[lxc-devel] [lxc/master] Change alpine template file check to also check file size (`-f` => `-s`)

runejuhl on Github lxc-bot at linuxcontainers.org
Wed Sep 13 11:26:28 UTC 2017


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 824 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170913/b3ddc899/attachment.bin>
-------------- next part --------------
From bc701735c264532c7652c6b9c75e705d37e1dff2 Mon Sep 17 00:00:00 2001
From: Rune Juhl Jacobsen <runejuhl at petardo.dk>
Date: Wed, 13 Sep 2017 13:10:50 +0200
Subject: [PATCH] Change file check to also check file size (`-f` => `-s`)

Because the `fetch` wget wrapper outputs files to stdout we may end up in a
situation where wget fails but the files are still created. This can happen
e.g. when the host date is out of sync leading to a failed certificate
check, resulting in the creation of empty key files.

Once the empty files have been created the template will try to use them which
causes the certificate check to fail.

By using `-s` instead of `-f` the template will re-fetch the files unless they
exist AND have a size greater than zero.
---
 templates/lxc-alpine.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 359f02875..768e69028 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -185,7 +185,7 @@ fetch_apk_keys() {
 
 	echo "$APK_KEYS_SHA256" | while read -r line; do
 		keyname="${line##* }"
-		if [ ! -f "$keyname" ]; then
+		if [ ! -s "$keyname" ]; then
 			fetch "$APK_KEYS_URI/$keyname" > "$keyname"
 		fi
 		echo "$line" | sha256sum -c -
@@ -210,7 +210,7 @@ fetch_apk_static() {
 	fetch "$MIRROR_URL/latest-stable/main/$arch/${pkg_name}-${pkg_ver}.apk" \
 		| tar -xz -C "$dest" sbin/  # --extract --gzip --directory
 
-	[ -f "$dest/sbin/apk.static" ] || die 2 'apk.static not found'
+	[ -s "$dest/sbin/apk.static" ] || die 2 'apk.static not found'
 
 	local keyname=$(echo "$dest"/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//')
 	openssl dgst -sha1 \


More information about the lxc-devel mailing list