From 7518c12e511464ac49353597f5bdac0d6d152c99 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 6 Sep 2021 12:31:45 +0200
Subject: install-image: T2108: use minisign backup key if primary key fails

(cherry picked from commit 0c5edf1ced2872c495b190977db575deaf28fa1c)
---
 scripts/install/install-image | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'scripts')

diff --git a/scripts/install/install-image b/scripts/install/install-image
index 13de9ab0..5e040e5e 100755
--- a/scripts/install/install-image
+++ b/scripts/install/install-image
@@ -139,7 +139,12 @@ fetch_iso_by_url ()
         echo "Checking digital signature..."
         if [ -f ${filename}.minisig ]; then
             minisign -V -q -p /usr/share/vyos/keys/vyos-release.minisign.pub -m ${filename} -x ${filename}.minisig
-        elif [ -f ${filename}.asc ]; then
+            if [ $? -ne 0 ]; then
+                echo "Signature check FAILED, trying BACKUP key..."
+                minisign -V -q -p /usr/share/vyos/keys/vyos-backup.minisign.pub -m ${filename} -x ${filename}.minisig
+            fi
+        fi
+        if [ -f ${filename}.asc ]; then
             gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc
         fi
         if [ $? -ne 0 ]; then
-- 
cgit v1.2.3