[lxc-devel] [distrobuilder/master] sources/opensuse: Fix verification
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Wed Mar 18 11:21:31 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200318/53645f9d/attachment.bin>
-------------- next part --------------
From b78d28fca98c72fafda3f0040be47a5fb829a4bf Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Wed, 18 Mar 2020 12:18:52 +0100
Subject: [PATCH] sources/opensuse: Fix verification
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
sources/opensuse-http.go | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/sources/opensuse-http.go b/sources/opensuse-http.go
index 9866edb..7267de0 100644
--- a/sources/opensuse-http.go
+++ b/sources/opensuse-http.go
@@ -70,19 +70,29 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, rootfsDir string) error
return errors.Wrap(err, "Failed to download checksum file")
}
- err = s.verifyTarball(filepath.Join(fpath, fname))
- if err != nil {
- return errors.Wrap(err, "Failed to verify image")
+ if !definition.Source.SkipVerification {
+ err = s.verifyTarball(filepath.Join(fpath, fname), definition)
+ if err != nil {
+ return errors.Wrap(err, "Failed to verify image")
+ }
}
// Unpack
return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
}
-func (s *OpenSUSEHTTP) verifyTarball(imagePath string) error {
+func (s *OpenSUSEHTTP) verifyTarball(imagePath string, definition shared.Definition) error {
+ var err error
+ var checksum []byte
+
checksumPath := imagePath + ".sha256"
- checksum, err := ioutil.ReadFile(checksumPath)
+ valid, err := shared.VerifyFile(checksumPath, "", definition.Source.Keys, definition.Source.Keyserver)
+ if err == nil && valid {
+ checksum, err = shared.GetSignedContent(checksumPath, definition.Source.Keys, definition.Source.Keyserver)
+ } else {
+ checksum, err = ioutil.ReadFile(checksumPath)
+ }
if err != nil {
return errors.Wrap(err, "Failed to read checksum file")
}
More information about the lxc-devel
mailing list