install-image: T2108: use minisign backup key if primary key fails

(cherry picked from commit 0c5edf1ced2872c495b190977db575deaf28fa1c)
author: Christian Poessinger <christian@poessinger.com> 2021-09-06 12:31:45 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-09-06 12:38:32 +0200
commit: 7518c12e511464ac49353597f5bdac0d6d152c99 (patch)
tree: 7f84788cb8c41bb85f454602932d0f666daed4b2 /scripts
parent: fe5c06993da7b5c3979c95b7820c0080d9107c44 (diff)
download: vyatta-cfg-system-7518c12e511464ac49353597f5bdac0d6d152c99.tar.gz
vyatta-cfg-system-7518c12e511464ac49353597f5bdac0d6d152c99.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/scripts/install/install-image b/scripts/install/install-image
index 13de9ab0..5e040e5e 100755
--- a/scripts/install/install-image
+++ b/scripts/install/install-image
@@ -139,7 +139,12 @@ fetch_iso_by_url ()
         echo "Checking digital signature..."
         if [ -f ${filename}.minisig ]; then
             minisign -V -q -p /usr/share/vyos/keys/vyos-release.minisign.pub -m ${filename} -x ${filename}.minisig
-        elif [ -f ${filename}.asc ]; then
+            if [ $? -ne 0 ]; then
+                echo "Signature check FAILED, trying BACKUP key..."
+                minisign -V -q -p /usr/share/vyos/keys/vyos-backup.minisign.pub -m ${filename} -x ${filename}.minisig
+            fi
+        fi
+        if [ -f ${filename}.asc ]; then
             gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc
         fi
         if [ $? -ne 0 ]; then
author	Christian Poessinger <christian@poessinger.com>	2021-09-06 12:31:45 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-09-06 12:38:32 +0200
commit	7518c12e511464ac49353597f5bdac0d6d152c99 (patch)
tree	7f84788cb8c41bb85f454602932d0f666daed4b2 /scripts
parent	fe5c06993da7b5c3979c95b7820c0080d9107c44 (diff)
download	vyatta-cfg-system-7518c12e511464ac49353597f5bdac0d6d152c99.tar.gz vyatta-cfg-system-7518c12e511464ac49353597f5bdac0d6d152c99.zip