work in progress

[src/app-framework-main.git] / src / wgtpkg-digsig.c

diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index 284acd1..80428fa 100644 (file)
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -18,12 +18,16 @@
 #include <string.h>
 #include <syslog.h>
 #include <assert.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include <libxml/parser.h>
 #include <libxml/tree.h>
 #include <libxml/uri.h>
+#include <libxml/xmlsave.h>
 
 
+#include "verbose.h"
 #include "wgtpkg.h"
 
 
@@ -184,18 +188,37 @@ error:
 
 static int check_references(xmlNodePtr sinfo)
 {
+       unsigned int i, n, flags;
+       struct filedesc *f;
+       int result;
        xmlNodePtr elem;
 
+       result = 0;
        elem = sinfo->children;
        while (elem != NULL) {
                if (is_element(elem, "Reference"))
                        if (check_one_reference(elem))
-                               return -1;
+                               result = -1;
                elem = elem->next;
        }
-       return 0;
+
+       n = file_count();
+       i = 0;
+       while(i < n) {
+               f = file_of_index(i++);
+               if (f->type == type_file) {
+                       flags = f->flags;
+                       if (!(flags & (flag_signature | flag_referenced))) {
+                               syslog(LOG_ERR, "file not referenced in signature", f->name);
+                               result = -1;
+                       }
+               }
+       }
+
+       return result;
 }
 
+
 static int get_certificates(xmlNodePtr kinfo)
 {
        xmlNodePtr n1, n2;
@@ -277,7 +300,7 @@ error:
 /* verify the digital signature of the file described by 'fdesc' */
 int verify_digsig(struct filedesc *fdesc)
 {
-       int res;
+       int res, fd;
 
        assert ((fdesc->flags & flag_signature) != 0);
        debug("-- checking file %s",fdesc->name);
@@ -287,7 +310,13 @@ int verify_digsig(struct filedesc *fdesc)
        clear_certificates();
 
        /* reads and xml parses the signature file */
-       document = xmlReadFile(fdesc->name, NULL, 0);
+       fd = openat(workdirfd, fdesc->name, O_RDONLY);
+       if (fd < 0) {
+               syslog(LOG_ERR, "cant't open file %s", fdesc->name);
+               return -1;
+       }
+       document = xmlReadFd(fd, fdesc->name, NULL, 0);
+       close(fd);
        if (document == NULL) {
                syslog(LOG_ERR, "xml parse of file %s failed", fdesc->name);
                return -1;
@@ -327,7 +356,8 @@ int create_digsig(int index, const char *key, const char **certs)
 {
        struct filedesc *fdesc;
        xmlDocPtr doc;
-       int rc, len;
+       int rc, len, fd;
+       xmlSaveCtxtPtr ctx;
 
        rc = -1;
 
@@ -342,13 +372,27 @@ int create_digsig(int index, const char *key, const char **certs)
                goto error2;
 
        /* save the doc as file */
-       len = xmlSaveFormatFileEnc(fdesc->name, doc, NULL, 0);
+       fd = openat(workdirfd, fdesc->name, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+       if (fd < 0) {
+               syslog(LOG_ERR, "cant open %s for write", fdesc->name);
+               goto error2;
+       }
+       ctx = xmlSaveToFd(fd, NULL, XML_SAVE_FORMAT);
+       if (!ctx) {
+               syslog(LOG_ERR, "xmlSaveToFd failed for %s", fdesc->name);
+               goto error3;
+       }
+       len = xmlSaveDoc(ctx, doc);
        if (len < 0) {
-               syslog(LOG_ERR, "xmlSaveFormatFileEnc to %s failed", fdesc->name);
+               syslog(LOG_ERR, "xmlSaveDoc to %s failed", fdesc->name);
                goto error2;
        }
 
        rc = 0;
+error4:
+       xmlSaveClose(ctx);
+error3:
+       close(fd);
 error2:
        xmlFreeDoc(doc);
 error: