X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=src%2Fwgtpkg-digsig.c;h=80428fa017a8e08d3b0f3e47359fb9643385984a;hb=7e1027342a3cff95635ba2107f283321cf0efa08;hp=284acd13f8704f8525d0aad4d41ad8f931afb29f;hpb=bf7b5918fcc07713a29b9ca32f766b65b15a4ec2;p=src%2Fapp-framework-main.git

diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index 284acd1..80428fa 100644
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -18,12 +18,16 @@
 #include <string.h>
 #include <syslog.h>
 #include <assert.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include <libxml/parser.h>
 #include <libxml/tree.h>
 #include <libxml/uri.h>
+#include <libxml/xmlsave.h>
 
 
+#include "verbose.h"
 #include "wgtpkg.h"
 
 
@@ -184,18 +188,37 @@ error:
 
 static int check_references(xmlNodePtr sinfo)
 {
+	unsigned int i, n, flags;
+	struct filedesc *f;
+	int result;
 	xmlNodePtr elem;
 
+	result = 0;
 	elem = sinfo->children;
 	while (elem != NULL) {
 		if (is_element(elem, "Reference"))
 			if (check_one_reference(elem))
-				return -1;
+				result = -1;
 		elem = elem->next;
 	}
-	return 0;
+
+	n = file_count();
+	i = 0;
+	while(i < n) {
+		f = file_of_index(i++);
+		if (f->type == type_file) {
+			flags = f->flags;
+			if (!(flags & (flag_signature | flag_referenced))) {
+				syslog(LOG_ERR, "file not referenced in signature", f->name);
+				result = -1;
+			}
+		}
+	}
+
+	return result;
 }
 
+
 static int get_certificates(xmlNodePtr kinfo)
 {
 	xmlNodePtr n1, n2;
@@ -277,7 +300,7 @@ error:
 /* verify the digital signature of the file described by 'fdesc' */
 int verify_digsig(struct filedesc *fdesc)
 {
-	int res;
+	int res, fd;
 
 	assert ((fdesc->flags & flag_signature) != 0);
 	debug("-- checking file %s",fdesc->name);
@@ -287,7 +310,13 @@ int verify_digsig(struct filedesc *fdesc)
 	clear_certificates();
 
 	/* reads and xml parses the signature file */
-	document = xmlReadFile(fdesc->name, NULL, 0);
+	fd = openat(workdirfd, fdesc->name, O_RDONLY);
+	if (fd < 0) {
+		syslog(LOG_ERR, "cant't open file %s", fdesc->name);
+		return -1;
+	}
+	document = xmlReadFd(fd, fdesc->name, NULL, 0);
+	close(fd);
 	if (document == NULL) {
 		syslog(LOG_ERR, "xml parse of file %s failed", fdesc->name);
 		return -1;
@@ -327,7 +356,8 @@ int create_digsig(int index, const char *key, const char **certs)
 {
 	struct filedesc *fdesc;
 	xmlDocPtr doc;
-	int rc, len;
+	int rc, len, fd;
+	xmlSaveCtxtPtr ctx;
 
 	rc = -1;
 
@@ -342,13 +372,27 @@ int create_digsig(int index, const char *key, const char **certs)
 		goto error2;
 
 	/* save the doc as file */
-	len = xmlSaveFormatFileEnc(fdesc->name, doc, NULL, 0);
+	fd = openat(workdirfd, fdesc->name, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+	if (fd < 0) {
+		syslog(LOG_ERR, "cant open %s for write", fdesc->name);
+		goto error2;
+	}
+	ctx = xmlSaveToFd(fd, NULL, XML_SAVE_FORMAT);
+	if (!ctx) {
+		syslog(LOG_ERR, "xmlSaveToFd failed for %s", fdesc->name);
+		goto error3;
+	}
+	len = xmlSaveDoc(ctx, doc);
 	if (len < 0) {
-		syslog(LOG_ERR, "xmlSaveFormatFileEnc to %s failed", fdesc->name);
+		syslog(LOG_ERR, "xmlSaveDoc to %s failed", fdesc->name);
 		goto error2;
 	}
 
 	rc = 0;
+error4:
+	xmlSaveClose(ctx);
+error3:
+	close(fd);
 error2:
 	xmlFreeDoc(doc);
 error: