Fix: isu-generator: Check whether the public key actually exists

Before using the PUBKEY variable, check whether the public key
actually exists or not.

Change-Id: Icc561e283c4326e39e1f36bf2f50cda7ec09b846
(cherry picked from commit fa33dd18e55387ff69aa580284cb1cefc233a3ce)

diff --git a/src/systemd_generator/isu-generator b/src/systemd_generator/isu-generator
index 8d69fc2..5cb8874 100755 (executable)
--- a/src/systemd_generator/isu-generator
+++ b/src/systemd_generator/isu-generator
@@ -136,7 +136,8 @@ isu_prepare_system()
        # verify signature and checksum before considering ISU package for application on the system
        cksum_sign_path="$isu_pkg_dir/checksum.sha256.sign"
        cksum_path="${cksum_sign_path%.sign}"
-       if [ "$PUBKEY" ]; then
+
+       if [ "$PUBKEY" -a -r "$PUBKEY" ]; then
                if ! openssl dgst -sha256 -verify "$PUBKEY" -signature "$cksum_sign_path" "$cksum_path"; then
                        log "Public key verification failed for $cksum_path"
                        return 1
@@ -193,11 +194,6 @@ isu_prepare()
 
 # Entry point
 
-if [ "$PUBKEY" -a ! -r "$PUBKEY" ]; then
-       echo "Public key specified but not readable: $PUBKEY"
-       exit 1
-fi
-
 if [ -z "$1" ]; then
        echo "Please specify unitdir(s) as decribed in systemd.generator (1 or 3 arguments)"
        exit 1