mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-19 19:36:44 +02:00
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From a9e7b5d498da3aa6502ef8932aa05dddc45d4527 Mon Sep 17 00:00:00 2001
|
|
From: Kaarle Ritvanen <kunkku@alpinelinux.org>
|
|
Date: Tue, 10 Dec 2024 15:16:15 +0200
|
|
Subject: [PATCH 04/11] lxc-alpine: more specific SHA1 sig file match
|
|
|
|
that avoids matching the SHA256 file
|
|
|
|
Signed-off-by: Kaarle Ritvanen <kunkku@alpinelinux.org>
|
|
---
|
|
templates/lxc-alpine.in | 7 ++++---
|
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
|
|
index 5667144..beadd53 100644
|
|
--- a/templates/lxc-alpine.in
|
|
+++ b/templates/lxc-alpine.in
|
|
@@ -222,10 +222,11 @@ fetch_apk_static() {
|
|
local apk=$dest/sbin/apk.static
|
|
[ -s "$apk" ] || die 2 'apk.static not found'
|
|
|
|
- local keyname=$(echo "$apk".*.pub | sed 's/.*\.SIGN\.RSA\.//')
|
|
+ local sigprefix=$apk.SIGN.RSA.
|
|
+ local keyfile=$(ls -1 "$sigprefix"alpine-*.pub 2>/dev/null | head -n 1)
|
|
openssl dgst -sha1 \
|
|
- -verify "$APK_KEYS_DIR/$keyname" \
|
|
- -signature "$dest/sbin/apk.static.SIGN.RSA.$keyname" \
|
|
+ -verify "$APK_KEYS_DIR/${keyfile#$sigprefix}" \
|
|
+ -signature "$keyfile" \
|
|
"$apk" \
|
|
|| die 2 'Signature verification for apk.static failed'
|
|
|
|
--
|
|
2.47.1
|
|
|