qubes-installer-qubes-os/rpm_verify
Marek Marczykowski b1d5b87e33 rpm_verify: verify all packages even with NO_SIGN
Do not stop verifyng on first not signed package.
2011-11-28 23:05:51 +01:00

45 lines
841 B
Bash
Executable File

#!/bin/sh
verify_rpm() {
RPM=$1
if ! [ -f $RPM ]; then
echo -n "No such file... "
return
fi
if ! rpm --checksig $RPM > /dev/null; then
echo "Wrong PGP signature!"
exit 1
fi
# Even if rpm returns success (ret = 0) that doesn't
# mean that the rpm has been signed! It might simply
# have no PGP signature at all. Yes, stupidity...
if ! rpm --checksig $RPM | grep pgp > /dev/null ; then
echo "No PGP signature found!"
if [ "$NO_SIGN" == "1" ] ; then
# When signing is disabed in qubes-builder
# This is used to build unsigned ISO
# This should only be used for testing builds
return 0
fi
exit 2
fi
}
if [ $# -lt 1 ]; then
echo "Usage: $0 <rpm file>"
exit 1
fi
for FILE in "$@"; do
echo -n "Veryfing: $FILE... "
verify_rpm $FILE && echo OK.
done