From 78f834f8d5b5f1ff56e04bb2b40cbb4fc4c21a12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 21 Apr 2016 13:46:33 +0200
Subject: [PATCH] verify packages signature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Organization: Invisible Things Lab
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
---
 src/pylorax/ltmpl.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/pylorax/ltmpl.py b/src/pylorax/ltmpl.py
index 7fc4d54..661790d 100644
--- a/src/pylorax/ltmpl.py
+++ b/src/pylorax/ltmpl.py
@@ -578,6 +578,24 @@ class LoraxTemplateRunner(object):
             logger.error("Failed to download the following packages: %s", e)
             raise
 
+        try:
+            for po in pkgs_to_download:
+                # before doing anything with the package, verify its signature
+                result, errmsg = self.dbo.sigCheckPkg(po)
+                if result == 0:
+                    # Verified ok, or verify not req'd
+                    pass
+                elif result == 1:
+                    # keys are provided through kickstart, so treat this as consent
+                    # for importing them
+                    self.dbo.getKeyForPackage(po, lambda x, y, z: True)
+                else:
+                    # Fatal error
+                    raise dnf.exceptions.Error(errmsg)
+        except dnf.exceptions.Error as e:
+            logger.error("Failed to verify signature: %s", e)
+            raise
+
         logger.info("Preparing transaction from installation source")
         try:
             display = LoraxRpmCallback()
-- 
2.1.0