Libguestfs - Feb 2015 - [PATCH] builder: when not checking sigs, ignore --fingerprint args (RHBZ#1193237)

When the user chooses to not verify the signatures on the indexes
(using --no-check-signature), there is no point in requiring as many
--fingerprint as --source (or even just one), as they will not be used
anyway.

In this case just ignore all the values of the specified --fingerprint
arguments.
---
 builder/cmdline.ml | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/builder/cmdline.ml b/builder/cmdline.ml
index 9dad141..b8227cc 100644
--- a/builder/cmdline.ml
+++ b/builder/cmdline.ml
@@ -281,13 +281,18 @@ read the man page virt-builder(1).
 
     let nr_sources = List.length sources in
     let fingerprints -      match fingerprints with
-      | [fingerprint] ->
-        (* You're allowed to have multiple sources and one fingerprint: it
-         * means that the same fingerprint is used for all sources.
-         *)
-        repeat fingerprint nr_sources
-      | xs -> xs in
+      if check_signature then (
+        match fingerprints with
+        | [fingerprint] ->
+          (* You're allowed to have multiple sources and one fingerprint:
it
+           * means that the same fingerprint is used for all sources.
+           *)
+          repeat fingerprint nr_sources
+        | xs -> xs
+      ) else
+        (* We are not checking signatures, so just ignore any fingerprint
+         * specified. *)
+        repeat "" nr_sources in
 
     if List.length fingerprints <> nr_sources then
       error (f_"source and fingerprint lists are not the same
length");
-- 
2.1.4

On Tue, Feb 17, 2015 at 04:34:16PM +0100, Pino Toscano
wrote:
> When the user chooses to not verify the signatures on the indexes
> (using --no-check-signature), there is no point in requiring as many
> --fingerprint as --source (or even just one), as they will not be used
> anyway.
> 
> In this case just ignore all the values of the specified --fingerprint
> arguments.
> ---
>  builder/cmdline.ml | 19 ++++++++++++-------
>  1 file changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/builder/cmdline.ml b/builder/cmdline.ml
> index 9dad141..b8227cc 100644
> --- a/builder/cmdline.ml
> +++ b/builder/cmdline.ml
> @@ -281,13 +281,18 @@ read the man page virt-builder(1).
>  
>      let nr_sources = List.length sources in
>      let fingerprints > -      match fingerprints with
> -      | [fingerprint] ->
> -        (* You're allowed to have multiple sources and one
fingerprint: it
> -         * means that the same fingerprint is used for all sources.
> -         *)
> -        repeat fingerprint nr_sources
> -      | xs -> xs in
> +      if check_signature then (
> +        match fingerprints with
> +        | [fingerprint] ->
> +          (* You're allowed to have multiple sources and one
fingerprint: it
> +           * means that the same fingerprint is used for all sources.
> +           *)
> +          repeat fingerprint nr_sources
> +        | xs -> xs
> +      ) else
> +        (* We are not checking signatures, so just ignore any fingerprint
> +         * specified. *)
> +        repeat "" nr_sources in
>  
>      if List.length fingerprints <> nr_sources then
>        error (f_"source and fingerprint lists are not the same
length");
> -- 
ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html