Merge pull request #33469 from meaksh/zypper-download-check-signature-2015.8

check the RPM signature of zypper pkg.download packages and report errors
2025-04-17 10:10:20 +00:00 · 2016-05-24 09:09:05 -07:00 · 2016-05-24 09:09:05 -07:00 · 9f56ab4c45
commit 9f56ab4c45
parent 00f9090928 a65071a6d1
2 changed files with 31 additions and 1 deletions
--- a/salt/modules/rpm.py
+++ b/salt/modules/rpm.py
@ -602,3 +602,29 @@ def version_cmp(ver1, ver2):
        log.warning("Failed to compare version '{0}' to '{1}' using RPM: {2}".format(ver1, ver2, exc))

    return salt.utils.version_cmp(ver1, ver2)
+
+
+def checksum(*paths):
+    '''
+    Return if the signature of a RPM file is valid.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' lowpkg.checksum /path/to/package1.rpm
+        salt '*' lowpkg.checksum /path/to/package1.rpm /path/to/package2.rpm
+    '''
+    ret = dict()
+
+    if not paths:
+        raise CommandExecutionError("No package files has been specified.")
+
+    for package_file in paths:
+        ret[package_file] = (bool(__salt__['file.file_exists'](package_file)) and
+                            not __salt__['cmd.retcode'](["rpm", "-K", "--quiet", package_file],
+                                                        ignore_retcode=True,
+                                                        output_loglevel='trace',
+                                                        python_shell=False))
+
+    return ret
--- a/salt/modules/zypper.py
+++ b/salt/modules/zypper.py
@ -1534,9 +1534,13 @@ def download(*packages, **kwargs):
            'repository-alias': repo.getAttribute("alias"),
            'path': dld_result.getElementsByTagName("localfile")[0].getAttribute("path"),
        }
-        pkg_ret[_get_first_aggregate_text(dld_result.getElementsByTagName("name"))] = pkg_info
+        if __salt__['lowpkg.checksum'](pkg_info['path']):
+            pkg_ret[_get_first_aggregate_text(dld_result.getElementsByTagName("name"))] = pkg_info

    if pkg_ret:
+        failed = [pkg for pkg in packages if pkg not in pkg_ret]
+        if failed:
+            pkg_ret['_error'] = ('The following package(s) failed to download: {0}'.format(', '.join(failed)))
        return pkg_ret

    raise CommandExecutionError("Unable to download packages: {0}.".format(', '.join(packages)))