From 50b68e2876068341c6ae676ca6a058d0afcf3947 Mon Sep 17 00:00:00 2001
From: KyleM <103862795+ServerForge@users.noreply.github.com>
Date: Thu, 21 Dec 2023 10:42:14 -0500
Subject: T5781: use dynamic minisign key list

Updated image_installer.py to try and validate image with all
minisign public keys in /usr/share/vyos/keys/

(cherry picked from commit dfbc854157fa4655a8f459b2447df64dc74119d1)
---
 src/op_mode/image_installer.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src/op_mode/image_installer.py')

diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py
index 5eb5441f7..886745bc7 100755
--- a/src/op_mode/image_installer.py
+++ b/src/op_mode/image_installer.py
@@ -451,10 +451,8 @@ def validate_signature(file_path: str, sign_type: str) -> None:
     signature_valid: bool = False
     # validate with minisig
     if sign_type == 'minisig':
-        for pubkey in [
-                '/usr/share/vyos/keys/vyos-release.minisign.pub',
-                '/usr/share/vyos/keys/vyos-backup.minisign.pub'
-        ]:
+        pub_key_list = glob('/usr/share/vyos/keys/*.minisign.pub')
+        for pubkey in pub_key_list:
             if run(f'minisign -V -q -p {pubkey} -m {file_path} -x {file_path}.minisig'
                   ) == 0:
                 signature_valid = True
-- 
cgit v1.2.3