summaryrefslogtreecommitdiff
path: root/src/op_mode
diff options
context:
space:
mode:
authorKyleM <103862795+ServerForge@users.noreply.github.com>2023-12-21 10:42:14 -0500
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-02-24 08:45:55 +0000
commit50b68e2876068341c6ae676ca6a058d0afcf3947 (patch)
tree628de2512e6048abb067ccf591308a7630f6baa4 /src/op_mode
parent9086748f7a3f83482f5c39ca2d611ec22b329296 (diff)
downloadvyos-1x-50b68e2876068341c6ae676ca6a058d0afcf3947.tar.gz
vyos-1x-50b68e2876068341c6ae676ca6a058d0afcf3947.zip
T5781: use dynamic minisign key list
Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/ (cherry picked from commit dfbc854157fa4655a8f459b2447df64dc74119d1)
Diffstat (limited to 'src/op_mode')
-rwxr-xr-xsrc/op_mode/image_installer.py6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py
index 5eb5441f7..886745bc7 100755
--- a/src/op_mode/image_installer.py
+++ b/src/op_mode/image_installer.py
@@ -451,10 +451,8 @@ def validate_signature(file_path: str, sign_type: str) -> None:
signature_valid: bool = False
# validate with minisig
if sign_type == 'minisig':
- for pubkey in [
- '/usr/share/vyos/keys/vyos-release.minisign.pub',
- '/usr/share/vyos/keys/vyos-backup.minisign.pub'
- ]:
+ pub_key_list = glob('/usr/share/vyos/keys/*.minisign.pub')
+ for pubkey in pub_key_list:
if run(f'minisign -V -q -p {pubkey} -m {file_path} -x {file_path}.minisig'
) == 0:
signature_valid = True