[lxc-devel] [distrobuilder/master] sources/opensuse: Fix verification

monstermunchkin on Github lxc-bot at linuxcontainers.org
Wed Mar 18 11:21:31 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200318/53645f9d/attachment.bin>
-------------- next part --------------
From b78d28fca98c72fafda3f0040be47a5fb829a4bf Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Wed, 18 Mar 2020 12:18:52 +0100
Subject: [PATCH] sources/opensuse: Fix verification

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 sources/opensuse-http.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/sources/opensuse-http.go b/sources/opensuse-http.go
index 9866edb..7267de0 100644
--- a/sources/opensuse-http.go
+++ b/sources/opensuse-http.go
@@ -70,19 +70,29 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, rootfsDir string) error
 		return errors.Wrap(err, "Failed to download checksum file")
 	}
 
-	err = s.verifyTarball(filepath.Join(fpath, fname))
-	if err != nil {
-		return errors.Wrap(err, "Failed to verify image")
+	if !definition.Source.SkipVerification {
+		err = s.verifyTarball(filepath.Join(fpath, fname), definition)
+		if err != nil {
+			return errors.Wrap(err, "Failed to verify image")
+		}
 	}
 
 	// Unpack
 	return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
 }
 
-func (s *OpenSUSEHTTP) verifyTarball(imagePath string) error {
+func (s *OpenSUSEHTTP) verifyTarball(imagePath string, definition shared.Definition) error {
+	var err error
+	var checksum []byte
+
 	checksumPath := imagePath + ".sha256"
 
-	checksum, err := ioutil.ReadFile(checksumPath)
+	valid, err := shared.VerifyFile(checksumPath, "", definition.Source.Keys, definition.Source.Keyserver)
+	if err == nil && valid {
+		checksum, err = shared.GetSignedContent(checksumPath, definition.Source.Keys, definition.Source.Keyserver)
+	} else {
+		checksum, err = ioutil.ReadFile(checksumPath)
+	}
 	if err != nil {
 		return errors.Wrap(err, "Failed to read checksum file")
 	}

More information about the lxc-devel mailing list