diff options
| author | Bob Gilligan <gilligan@vyatta.com> | 2010-05-03 17:19:15 -0700 |
|---|---|---|
| committer | Bob Gilligan <gilligan@vyatta.com> | 2010-05-03 17:19:15 -0700 |
| commit | 83cca7053bba3181b451609fee641271b3b7adf3 (patch) | |
| tree | 6f03379b89876b5558fbd8d545536df89492da78 | |
| parent | 763e6473a0ec3a96fdd83d574c44cb689f4c7a36 (diff) | |
| download | vyatta-cfg-system-83cca7053bba3181b451609fee641271b3b7adf3.tar.gz vyatta-cfg-system-83cca7053bba3181b451609fee641271b3b7adf3.zip | |
Add code to check digital signature of image files.
In URL mode, we now check for a digital signature file. If one
exists, we'll try to download it and check the signature.
| -rwxr-xr-x | scripts/install/install-image | 33 | ||||
| -rwxr-xr-x | scripts/install/install-image-existing | 2 |
2 files changed, 34 insertions, 1 deletions
diff --git a/scripts/install/install-image b/scripts/install/install-image index 607dcc98..c4bf3800 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -69,6 +69,39 @@ fetch_iso_by_url () fi echo "ISO download suceeded." + + echo "Checking for digital signature file..." + curl -f -o ${filename}.asc ${NEW_ISO}.asc + if [ $? -ne 0 ]; then + echo "Unable to fetch digital signature file." + echo -n "Do you want to continue without signature check? (yes/no) [yes] " + + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + # In case signature file was partially downloaded... + rm -f ${filename}.asc + fi + + if [ -e ${filename}.asc ]; then + echo "Found it. Checking digital signature..." + gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc + if [ $? -ne 0 ]; then + echo "Signature check FAILED." + echo -n "Do you want to continue anyway? (yes/no) [no] " + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + echo "OK. Proceding with installation anyway." + else + echo "Digital signature is valid." + fi + fi + NEW_ISO=$filename } diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index bad2be58..d35437ba 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -184,7 +184,7 @@ if [ -e "$DEF_GRUB" ]; then cp $DEF_GRUB $def_grub_vers sed -i "s/menuentry \"Vyatta.*(/menuentry \"Vyatta image $NEWNAME (/" $def_grub_vers sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers - sed -i "sX/boot/[A-Za-z0-9\.]*X/boot/${NEWNAME}Xg" $def_grub_vers + sed -i "sX/boot/[A-Za-z0-9\.\-]*X/boot/${NEWNAME}Xg" $def_grub_vers old_grub_cfg=$BOOT_DIR/grub/grub.cfg new_grub_cfg=/tmp/grub.cfg.$$ |