sipwise
/
netscript
mirror of https://github.com/sipwise/netscript.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#54410 Get rid of hardcoded checksum of sipwise.gpg file

Browse Source 
We want to get rid of old sipwise gpg file as it contains weak key. To
do it we need either update this hardcoded value (and do it every time
when key is updated) or use the same behavior as it's used in
installer.

Change-Id: I0de951778c7f3c2c877889d3b2225588442be3de
(cherry picked from commit 35bfe45d24)
changes/53/37853/1
Mykola Malkov 5 years ago
parent c3be56bd04
commit 88a1cf41f8
1 changed files with 22 additions and 16 deletions

36
deployment.sh
Unescape View File

@ -171,29 +171,35 @@ install_sipwise_key() {
echo "Sipwise keyring not found, downloading." echo "Sipwise keyring not found, downloading."
fi fi
for x in 1 2 3; do local tmp_key
tmp_key="$(mktemp)"
for x in 1 2 3; do
if "$PRO_EDITION" ; then if "$PRO_EDITION" ; then
wget -O /etc/apt/trusted.gpg.d/sipwise.gpg ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/sppro/sipwise.gpg wget -q -T 10 --retry-connrefused --tries=3 --no-verbose -O "${tmp_key}" ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/sppro/sipwise.gpg
else else
wget -O /etc/apt/trusted.gpg.d/sipwise.gpg ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/spce/sipwise.gpg wget -q -T 10 --retry-connrefused --tries=3 --no-verbose -O "${tmp_key}" ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/spce/sipwise.gpg
fi
chmod 644 "${tmp_key}"
local sipwise_key_checksum
sipwise_key_checksum=$(sha256sum "${tmp_key}" | awk '{print $1}')
echo "Sipwise keyring downloaded with checksum (sha256sum: [${sipwise_key_checksum}]). Is it correct and should be imported into the system? [y/N]"
if "${INTERACTIVE}"; then
local a
read -r a
if [[ "${a,,}" != "y" ]] ; then
echo "The key wasn't accepted, retrying... ${x}/3"
continue
fi fi
md5sum_sipwise_key_expected=bcd09c9ad563b2d380152a97d5a0ea83
md5sum_sipwise_key_calculated=$(md5sum /etc/apt/trusted.gpg.d/sipwise.gpg | awk '{print $1}')
if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then
echo "Sipwise keyring has wrong checksum (expected: [$md5sum_sipwise_key_expected] - got: [$md5sum_sipwise_key_calculated]), retry $x"
else
break
fi fi
echo "The key has been accepted, installing it as /etc/apt/trusted.gpg.d/sipwise.gpg"
debootstrap_sipwise_key
mv "${tmp_key}" "/etc/apt/trusted.gpg.d/sipwise.gpg"
return
done done
if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then
die "Error validating sipwise keyring for apt usage, aborting installation." die "Error validating sipwise keyring for apt usage, aborting installation."
fi
debootstrap_sipwise_key
} }
install_apt_transport_https () { install_apt_transport_https () {

Write Preview
Loading…
Cancel
Save