summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJose Bollo <jose.bollo@iot.bzh>2019-09-11 16:23:04 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2020-02-28 12:19:24 +0100
commit7ea1070ee471141f58e9e4c03df5c95bbcef907d (patch)
tree0a1478a93095286e4e8a637196956061a9201161
parent0083ad3751cd2b088b5c5d0dea727671ea2a3cca (diff)
Refactor ALLOW_NO_SIGNATURE compile flag
Fix a tiny bug and minor improvements Bug-AGL: SPEC-2840 Change-Id: I9b74a8fd604980615d5669219cb5de801de61163 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--CMakeLists.txt4
-rw-r--r--src/wgtpkg-digsig.c22
-rw-r--r--src/wgtpkg-digsig.h3
-rw-r--r--src/wgtpkg-install.c9
4 files changed, 24 insertions, 14 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c1d80ce..191725a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -75,9 +75,7 @@ add_definitions(
-DAFM_VERSION="${PROJECT_VERSION}"
)
if(ALLOW_NO_SIGNATURE)
- add_definitions(-DDEFAULT_ALLOW_NO_SIGNATURE=1)
-else(ALLOW_NO_SIGNATURE)
- add_definitions(-DDEFAULT_ALLOW_NO_SIGNATURE=0)
+ add_definitions(-DALLOW_NO_SIGNATURE=1)
endif(ALLOW_NO_SIGNATURE)
if(DISTINCT_VERSIONS)
add_definitions(-DDISTINCT_VERSIONS=1)
diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index d8ec58e..d190d23 100644
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -308,7 +308,7 @@ int verify_digsig(struct filedesc *fdesc)
int res, fd;
assert ((fdesc->flags & flag_signature) != 0);
- DEBUG("-- checking file %s",fdesc->name);
+ DEBUG("-- checking file %s", fdesc->name);
/* reset the flags */
file_clear_flags();
@@ -343,13 +343,23 @@ int check_all_signatures(int allow_none)
struct filedesc *fdesc;
n = signature_count();
- if (n == 0 && !allow_none) {
- ERROR("no signature found");
- return -1;
+ if (n == 0) {
+ if (!allow_none) {
+ ERROR("no signature found");
+ return -1;
+ }
+ return 0;
}
+
+ rc = xmlsec_init();
+ if (rc < 0) {
+ ERROR("can't check signature");
+ return rc;
+ }
+
rc = 0;
- for (i = n ; i-- > 0 ; ) {
- fdesc = signature_of_index(i);
+ for (i = n ; i ; ) {
+ fdesc = signature_of_index(--i);
irc = verify_digsig(fdesc);
if (irc < 0)
rc = irc;
diff --git a/src/wgtpkg-digsig.h b/src/wgtpkg-digsig.h
index 8c105d6..defcfa1 100644
--- a/src/wgtpkg-digsig.h
+++ b/src/wgtpkg-digsig.h
@@ -26,6 +26,3 @@ extern int create_digsig(unsigned int index, const char *key, const char **certs
/* check the signatures of the current directory */
extern int check_all_signatures(int allow_none);
-#if !defined(DEFAULT_ALLOW_NO_SIGNATURE)
-#define DEFAULT_ALLOW_NO_SIGNATURE 0
-#endif
diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index 386d70b..c7de1f8 100644
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -567,7 +567,7 @@ struct wgt_info *install_widget(const char *wgtfile, const char *root, int force
struct wgt_info *ifo;
const struct wgt_desc *desc;
char installdir[PATH_MAX];
- int err;
+ int err, rc;
struct unitconf uconf;
NOTICE("-- INSTALLING widget %s to %s --", wgtfile, root);
@@ -582,7 +582,12 @@ struct wgt_info *install_widget(const char *wgtfile, const char *root, int force
if (zread(wgtfile, 0))
goto error2;
- if (check_all_signatures(DEFAULT_ALLOW_NO_SIGNATURE))
+#if defined(ALLOW_NO_SIGNATURE)
+ rc = check_all_signatures(1);
+#else
+ rc = check_all_signatures(0);
+#endif
+ if (rc)
goto error2;
ifo = wgt_info_createat(workdirfd, NULL, 1, 1, 1);