X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fwgtpkg-digsig.c;h=d190d23258307ea70dbd463881c7c547f11a2d62;hb=7ea1070ee471141f58e9e4c03df5c95bbcef907d;hp=ed7835436c8ba9952cc74312a6519c4c486a3235;hpb=e2de563d1ecb4585ce68521bd42f3ef45ac79f16;p=src%2Fapp-framework-main.git

diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index ed78354..d190d23 100644
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -1,5 +1,7 @@
 /*
- Copyright 2015 IoT.bzh
+ Copyright (C) 2015-2020 IoT.bzh
+
+ author: José Bollo <jose.bollo@iot.bzh>
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -16,7 +18,6 @@
 
 
 #include <string.h>
-#include <syslog.h>
 #include <assert.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -28,7 +29,11 @@
 
 
 #include "verbose.h"
-#include "wgtpkg.h"
+#include "wgtpkg-files.h"
+#include "wgtpkg-workdir.h"
+#include "wgtpkg-certs.h"
+#include "wgtpkg-xmlsec.h"
+#include "wgtpkg-digsig.h"
 
 
 
@@ -303,7 +308,7 @@ int verify_digsig(struct filedesc *fdesc)
 	int res, fd;
 
 	assert ((fdesc->flags & flag_signature) != 0);
-	DEBUG("-- checking file %s",fdesc->name);
+	DEBUG("-- checking file %s", fdesc->name);
 
 	/* reset the flags */
 	file_clear_flags();
@@ -331,18 +336,32 @@ int verify_digsig(struct filedesc *fdesc)
 }
 
 /* check all the signature files */
-int check_all_signatures()
+int check_all_signatures(int allow_none)
 {
 	int rc, irc;
 	unsigned int i, n;
 	struct filedesc *fdesc;
 
 	n = signature_count();
+	if (n == 0) {
+		if (!allow_none) {
+			ERROR("no signature found");
+			return -1;
+		}
+		return 0;
+	}
+
+	rc = xmlsec_init();
+	if (rc < 0) {
+		ERROR("can't check signature");
+		return rc;
+	}
+
 	rc = 0;
-	for (i = n ; i-- > 0 ; ) {
-		fdesc = signature_of_index(i);
+	for (i = n ; i ; ) {
+		fdesc = signature_of_index(--i);
 		irc = verify_digsig(fdesc);
-		if (!irc)
+		if (irc < 0)
 			rc = irc;
 	}
 
@@ -352,11 +371,12 @@ int check_all_signatures()
 /* create a signature of 'index' (0 for author, other values for distributors)
 using the private 'key' (filename) and the certificates 'certs' (filenames)
 as trusted chain */
-int create_digsig(int index, const char *key, const char **certs)
+int create_digsig(unsigned int index, const char *key, const char **certs)
 {
 	struct filedesc *fdesc;
 	xmlDocPtr doc;
-	int rc, len, fd;
+	int rc, fd;
+	long len;
 	xmlSaveCtxtPtr ctx;
 
 	rc = -1;