Merge pull request #3047 from vyos/mergify/bp/sagitta/pr-2633

T5781: add ability to add additional minisign keys (backport #2633)
author: Daniil Baturin <daniil@vyos.io> 2024-02-24 12:13:47 +0100
committer: GitHub <noreply@github.com> 2024-02-24 12:13:47 +0100
commit: 8783db146fa5ed7528f9ed825cefc10100e4d194 (patch)
tree: 8385ca64df94a5f84f2858f768dd7e6a464924e2 /src
parent: 660c969718f8e4a7771336d0b8a380949ed9b174 (diff)
parent: 50b68e2876068341c6ae676ca6a058d0afcf3947 (diff)
download: vyos-1x-8783db146fa5ed7528f9ed825cefc10100e4d194.tar.gz
vyos-1x-8783db146fa5ed7528f9ed825cefc10100e4d194.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py
index 5eb5441f7..886745bc7 100755
--- a/src/op_mode/image_installer.py
+++ b/src/op_mode/image_installer.py
@@ -451,10 +451,8 @@ def validate_signature(file_path: str, sign_type: str) -> None:
     signature_valid: bool = False
     # validate with minisig
     if sign_type == 'minisig':
-        for pubkey in [
-                '/usr/share/vyos/keys/vyos-release.minisign.pub',
-                '/usr/share/vyos/keys/vyos-backup.minisign.pub'
-        ]:
+        pub_key_list = glob('/usr/share/vyos/keys/*.minisign.pub')
+        for pubkey in pub_key_list:
             if run(f'minisign -V -q -p {pubkey} -m {file_path} -x {file_path}.minisig'
                   ) == 0:
                 signature_valid = True
author	Daniil Baturin <daniil@vyos.io>	2024-02-24 12:13:47 +0100
committer	GitHub <noreply@github.com>	2024-02-24 12:13:47 +0100
commit	8783db146fa5ed7528f9ed825cefc10100e4d194 (patch)
tree	8385ca64df94a5f84f2858f768dd7e6a464924e2 /src
parent	660c969718f8e4a7771336d0b8a380949ed9b174 (diff)
parent	50b68e2876068341c6ae676ca6a058d0afcf3947 (diff)
download	vyos-1x-8783db146fa5ed7528f9ed825cefc10100e4d194.tar.gz vyos-1x-8783db146fa5ed7528f9ed825cefc10100e4d194.zip