lxc-alpine: fix verification of apk.static binary

We need specify which hashing algorithm was used to create the signature
we check.

Fixes #609

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 963c42a995c9323eddf81f6bbdc2655bb5ab18b1..6dcc51b2a9c64ffb93cb5e30b4203f406d5416b9 100644 (file)
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -83,7 +83,7 @@ get_static_apk () {
 
     # verify the static apk binary signature
     APK=$rootfs/sbin/apk.static
-    openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
+    openssl dgst -sha1 -verify $rootfs/etc/apk/keys/$keyname \
         -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
 
     if [ "$auto_repo_dir" ]; then