Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- def download(self, url, timestamp=None, **kwargs):
+ def download(self, url, public_key, timestamp=None, **kwargs):
headers = {}
if timestamp:
headers = {}
if timestamp:
else:
# Check if the downloaded database is recent
else:
# Check if the downloaded database is recent
- if not self._check_database(t, timestamp):
+ if not self._check_database(t, public_key, timestamp):
log.warning("Downloaded database is outdated. Trying next mirror...")
# Throw away the data and try again
log.warning("Downloaded database is outdated. Trying next mirror...")
# Throw away the data and try again
raise FileNotFoundError(url)
raise FileNotFoundError(url)
- def _check_database(self, f, timestamp=None):
+ def _check_database(self, f, public_key, timestamp=None):
"""
Checks the downloaded database if it can be opened,
verified and if it is recent enough
"""
Checks the downloaded database if it can be opened,
verified and if it is recent enough
"%a, %d %b %Y %H:%M:%S GMT", time.gmtime(db.created_at),
)))
"%a, %d %b %Y %H:%M:%S GMT", time.gmtime(db.created_at),
)))
+ # Verify the database
+ with open(public_key, "r") as f:
+ if not db.verify(f):
+ log.error("Could not verify database")
+ return False
+
default="@databasedir@/database.db", help=_("Path to database"),
)
default="@databasedir@/database.db", help=_("Path to database"),
)
+ # public key
+ parser.add_argument("--public-key", "-k",
+ default="@databasedir@/signing-key.pem", help=_("Public Signing Key"),
+ )
+
# Update
update = subparsers.add_parser("update", help=_("Update database"))
update.set_defaults(func=self.handle_update)
# Update
update = subparsers.add_parser("update", help=_("Update database"))
update.set_defaults(func=self.handle_update)
# Try downloading a new database
try:
# Try downloading a new database
try:
- t = self.downloader.download(DATABASE_FILENAME, timestamp=timestamp)
+ t = self.downloader.download(DATABASE_FILENAME,
+ public_key=ns.public_key, timestamp=timestamp)
# If no file could be downloaded, log a message
except FileNotFoundError as e:
# If no file could be downloaded, log a message
except FileNotFoundError as e: