sipwise
/
netscript
mirror of https://github.com/sipwise/netscript.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#54410 Get rid of hardcoded checksum of sipwise.gpg file

Browse Source 
We want to get rid of old sipwise gpg file as it contains weak key. To
do it we need either update this hardcoded value (and do it every time
when key is updated) or use the same behavior as it's used in
installer.

Change-Id: I0de951778c7f3c2c877889d3b2225588442be3de
(cherry picked from commit 35bfe45d24)
changes/67/37867/1
Mykola Malkov 5 years ago
parent d16202be27
commit a35efdc711
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File

38
deployment.sh
Unescape View File

@ -171,29 +171,35 @@ install_sipwise_key() {
echo "Sipwise keyring not found, downloading." echo "Sipwise keyring not found, downloading."
fi fi
for x in 1 2 3; do local tmp_key
tmp_key="$(mktemp)"
for x in 1 2 3; do
if "$PRO_EDITION" ; then if "$PRO_EDITION" ; then
wget -O /etc/apt/trusted.gpg.d/sipwise.gpg ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/sppro/sipwise.gpg wget -q -T 10 --retry-connrefused --tries=3 --no-verbose -O "${tmp_key}" ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/sppro/sipwise.gpg
else else
wget -O /etc/apt/trusted.gpg.d/sipwise.gpg ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/spce/sipwise.gpg wget -q -T 10 --retry-connrefused --tries=3 --no-verbose -O "${tmp_key}" ${SIPWISE_REPO_TRANSPORT}://${SIPWISE_REPO_HOST}/spce/sipwise.gpg
fi fi
chmod 644 "${tmp_key}"
md5sum_sipwise_key_expected=bcd09c9ad563b2d380152a97d5a0ea83 local sipwise_key_checksum
md5sum_sipwise_key_calculated=$(md5sum /etc/apt/trusted.gpg.d/sipwise.gpg | awk '{print $1}') sipwise_key_checksum=$(sha256sum "${tmp_key}" | awk '{print $1}')
echo "Sipwise keyring downloaded with checksum (sha256sum: [${sipwise_key_checksum}]). Is it correct and should be imported into the system? [y/N]"
if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then
echo "Sipwise keyring has wrong checksum (expected: [$md5sum_sipwise_key_expected] - got: [$md5sum_sipwise_key_calculated]), retry $x" if "${INTERACTIVE}"; then
else local a
break read -r a
if [[ "${a,,}" != "y" ]] ; then
echo "The key wasn't accepted, retrying... ${x}/3"
continue
fi
fi fi
echo "The key has been accepted, installing it as /etc/apt/trusted.gpg.d/sipwise.gpg"
debootstrap_sipwise_key
mv "${tmp_key}" "/etc/apt/trusted.gpg.d/sipwise.gpg"
return
done done
if [ "$md5sum_sipwise_key_calculated" != "$md5sum_sipwise_key_expected" ] ; then die "Error validating sipwise keyring for apt usage, aborting installation."
die "Error validating sipwise keyring for apt usage, aborting installation."
fi
debootstrap_sipwise_key
} }
install_apt_transport_https () { install_apt_transport_https () {

Write Preview
Loading…
Cancel
Save