[pve-devel] [PATCH dab-pve-appliances 2/2] pmg: optionally verify cvd files with sigtool
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Jan 6 09:57:06 CET 2020
Am 1/2/20 um 5:53 PM schrieb Stoiko Ivanov:
> sigtool (1) is clamav's utility to manipulate and verify cvd files.
> It is shipped in the clamav package, which is not installed inside
> pmg (it uses the daemonized version - clamav-daemon).
>
> This patch verifies the downloaded cvd-files if sigtool is installed on the
> build host and skips the verification if not (in order to not depend on an
> installed clamav package).
>
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> debian-10.0-pmg-64/Makefile | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/debian-10.0-pmg-64/Makefile b/debian-10.0-pmg-64/Makefile
> index b2ff0b0..87d5e51 100644
> --- a/debian-10.0-pmg-64/Makefile
> +++ b/debian-10.0-pmg-64/Makefile
> @@ -33,3 +33,4 @@ dist-clean:
> ${CVD_FILES}:
> curl -L --silent --show-error --fail --time-cond $@ -o $@.tmp http://database.clamav.net/$@
> [ -f $@.tmp ] && mv $@.tmp $@ || true
> + if [ -x /usr/bin/sigtool ]; then sigtool -i $@; else echo "skipping verification of $@"; fi
>
please use `command -v sigtool >/dev/null` as check, that avoids hardcoding absolute
paths and is POSIX compatible - makes it more consistent too, as you call it by it's
stripped name only anyway. OK for me, signature verification is something I like to have
for official images.
More information about the pve-devel
mailing list