1111RPM_DIR = "workstation"
1212
1313
14- def verify_sig_rpm (path ):
14+ def check_unsigned_rpm (path ):
15+ subprocess .check_call (["rpm" , "--delsign" , path ])
16+ subprocess .check_call (["sha256sum" , path ])
17+
18+
19+ def check_unsigned_all_rpms ():
20+ for root , dirs , files in os .walk (RPM_DIR ):
21+ for name in files :
22+ check_unsigned_rpm (os .path .join (root , name ))
23+
1524
25+ def verify_sig_rpm (path ):
1626 for key_path in [PROD_SIGNING_KEY_PATH , PROD_SIGNING_KEY_PATH_LEGACY ]:
1727 try :
1828 subprocess .check_call (["rpmkeys" , "--import" , key_path ])
@@ -63,6 +73,7 @@ def fail(msg):
6373
6474def main ():
6575 parser = argparse .ArgumentParser (description = __doc__ )
76+ parser .add_argument ("--check-unsigned" , action = "store_true" , default = False )
6677 parser .add_argument ("--verify" , action = "store_true" , default = True )
6778 parser .add_argument ("--all" , action = "store_true" , default = False )
6879 parser .add_argument ("packages" , type = str , nargs = "*" , help = "Files to sign/verify" )
@@ -74,7 +85,16 @@ def main():
7485 # Since we can't specify with which key to check sigs, we should clear the keyring
7586 remove_keys_in_rpm_keyring ()
7687
77- if args .verify :
88+ if args .check_unsigned :
89+ output = subprocess .check_call (["rpm" , "--version" ])
90+ if args .all :
91+ check_unsigned_all_rpms ()
92+ else :
93+ for package in args .packages :
94+ assert os .path .exists (package )
95+ check_unsigned_rpm (package )
96+
97+ elif args .verify :
7898 if args .all :
7999 verify_all_rpms ()
80100 else :
0 commit comments