From b6947894de2874b03467e02ae735ccef3ec554d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 29 Sep 2015 14:07:25 +0200 Subject: [PATCH 2/2] Verify downloaded packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Organization: Invisible Things Lab Cc: Marek Marczykowski-Górecki Signed-off-by: Marek Marczykowski-Górecki --- pungi/gather.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pungi/gather.py b/pungi/gather.py index a5c9df9..66212d2 100644 --- a/pungi/gather.py +++ b/pungi/gather.py @@ -1103,6 +1103,20 @@ class Pungi(PungiBase): sys.exit(1) for po in polist: + # before doing anything with the package, verify its signature + result, errmsg = self.ayum.sigCheckPkg(po) + if result == 0: + # Verified ok, or verify not req'd + pass + elif result == 1: + # keys are provided through kickstart, so treat this as consent + # for importing them + self.ayum.getKeyForPackage(po, lambda x, y, z: True) + else: + # Fatal error + self.logger.error(errmsg) + sys.exit(1) + basename = os.path.basename(po.relativepath) local = po.localPkg() -- 2.1.0