diff options
| author | Katharina Drexel <katharina.drexel@bfh.ch> | 2021-04-09 15:26:19 +0000 |
|---|---|---|
| committer | Katharina Drexel <katharina.drexel@bfh.ch> | 2021-04-13 07:56:58 +0000 |
| commit | b9e9fa985fccf20b3203928eb5910b8ac6cf30e7 (patch) | |
| tree | 34323132f9817f8f664502acb5355bc17bdb3833 | |
| parent | MultiMirror boot for mmdebstrap. (diff) | |
| download | compute-tools-b9e9fa985fccf20b3203928eb5910b8ac6cf30e7.tar.xz compute-tools-b9e9fa985fccf20b3203928eb5910b8ac6cf30e7.zip | |
Adding archive key verification.tmp-dxk1
| -rwxr-xr-x | share/scripts/debconf | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/share/scripts/debconf b/share/scripts/debconf index 07d9a88..4f99150 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -425,8 +425,49 @@ EOF case "${MODE}" in progress-linux) PROGRESS_SOURCES="${DEBCONF_TMPDIR}/progress-linux.sources" + PROGRESS_SIG="${DEBCONF_TMPDIR}/progress-linux-${RELNR}-${DIST}-archive-key.pub.sig" PROGRESS_KEY="${DEBCONF_TMPDIR}/progress-linux-${RELNR}-${DIST}-archive-key.pub" - wget -O "${PROGRESS_KEY}" "https://deb.progress-linux.org/packages/project/pgp/progress-linux-${RELNR}-${DIST}-archive-key.pub" + KEY_NAME=$(basename ${PROGRESS_KEY}) + + dpkg -l debian-keyring >/dev/null || apt install -qy debian-keyring + + wget -q -O "${PROGRESS_KEY}" "https://deb.progress-linux.org/packages/project/pgp/progress-linux-${RELNR}-${DIST}-archive-key.pub" + wget -q -O "${PROGRESS_SIG}" "https://deb.progress-linux.org/packages/project/pgp/progress-linux-${RELNR}-${DIST}-archive-key.pub.sig" + + if [ -e /usr/bin/gpgv ] + then + if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ] + then + KEY_VALID="" + + for KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg + do + if [ -e "${KEYRING}" ] + then + echo -n "I: Verifying archive-key ${KEY_NAME} against $(basename ${KEYRING} .gpg | sed -e 's|-keyring||') keyring..." + if gpgv --quiet --keyring "${KEYRING}" "${PROGRESS_SIG}" "${PROGRESS_KEY}" 2>/dev/null + then + KEY_VALID="true" && break + fi + fi + done + + case "${KEY_VALID}" in + true) + echo " successful." + ;; + + *) + echo " failed." + return 1 + ;; + esac + else + echo "W: Skipping archive-key ${KEY_NAME} verification, debian-keyring not available..." + fi + else + echo "W: Skipping archive-key ${KEY_NAME} verification, gpgv not available..." + fi for ARCHIVE in ${ARCHIVES} do |