From 630d3fb1249d69e7578e528808a8bf9219356af5 Mon Sep 17 00:00:00 2001
From: Fabian Arrotin <arrfab@centos.org>
Date: Mar 27 2021 15:07:49 +0000
Subject: Bumped to centos-cert with CA verify step


Signed-off-by: Fabian Arrotin <arrfab@centos.org>

---

diff --git a/SOURCES/centos-cert b/SOURCES/centos-cert
index e0fc0df..9dc37a7 100644
--- a/SOURCES/centos-cert
+++ b/SOURCES/centos-cert
@@ -31,7 +31,20 @@ function f_log() {
 function verify_cert() {
   echo ""
   f_log "Verifying if TLS cert is still valid ..."
+  if [ ! -e ~/.centos-server-ca.cert ] ; then
+    f_log "[ERROR] No CA cert found to validate your TLS cert"
+    f_log "Please retrieve it first with [$0 -u]"
+    exit 1
+  fi
   if [ -e ~/.centos.cert ] ; then
+    f_log "Validating TLS cert against ~/.centos-server-ca.cert ..."
+    openssl verify -CAfile ~/.centos-server-ca.cert ~/.centos.cert
+    if [ "$?" -ne "0" ] ; then
+      f_log "[ERROR] your TLS cert is not signed by correct CA"
+      exit 1
+    else
+      f_log "[SUCCESS] ~/.centos.cert TLS cert verified by ~/.centos-server-ca.cert CA crt"   
+    fi
     end_date=$(openssl x509 -in ~/.centos.cert -noout -text|sed -n 's/ *Not After : *//p')
     end_date_seconds=$(date '+%s' --date "$end_date")
     now_seconds=$(date '+%s')
@@ -73,6 +86,8 @@ function get_cert(){
     f_log "Concatenating cert to ~/.centos.cert"
     cat ~/.centos-${fasjson_user}.key ~/.centos-${fasjson_user}.crt > ~/.centos.cert
   fi
+  f_log "Downloading correct CA cert .."
+  curl --fail --silent ${ca_url} > ~/.centos-server-ca.cert CA crt
   echo ""
 }
 
@@ -108,6 +123,11 @@ done
 fasjson_user=${opt_user:-$USER}
 fasjson_realm=${opt_realm:-FEDORAPROJECT.ORG}
 fasjson_url=${opt_fasjson_url:-https://fasjson.fedoraproject.org}
+if [[ "$fasjson_url" =~ "fasjson.stg*" ]] ; then
+  ca_url="https://id.stg.fedoraproject.org/ipa/config/ca.crt"
+else
+  ca_url="https://id.fedoraproject.org/ipa/config/ca.crt"
+fi
 
 
 # Now the real work and calling functions
diff --git a/SPECS/centos-packager.spec b/SPECS/centos-packager.spec
index 46f6b4b..9aed19b 100644
--- a/SPECS/centos-packager.spec
+++ b/SPECS/centos-packager.spec
@@ -1,7 +1,7 @@
 
 Name:           centos-packager
 Version:        0.7.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Tools and files necessary for building CentOS packages
 Group:          Applications/Productivity
 
@@ -37,7 +37,7 @@ cp %{SOURCE1} .
 %{__install} -m 0644 %{SOURCE0} %{buildroot}/etc/koji.conf.d/cbs-koji.conf
 
 %{__mkdir_p} %{buildroot}/%{_bindir}
-%{__install} -m 0755 %{SOURCE3} %{buildroot}%{_bindir}/cbs
+ln -sf %{_bindir}/koji %{buildroot}%{_bindir}/cbs
 
 %{__install} -m 0755 %{SOURCE2} %{buildroot}%{_bindir}/centos-cert
 
@@ -48,6 +48,9 @@ cp %{SOURCE1} .
 %{_bindir}/centos-cert
 
 %changelog
+* Sat Mar 27 2021	Fabian Arrotin <fabian.arrotin@arrfab.net> - 0.7.0-2
+- Bumped centos-cert for additional verification with CA 
+
 * Mon Feb 1	2021 Fabian Arrotin <fabian.arrotin@arrfab.net> - 0.7.0-2
 - Fixed the cbs call for correct profile