Code Review
/
src
/
app-framework-main.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Refactor ALLOW_NO_SIGNATURE compile flag
[src/app-framework-main.git]
/
src
/
wgtpkg-digsig.c
diff --git
a/src/wgtpkg-digsig.c
b/src/wgtpkg-digsig.c
index
e5a8d74
..
d190d23
100644
(file)
--- a/
src/wgtpkg-digsig.c
+++ b/
src/wgtpkg-digsig.c
@@
-1,5
+1,5
@@
/*
/*
- Copyright
2015
IoT.bzh
+ Copyright
(C) 2015-2020
IoT.bzh
author: José Bollo <jose.bollo@iot.bzh>
author: José Bollo <jose.bollo@iot.bzh>
@@
-29,7
+29,11
@@
#include "verbose.h"
#include "verbose.h"
-#include "wgtpkg.h"
+#include "wgtpkg-files.h"
+#include "wgtpkg-workdir.h"
+#include "wgtpkg-certs.h"
+#include "wgtpkg-xmlsec.h"
+#include "wgtpkg-digsig.h"
@@
-304,7
+308,7
@@
int verify_digsig(struct filedesc *fdesc)
int res, fd;
assert ((fdesc->flags & flag_signature) != 0);
int res, fd;
assert ((fdesc->flags & flag_signature) != 0);
- DEBUG("-- checking file %s",fdesc->name);
+ DEBUG("-- checking file %s",
fdesc->name);
/* reset the flags */
file_clear_flags();
/* reset the flags */
file_clear_flags();
@@
-332,18
+336,32
@@
int verify_digsig(struct filedesc *fdesc)
}
/* check all the signature files */
}
/* check all the signature files */
-int check_all_signatures()
+int check_all_signatures(
int allow_none
)
{
int rc, irc;
unsigned int i, n;
struct filedesc *fdesc;
n = signature_count();
{
int rc, irc;
unsigned int i, n;
struct filedesc *fdesc;
n = signature_count();
+ if (n == 0) {
+ if (!allow_none) {
+ ERROR("no signature found");
+ return -1;
+ }
+ return 0;
+ }
+
+ rc = xmlsec_init();
+ if (rc < 0) {
+ ERROR("can't check signature");
+ return rc;
+ }
+
rc = 0;
rc = 0;
- for (i = n ; i
-- > 0
; ) {
- fdesc = signature_of_index(i);
+ for (i = n ; i ; ) {
+ fdesc = signature_of_index(
--
i);
irc = verify_digsig(fdesc);
irc = verify_digsig(fdesc);
- if (
!irc
)
+ if (
irc < 0
)
rc = irc;
}
rc = irc;
}
@@
-353,11
+371,12
@@
int check_all_signatures()
/* create a signature of 'index' (0 for author, other values for distributors)
using the private 'key' (filename) and the certificates 'certs' (filenames)
as trusted chain */
/* create a signature of 'index' (0 for author, other values for distributors)
using the private 'key' (filename) and the certificates 'certs' (filenames)
as trusted chain */
-int create_digsig(int index, const char *key, const char **certs)
+int create_digsig(
unsigned
int index, const char *key, const char **certs)
{
struct filedesc *fdesc;
xmlDocPtr doc;
{
struct filedesc *fdesc;
xmlDocPtr doc;
- int rc, len, fd;
+ int rc, fd;
+ long len;
xmlSaveCtxtPtr ctx;
rc = -1;
xmlSaveCtxtPtr ctx;
rc = -1;