Skip to content

Commit

Permalink
Add validation for file format of downloaded upstream files
Browse files Browse the repository at this point in the history
  • Loading branch information
@aajith-arista
aajith-arista committed Jan 2, 2024
1 parent 42dedb3 commit 181ad26
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions impl/create_srpm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,13 @@ func (bldr *srpmBuilder) verifyUpstreamSrpm() error {
bldr.errPrefix)
}

// Check if downloaded file is a valid rpm
err := util.RunSystemCmd("rpm", "-q", "-p", upstreamSrpmFilePath)
if err != nil {
return fmt.Errorf("%sDownloaded SRPM file is not a valid rpm: %s",
bldr.errPrefix, err)
}

if !upstreamSrc.skipSigCheck {
if err := util.VerifyRpmSignature(upstreamSrpmFilePath, bldr.errPrefix); err != nil {
return err
Expand Down

0 comments on commit 181ad26

Please sign in to comment.