get-fedora-latest-config: check rpm signature
This commit is contained in:
Frédéric Pierret (fepitre)
parent
0afef3372d
commit
d60bf26858
@ -11,6 +11,8 @@ releasever="$1"
|
||||
kernelver="$(cat "$localdir/version")"
|
||||
kernelsrc="linux-$kernelver"
|
||||
|
||||
key="$localdir/keys/RPM-GPG-KEY-fedora-$releasever-primary"
|
||||
|
||||
[[ "x$releasever" == "x" ]] && { echo "Please provide Fedora release version as first argument, e.g. '29'."; exit 1; }
|
||||
|
||||
# baseurl for latest kernel rpm
|
||||
@ -24,7 +26,13 @@ latestver="$(echo "$latestrpm" | sed 's/kernel-core-//; s/\.rpm//')"
|
||||
if [ "x$latestrpm" != "x" ]; then
|
||||
tmpdir=$(mktemp -d)
|
||||
# download latest kernel rpm
|
||||
wget -q -O "$tmpdir/$latestrpm" "$url/$latestrpm"
|
||||
wget -q -O "$tmpdir/$latestrpm.untrusted" "$url/$latestrpm"
|
||||
|
||||
# check signature
|
||||
mkdir -p "$tmpdir/rpmdb"
|
||||
rpmkeys --dbpath="$tmpdir/rpmdb" --import "$key"
|
||||
{ rpmkeys --dbpath="$tmpdir/rpmdb" --checksig "$tmpdir/$latestrpm.untrusted" | grep 'signatures OK' ; } || { echo "Failed to check signature"; exit 1; }
|
||||
mv "$tmpdir/$latestrpm.untrusted" "$tmpdir/$latestrpm"
|
||||
|
||||
# extract kernel sources in qubes-linux-kernel
|
||||
tar xf "$localdir/$kernelsrc.tar.xz" -C "$tmpdir"
|
||||
|
||||
30
keys/RPM-GPG-KEY-fedora-25-primary
Normal file
30
keys/RPM-GPG-KEY-fedora-25-primary
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQINBFb9YzMBEACy1RmbMa6MNIpfHYxLwgCgBVnFYCdCHZqWfYYYK14potfJ9uI2
|
||||
4Y4w+oHiLeZ/HoG1EBQiDfXHetGZECAKEYQlE7BbRBcd3An9GalKTkWzcshhHFx7
|
||||
f5JIprL0uY8x2D9HmCfAjMxoh6usWjmAQ+DUYd48iYCkahyZa0/2CgX9HIcEz/M/
|
||||
oDeQbTwzw9AQbQz382oOErfRaXE/DQrjlx2ln0iejidiOe7DzGZOH9/Foc2KN062
|
||||
A9VnZ7tU1ACKT8NxZ78RaBL3qmvMGdb7kf7GywjpRNo4J7XCQUP+nP51eCur2wMS
|
||||
4mY2idDL8Ojouta79pPrviVLmwzunJoFnBcnIhbndebdxPqgOA5XAOaTdLtgurMq
|
||||
90V45DPyJpkdEyptovksH7zYNGEIGB8cFmrVgUwriB0TLNJTEcM4Knbh4imfTX42
|
||||
vCE+rEHn3YVqubG7rggibKznJbflwQcqOYZHLlPGYCxO47aaFUo5qJN7QN3lxajb
|
||||
SzL/SdoHrVL67unzmHyktx5uF8Fv6EDgUV6NCb/IBiEwhR8YHi86NQ8nsI3K8Zhv
|
||||
EnIxghJQD+cn3ykthwqYmZwi2PJDBiZsOGf3iXbalAjU3JVqoA7mboRPR+IBXQxK
|
||||
xvAEpyIGeSUN8yBn+JVDRwZ37kkUVs2AOeUwMlnfFSqYFfmqbeQ73A9ECwARAQAB
|
||||
tDxGZWRvcmEgMjUgUHJpbWFyeSAoMjUpIDxmZWRvcmEtMjUtcHJpbWFyeUBmZWRv
|
||||
cmFwcm9qZWN0Lm9yZz6JAjgEEwECACIFAlb9YzMCGw8GCwkIBwMCBhUIAgkKCwQW
|
||||
AgMBAh4BAheAAAoJEECJ2PL9sZyY1TEP/0u/v4g8HEdl9gqlhV179vXCJJiGtzB0
|
||||
7IGAu++mrsxBrDpqPZTEs6dG5MyzvhhHcmHYrZIiicPAeL9xlZ75oIqQuvjDncoM
|
||||
kROSGvtfUnvocZhQIPvvkgWe3UAmmP3cSlVzu3KtbTpM+KL71incWo4Tentq9L/f
|
||||
vsow7vvGbKUMoSSZbAMfjJkzlzSDNlFtaRkrCBQFJ76EKeggjnEZ8H0cowCdGuyv
|
||||
uBoxQeeQM13b2T9c/uyrXCIcasaOTIKTcqTjbJUTIC2NIZ8OHjtlxZacEaN3ml1M
|
||||
lNRtbIvqzbtv+sb+DsOVTyd1XIcxU9s+TDKvUm0OBNvj3Bm2BQbi8RHyLFbHWvhx
|
||||
Gjzb8Wb/MnlcdTlk3M2iPv8dWHXjEM9n9TKyStdpBD9X3P/Gy2gUquHgkl8p+r8o
|
||||
xmzNH534mKH47kPL/trKInKwv0fkBwxvuPgHG0n79eMHQenVA8gXzG4P6JkcyObA
|
||||
6xGEEQ/wXFF0gLksmwFWuPm2GcnOI5KmGNgDP2PMhS8/cfJfW04a/tL2T2zr4CmE
|
||||
LynbOvY/yOJk7/2W3Cb47+yhqo/htrpJDP6n6zQNNk3+e8EVgfhkQqFxom8yCmEP
|
||||
pW0gBFeE83VoytYPXRkavwmFR+tplyZfOkXG9gysTn8SpRp5+B44O+VeaZumanQZ
|
||||
kRFmBygMR6M/
|
||||
=NrXo
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
30
keys/RPM-GPG-KEY-fedora-29-primary
Normal file
30
keys/RPM-GPG-KEY-fedora-29-primary
Normal file
@ -0,0 +1,30 @@
|
||||
pub 4096R/429476B4 2018-02-17 Fedora 29 (29) <fedora-29@fedoraproject.org>
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFqIZTcBEACjh0DKywPd0Hx9I4nGYsbUbqIU7TGZgxaT9jnVSRgkcdfRqt2C
|
||||
P7EdtRbyqkMUKyL23CLwAz+YSmf9Ff9nxBSl8FiKUCNNWUYO3faEAZkZ5reDr6h6
|
||||
W4a0niBMWfVLqmYjpZmkcBqgLgl+2wVq9/E9Fq9SzDktzczUF7wwAWrsKW5rwEEq
|
||||
+i8jk6FSUTNMqWZq69y7Dvox8k8QIxtou5dIL3Z8qQdkc/0ynTs4bdac94FsJBM6
|
||||
0qKSHP23MY7ppwOl7wttAsnaIzBaCD0UIM5qtfFBNFaYfeJ5kH1rf+NzgFjJ8y1D
|
||||
xiZdEX2t4OyXvhuAQSvYyotDrJzCbusjXQYMYYqnfGcqMmTCkgGxYbdfVGbMs3x1
|
||||
mMObZWMQbb9HGN0KTBaFdwA7EnMBrCGy3I9WxngGIGATOPWkPPUUxlaI9jwxT3tq
|
||||
bwYY5Kn2RhD4CZyj4VIaQvGdMaop01O78QVFHhdH24abqNuPrYqEDZ+aSTgnYFKJ
|
||||
cpGSsRVL+Kw/x1wik8PYzpC9tNzU1LRCi9jsX0pk9gODSgbKLWryZEgZaIdcBcJD
|
||||
4U3slDjdBeTDY8pJV9z9r7z+gFPAHLqStGKj2icbv80dMGTfgUm3HqWES/XXomX9
|
||||
ZWA1tV0ZlNOM8/IunmISz9MNpc3LChpcccffjrfvWBfokDKaXO9qCUgctwARAQAB
|
||||
tCxGZWRvcmEgMjkgKDI5KSA8ZmVkb3JhLTI5QGZlZG9yYXByb2plY3Qub3JnPokC
|
||||
OAQTAQIAIgUCWohlNwIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQogql
|
||||
a0KUdrR7axAAluNHQ93T7u/yIQaTCs4uGb/jEg7qbm6hRx5nsqrdm3qKNqnyXK61
|
||||
nnPNoDJNk1WhZww4RdrvxCDOGyyNhGSejjvXM6RBDEOY/KmD6huPo8xN5i7JVG+E
|
||||
2mlwTGe7HSg47d0wHydDNTRLQqT0VZnpkxRe3puQ4DNNHJZG1SsRl/Sf2VI1XyB/
|
||||
hHbFGbLS9KvH32lCIAAtt6dbGTRZC9gsGL6XR/6o7EU5fpj7U5rYiDTFaYqmqG21
|
||||
LZZV9xtqCoHcKElY7jX7Rfmk8Wn1G2zC2XR0LX7eVH7GBeXw6JbmLZjxSgd235zE
|
||||
1lNSaSLMHOHMcgSHWoEC9ULzLYJuTagjK3cjk0VkKLocakRcsb9dtFcxgZGdQHfM
|
||||
X7mD9epuJmqB4a6TOZoL/tiq28ORakUbjYfLz9ngnqd/pJkn9MNWcxy3yBtOdTYq
|
||||
ce+61/XQk4cR2tH8V2eP7fL8YMboNkPPbcbKlcvKG/TgaS0tVrFMUmA1xmDihzf6
|
||||
gupAANlcMkYo0hm+z1hLvgqosp14oTocJeXLAFVw5dxnb9bmqjBy+77u/rqrY0Ek
|
||||
LQd9XnXgowUQl0RSNXgcIIfEkVBipL/2YB+MFBmMQKcTDXX7lc/hl6W4BFmVj2KH
|
||||
kPdZzUOJQVYfe90Rt3hfXHViUw118hkTaJhrCPVwkFbaUWscEA2OaFI=
|
||||
=QzSY
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
Loading…
Reference in New Issue
Block a user