[pve-devel] [PATCH dab-pve-appliances 2/2] pmg: optionally verify cvd files with sigtool

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Jan 6 09:57:06 CET 2020


Am 1/2/20 um 5:53 PM schrieb Stoiko Ivanov:
> sigtool (1)  is clamav's utility to manipulate and verify cvd files.
> It is shipped in the clamav package, which is not installed inside
> pmg (it uses the daemonized version - clamav-daemon).
> 
> This patch verifies the downloaded cvd-files if sigtool is installed on the
> build host and skips the verification if not (in order to not depend on an
> installed clamav package).
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
>  debian-10.0-pmg-64/Makefile | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/debian-10.0-pmg-64/Makefile b/debian-10.0-pmg-64/Makefile
> index b2ff0b0..87d5e51 100644
> --- a/debian-10.0-pmg-64/Makefile
> +++ b/debian-10.0-pmg-64/Makefile
> @@ -33,3 +33,4 @@ dist-clean:
>  ${CVD_FILES}:
>  	curl -L --silent --show-error --fail  --time-cond $@ -o $@.tmp http://database.clamav.net/$@
>  	[ -f $@.tmp ] && mv $@.tmp $@ || true
> +	if [ -x /usr/bin/sigtool ]; then sigtool -i $@; else echo "skipping verification of $@"; fi
> 

please use `command -v sigtool >/dev/null` as check, that avoids hardcoding absolute
paths and is POSIX compatible - makes it more consistent too, as you call it by it's
stripped name only anyway. OK for me, signature verification is something I like to have
for official images. 



More information about the pve-devel mailing list