptions.Error as e: + logger.error("Failed to verify signature: %s", e) + raise + logger.info("Preparing transaction from installation source") try: display = LoraxRpmCallback() -- 2.1.0