summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKatharina Drexel <katharina.drexel@bfh.ch>2021-04-09 15:26:19 +0000
committerKatharina Drexel <katharina.drexel@bfh.ch>2021-04-13 07:56:58 +0000
commitb9e9fa985fccf20b3203928eb5910b8ac6cf30e7 (patch)
tree34323132f9817f8f664502acb5355bc17bdb3833
parentMultiMirror boot for mmdebstrap. (diff)
downloadcompute-tools-b9e9fa985fccf20b3203928eb5910b8ac6cf30e7.tar.xz
compute-tools-b9e9fa985fccf20b3203928eb5910b8ac6cf30e7.zip
Adding archive key verification.tmp-dxk1
Diffstat (limited to '')
-rwxr-xr-xshare/scripts/debconf43
1 files changed, 42 insertions, 1 deletions
diff --git a/share/scripts/debconf b/share/scripts/debconf
index 07d9a88..4f99150 100755
--- a/share/scripts/debconf
+++ b/share/scripts/debconf
@@ -425,8 +425,49 @@ EOF
case "${MODE}" in
progress-linux)
PROGRESS_SOURCES="${DEBCONF_TMPDIR}/progress-linux.sources"
+ PROGRESS_SIG="${DEBCONF_TMPDIR}/progress-linux-${RELNR}-${DIST}-archive-key.pub.sig"
PROGRESS_KEY="${DEBCONF_TMPDIR}/progress-linux-${RELNR}-${DIST}-archive-key.pub"
- wget -O "${PROGRESS_KEY}" "https://deb.progress-linux.org/packages/project/pgp/progress-linux-${RELNR}-${DIST}-archive-key.pub"
+ KEY_NAME=$(basename ${PROGRESS_KEY})
+
+ dpkg -l debian-keyring >/dev/null || apt install -qy debian-keyring
+
+ wget -q -O "${PROGRESS_KEY}" "https://deb.progress-linux.org/packages/project/pgp/progress-linux-${RELNR}-${DIST}-archive-key.pub"
+ wget -q -O "${PROGRESS_SIG}" "https://deb.progress-linux.org/packages/project/pgp/progress-linux-${RELNR}-${DIST}-archive-key.pub.sig"
+
+ if [ -e /usr/bin/gpgv ]
+ then
+ if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ]
+ then
+ KEY_VALID=""
+
+ for KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg
+ do
+ if [ -e "${KEYRING}" ]
+ then
+ echo -n "I: Verifying archive-key ${KEY_NAME} against $(basename ${KEYRING} .gpg | sed -e 's|-keyring||') keyring..."
+ if gpgv --quiet --keyring "${KEYRING}" "${PROGRESS_SIG}" "${PROGRESS_KEY}" 2>/dev/null
+ then
+ KEY_VALID="true" && break
+ fi
+ fi
+ done
+
+ case "${KEY_VALID}" in
+ true)
+ echo " successful."
+ ;;
+
+ *)
+ echo " failed."
+ return 1
+ ;;
+ esac
+ else
+ echo "W: Skipping archive-key ${KEY_NAME} verification, debian-keyring not available..."
+ fi
+ else
+ echo "W: Skipping archive-key ${KEY_NAME} verification, gpgv not available..."
+ fi
for ARCHIVE in ${ARCHIVES}
do