T5781: use dynamic minisign key list

Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/
author: KyleM <103862795+ServerForge@users.noreply.github.com> 2023-12-21 10:42:14 -0500
committer: GitHub <noreply@github.com> 2023-12-21 16:42:14 +0100
commit: dfbc854157fa4655a8f459b2447df64dc74119d1 (patch)
tree: 5afede43ddba70b595000118cd04157f41354114 /src
parent: 2df14d0a2b07061835d1718457925355a7a951c3 (diff)
download: vyos-1x-dfbc854157fa4655a8f459b2447df64dc74119d1.tar.gz
vyos-1x-dfbc854157fa4655a8f459b2447df64dc74119d1.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py
index 6a8797aec..529b388c8 100755
--- a/src/op_mode/image_installer.py
+++ b/src/op_mode/image_installer.py
@@ -441,10 +441,8 @@ def validate_signature(file_path: str, sign_type: str) -> None:
     signature_valid: bool = False
     # validate with minisig
     if sign_type == 'minisig':
-        for pubkey in [
-                '/usr/share/vyos/keys/vyos-release.minisign.pub',
-                '/usr/share/vyos/keys/vyos-backup.minisign.pub'
-        ]:
+        pub_key_list = glob('/usr/share/vyos/keys/*.minisign.pub')
+        for pubkey in pub_key_list:
             if run(f'minisign -V -q -p {pubkey} -m {file_path} -x {file_path}.minisig'
                   ) == 0:
                 signature_valid = True
author	KyleM <103862795+ServerForge@users.noreply.github.com>	2023-12-21 10:42:14 -0500
committer	GitHub <noreply@github.com>	2023-12-21 16:42:14 +0100
commit	dfbc854157fa4655a8f459b2447df64dc74119d1 (patch)
tree	5afede43ddba70b595000118cd04157f41354114 /src
parent	2df14d0a2b07061835d1718457925355a7a951c3 (diff)
download	vyos-1x-dfbc854157fa4655a8f459b2447df64dc74119d1.tar.gz vyos-1x-dfbc854157fa4655a8f459b2447df64dc74119d1.zip