Mercurial Mercurial > upstream > oracle > pkg-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/modules/client/image.py
changeset 2331 cc898866d552
parent 2330 9451b3f28f4c
child 2335 33734ca16f74 
--- a/src/modules/client/image.py	Thu May 05 11:21:34 2011 -0700
+++ b/src/modules/client/image.py	Thu May 05 11:56:47 2011 -0700
@@ -1953,13 +1953,16 @@
                         sig_pol = self.signature_policy.combine(
                             pub.signature_policy)
 
-                manf = self.get_manifest(fmri)
+                manf = self.get_manifest(fmri, all_variants=True)
                 sigs = list(manf.gen_actions_by_type("signature",
                     self.list_excludes()))
                 if sig_pol and (sigs or sig_pol.name != "ignore"):
                         # Only perform signature verification logic if there are
                         # signatures or if signature-policy is not 'ignore'.
                         try:
+                                # Signature verification must be done using all
+                                # the actions from the manifest, not just the
+                                # ones for this image's variants.
                                 sig_pol.process_signatures(sigs,
                                     manf.gen_actions(), pub, self.trust_anchors)
                         except apx.SigningException, e:
upstream/oracle/pkg-gate