Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upinstaller: verify yumdownloader's downloads #229
Comments
marmarek
added this to the Release 1 Beta 2 milestone
Mar 8, 2015
marmarek
added
bug
C: installer
P: critical
labels
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 22 Apr 2011 21:56 UTC
[installer](user@qbdev-f13)$ grep -R yumdownloader *
anaconda/anaconda.spec:- Pass the --archlist option to yumdownloader (jkeating)
anaconda/scripts/mk-images.efi: ydcmd="yumdownloader -c $yumconf $grubpkg"
anaconda/scripts/mk-images.efi: ydcmd="yumdownloader -c ${yumconf} ${artpkg}"
anaconda/scripts/buildinstall: yumdownloader -c $yumconf anaconda || exit 1
anaconda/scripts/mk-images: yumdownloader -c $yumconf --archlist=$KERNELARCH $kpackage
anaconda/scripts/mk-images: yumdownloader -c $yumconf $p
anaconda/scripts/mk-images: yumdownloader -c $yumconf $p
anaconda/anaconda.spec.in:- Pass the --archlist option to yumdownloader (jkeating)
revisor/F13-buildinstall: yumdownloader -c $yumconf anaconda || exit 1
and this is really killing me:
[installer](user@qbdev-f13)$ grep -R wget *
anaconda/anaconda.spec:- Add wget to the initrd, which is required for rhts. (clumens)
anaconda/scripts/upd-instroot: wget wpa_supplicant xkeyboard-config xfsprogs xorg-x11-xauth
anaconda/scripts/upd-instroot:usr/bin/wget
anaconda/scripts/mk-images: instbin $IMGPATH /usr/bin/wget $MBD_DIR /sbin/wget
anaconda/anaconda.spec.in:- Add wget to the initrd, which is required for rhts. (clumens)
conf/comps-qubes.xml: <packagereq type="default">wget</packagereq>
Binary file rpm/x86_64/anaconda-debuginfo-13.42-1.fc13.x86_64.rpm matches
Binary file rpm/x86_64/anaconda-13.42-1.fc13.x86_64.rpm matches
|
Comment by joanna on 22 Apr 2011 21:56 UTC and this is really killing me: |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by joanna on 22 Apr 2011 22:49 UTC
Actually we will need to solve this only in a little while, as we won't be generating any new isos anytime soon, so lowering the prio for now.
|
Comment by joanna on 22 Apr 2011 22:49 UTC |
marmarek
added
P: major
and removed
P: critical
labels
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 8, 2015
Member
Comment by marmarek on 24 Jun 2011 11:35 UTC
http://git.qubes-os.org/gitweb/?p=marmarek/installer.git;a=commit;h=2492505537bb7ee0decda80419859a4297c85d16
|
Comment by marmarek on 24 Jun 2011 11:35 UTC |
marmarek commentedMar 8, 2015
Reported by joanna on 22 Apr 2011 21:54 UTC
So, it seems like our image building scripts use yumdownloader to get some rpms from the Net, but then never verify the signature on those downloaded rpms. (I'm pretty sure that yumdownloader itself does not verify signatures).
We might consider adding rpm -K after every yumdownloader there, but parsing rpm -K requires care -- e.g. it returns success (exit 0) if e.g. MD5 is fine, but there could be no pgp signature (sigh...)
So, how smartass-ish... we complain about Xen's Makefiles downloading tgz and building them, and we actually do the same!
Migrated-From: https://wiki.qubes-os.org/ticket/229