[lxc-devel] [PATCH] lxc-alpine: fix verification of apk.static binary
Natanael Copa
ncopa at alpinelinux.org
Mon Aug 3 11:40:25 UTC 2015
We need specify which hashing algorithm was used to create the signature
we check.
Fixes #609
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
---
This should also go to the stable-1.0 and stable-1.1 branches.
templates/lxc-alpine.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 963c42a..6dcc51b 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -83,7 +83,7 @@ get_static_apk () {
# verify the static apk binary signature
APK=$rootfs/sbin/apk.static
- openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
+ openssl dgst -sha1 -verify $rootfs/etc/apk/keys/$keyname \
-signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
if [ "$auto_repo_dir" ]; then
--
2.5.0
More information about the lxc-devel
mailing list