[elbe-devel] [PATCH] debinstaller: Do not verify Release file for noauth

bage at linutronix.de bage at linutronix.de
Fri Jul 9 17:05:27 CEST 2021 

From: Bastian Germann <bage at linutronix.de>

Regardless of a <noauth/> in the <initvm> section, Elbe downloads
Release.gpg and verifies it.  Stop doing that with <noauth/>.

Signed-off-by: Bastian Germann <bage at linutronix.de>
---
 elbepack/debinstaller.py | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/elbepack/debinstaller.py b/elbepack/debinstaller.py
index d880e5e34..1e42bc283 100644
--- a/elbepack/debinstaller.py
+++ b/elbepack/debinstaller.py
@@ -109,7 +109,7 @@ def download(url, local_fname):
         raise NoKinitrdException('Failed to download %s' % url)
 
 
-def download_release(tmp, base_url):
+def verify_release(tmp, base_url):
 
     # setup gpg context, for verifying
     # the Release.gpg signature.
@@ -118,10 +118,6 @@ def download_release(tmp, base_url):
                       None,
                       tmp.fname('/'))
 
-    # download the Relase file to a tmp file,
-    # because we need it 2 times
-    download(base_url + "Release", tmp.fname('Release'))
-
     # validate signature.
     # open downloaded plaintext file, and
     # use the urlopen object of the Release.gpg
@@ -149,16 +145,17 @@ def download_release(tmp, base_url):
         sig.close()
 
 
-def download_kinitrd(tmp, suite, mirror):
+def download_kinitrd(tmp, suite, mirror, skip_signature=False):
     base_url = "%s/dists/%s/" % (
         mirror.replace("LOCALMACHINE", "localhost"), suite)
     installer_path = "main/installer-amd64/current/images/"
 
     setup_apt_keyring(tmp.fname('/'), 'pubring.gpg')
 
-    # download release file and check
-    # signature
-    download_release(tmp, base_url)
+    # download release file
+    download(base_url + "Release", tmp.fname('Release'))
+    if not skip_signature:
+        verify_release(tmp, base_url)
 
     # parse Release file, and remember hashvalues
     # we are interested in
@@ -220,7 +217,7 @@ def copy_kinitrd(prj, target_dir):
                      os.path.join(target_dir, "initrd.gz"))
         else:
             mirror = get_primary_mirror(prj)
-            download_kinitrd(tmp, suite, mirror)
+            download_kinitrd(tmp, suite, mirror, prj.has("noauth"))
 
             copyfile(tmp.fname("initrd.gz"),
                      os.path.join(target_dir, "initrd.gz"))
-- 
2.30.2

More information about the elbe-devel mailing list