Pino Toscano
2015-Feb-17 15:34 UTC
[Libguestfs] [PATCH] builder: when not checking sigs, ignore --fingerprint args (RHBZ#1193237)
When the user chooses to not verify the signatures on the indexes
(using --no-check-signature), there is no point in requiring as many
--fingerprint as --source (or even just one), as they will not be used
anyway.
In this case just ignore all the values of the specified --fingerprint
arguments.
---
builder/cmdline.ml | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/builder/cmdline.ml b/builder/cmdline.ml
index 9dad141..b8227cc 100644
--- a/builder/cmdline.ml
+++ b/builder/cmdline.ml
@@ -281,13 +281,18 @@ read the man page virt-builder(1).
let nr_sources = List.length sources in
let fingerprints - match fingerprints with
- | [fingerprint] ->
- (* You're allowed to have multiple sources and one fingerprint: it
- * means that the same fingerprint is used for all sources.
- *)
- repeat fingerprint nr_sources
- | xs -> xs in
+ if check_signature then (
+ match fingerprints with
+ | [fingerprint] ->
+ (* You're allowed to have multiple sources and one fingerprint:
it
+ * means that the same fingerprint is used for all sources.
+ *)
+ repeat fingerprint nr_sources
+ | xs -> xs
+ ) else
+ (* We are not checking signatures, so just ignore any fingerprint
+ * specified. *)
+ repeat "" nr_sources in
if List.length fingerprints <> nr_sources then
error (f_"source and fingerprint lists are not the same
length");
--
2.1.4
Richard W.M. Jones
2015-Feb-18 11:49 UTC
Re: [Libguestfs] [PATCH] builder: when not checking sigs, ignore --fingerprint args (RHBZ#1193237)
On Tue, Feb 17, 2015 at 04:34:16PM +0100, Pino Toscano wrote:> When the user chooses to not verify the signatures on the indexes > (using --no-check-signature), there is no point in requiring as many > --fingerprint as --source (or even just one), as they will not be used > anyway. > > In this case just ignore all the values of the specified --fingerprint > arguments. > --- > builder/cmdline.ml | 19 ++++++++++++------- > 1 file changed, 12 insertions(+), 7 deletions(-) > > diff --git a/builder/cmdline.ml b/builder/cmdline.ml > index 9dad141..b8227cc 100644 > --- a/builder/cmdline.ml > +++ b/builder/cmdline.ml > @@ -281,13 +281,18 @@ read the man page virt-builder(1). > > let nr_sources = List.length sources in > let fingerprints > - match fingerprints with > - | [fingerprint] -> > - (* You're allowed to have multiple sources and one fingerprint: it > - * means that the same fingerprint is used for all sources. > - *) > - repeat fingerprint nr_sources > - | xs -> xs in > + if check_signature then ( > + match fingerprints with > + | [fingerprint] -> > + (* You're allowed to have multiple sources and one fingerprint: it > + * means that the same fingerprint is used for all sources. > + *) > + repeat fingerprint nr_sources > + | xs -> xs > + ) else > + (* We are not checking signatures, so just ignore any fingerprint > + * specified. *) > + repeat "" nr_sources in > > if List.length fingerprints <> nr_sources then > error (f_"source and fingerprint lists are not the same length"); > --ACK. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html