diff options
| -rwxr-xr-x | scripts/install/install-image | 30 | ||||
| -rwxr-xr-x | scripts/vyatta_net_name | 2 | ||||
| -rw-r--r-- | templates/interfaces/tunnel/node.def | 4 |
3 files changed, 32 insertions, 4 deletions
diff --git a/scripts/install/install-image b/scripts/install/install-image index dbdd5901..1ac7c89e 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -102,7 +102,10 @@ fetch_iso_by_url () echo "ISO download succeeded." echo "Checking for digital signature file..." - curl -L -H "User-Agent: VyOS/$vyos_version" $auth -f -o ${filename}.asc ${NEW_ISO}.asc + curl -L -H "User-Agent: VyOS/$vyos_version" $auth -f -o ${filename}.minisig ${NEW_ISO}.minisig + if [ $? -ne 0 ]; then + curl -L -H "User-Agent: VyOS/$vyos_version" $auth -f -o ${filename}.asc ${NEW_ISO}.asc + fi if [ $? -ne 0 ]; then echo "Unable to fetch digital signature file." echo -n "Do you want to continue without signature check? (yes/no) [yes] " @@ -114,7 +117,28 @@ fetch_iso_by_url () fi # In case signature file was partially downloaded... - rm -f ${filename}.asc + rm -f ${filename}.asc ${filename}.minisig + fi + + if [ -e ${filename}.minisig ]; then + echo "Found it. Checking digital signature..." + minisign -V -q -p /usr/share/vyos/keys/vyos-release.minisign.pub -m ${filename} -x ${filename}.minisig + if [ $? -ne 0 ]; then + echo "Signature check FAILED, trying BACKUP key..." + minisign -V -q -p /usr/share/vyos/keys/vyos-backup.minisign.pub -m ${filename} -x ${filename}.minisig + fi + if [ $? -ne 0 ]; then + echo "Signature check FAILED." + echo -n "Do you want to continue anyway? (yes/no) [no] " + response=$(get_response "No" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + echo "OK. Proceeding with installation anyway." + else + echo "Digital signature is valid." + fi fi if [ -e ${filename}.asc ]; then @@ -127,7 +151,7 @@ fetch_iso_by_url () if [ "$response" == "no" ] || [ "$response" == "n" ]; then fail_exit 'OK. Installation will not be performed.' fi - + echo "OK. Proceeding with installation anyway." else echo "Digital signature is valid." diff --git a/scripts/vyatta_net_name b/scripts/vyatta_net_name index 825bf86f..d61ac6a3 100755 --- a/scripts/vyatta_net_name +++ b/scripts/vyatta_net_name @@ -55,7 +55,7 @@ sub get_hwid_from_children { my $children = shift; foreach my $attr (@$children) { - next unless ($attr->{'name'} =~ /^hw-id ([0-9a-f:]+)/); + next unless (($attr->{'name'} =~ /^hw-id ([0-9a-f:]+)/) || ($attr->{'name'} =~ /^hw-id "([0-9a-f:]+)"/)); return $1; } diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index d42f6560..48659c34 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -16,6 +16,10 @@ commit:expression: exec " if [ $VAR(./encapsulation/@) = gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ echo \"No remote-ip configured for $VAR(@), tunnel can only be used for mGRE.\"; \ + if [ $VAR(./local-ip/@) == \"0.0.0.0\" ] && [ ! -n \"$VAR(./parameters/ip/key/)\" ]; then \ + echo \"Tunnel $VAR(@) parameters ip key must be set!\"; \ + exit 1; \ + fi \ fi; \ if [ -n \"$VAR(./6rd-prefix/)\" ]; then \ if [ $VAR(./encapsulation/@) != sit ]; then \ |