From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 3 Aug 2015 11:40:25 +0000 (+0200)
Subject: lxc-alpine: fix verification of apk.static binary
X-Git-Tag: lxc-2.0.0.beta1~208
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e00f9e4e7ab5a76cfd4068e09579f9f471666a90;p=thirdparty%2Flxc.git

lxc-alpine: fix verification of apk.static binary

We need specify which hashing algorithm was used to create the signature
we check.

Fixes #609

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 963c42a99..6dcc51b2a 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -83,7 +83,7 @@ get_static_apk () {
 
     # verify the static apk binary signature
     APK=$rootfs/sbin/apk.static
-    openssl dgst -verify $rootfs/etc/apk/keys/$keyname \
+    openssl dgst -sha1 -verify $rootfs/etc/apk/keys/$keyname \
         -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1
 
     if [ "$auto_repo_dir" ]; then