From 50b68e2876068341c6ae676ca6a058d0afcf3947 Mon Sep 17 00:00:00 2001 From: KyleM <103862795+ServerForge@users.noreply.github.com> Date: Thu, 21 Dec 2023 10:42:14 -0500 Subject: T5781: use dynamic minisign key list Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/ (cherry picked from commit dfbc854157fa4655a8f459b2447df64dc74119d1) --- src/op_mode/image_installer.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py index 5eb5441f7..886745bc7 100755 --- a/src/op_mode/image_installer.py +++ b/src/op_mode/image_installer.py @@ -451,10 +451,8 @@ def validate_signature(file_path: str, sign_type: str) -> None: signature_valid: bool = False # validate with minisig if sign_type == 'minisig': - for pubkey in [ - '/usr/share/vyos/keys/vyos-release.minisign.pub', - '/usr/share/vyos/keys/vyos-backup.minisign.pub' - ]: + pub_key_list = glob('/usr/share/vyos/keys/*.minisign.pub') + for pubkey in pub_key_list: if run(f'minisign -V -q -p {pubkey} -m {file_path} -x {file_path}.minisig' ) == 0: signature_valid = True -- cgit v1.2.3