Refactor ALLOW_NO_SIGNATURE compile flag

[src/app-framework-main.git] / src / wgtpkg-digsig.c

diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index 4460bf2..d190d23 100644 (file)
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -1,5 +1,5 @@
 /*
- Copyright (C) 2015-2018 IoT.bzh
+ Copyright (C) 2015-2020 IoT.bzh
 
  author: José Bollo <jose.bollo@iot.bzh>
 
@@ -308,7 +308,7 @@ int verify_digsig(struct filedesc *fdesc)
        int res, fd;
 
        assert ((fdesc->flags & flag_signature) != 0);
-       DEBUG("-- checking file %s",fdesc->name);
+       DEBUG("-- checking file %s", fdesc->name);
 
        /* reset the flags */
        file_clear_flags();
@@ -336,18 +336,32 @@ int verify_digsig(struct filedesc *fdesc)
 }
 
 /* check all the signature files */
-int check_all_signatures()
+int check_all_signatures(int allow_none)
 {
        int rc, irc;
        unsigned int i, n;
        struct filedesc *fdesc;
 
        n = signature_count();
+       if (n == 0) {
+               if (!allow_none) {
+                       ERROR("no signature found");
+                       return -1;
+               }
+               return 0;
+       }
+
+       rc = xmlsec_init();
+       if (rc < 0) {
+               ERROR("can't check signature");
+               return rc;
+       }
+
        rc = 0;
-       for (i = n ; i-- > 0 ; ) {
-               fdesc = signature_of_index(i);
+       for (i = n ; i ; ) {
+               fdesc = signature_of_index(--i);
                irc = verify_digsig(fdesc);
-               if (!irc)
+               if (irc < 0)
                        rc = irc;
        }