Refactor ALLOW_NO_SIGNATURE compile flag

Fix a tiny bug and minor improvements

Bug-AGL: SPEC-2840

Change-Id: I9b74a8fd604980615d5669219cb5de801de61163
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c1d80ce..191725a 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -75,9 +75,7 @@ add_definitions(
        -DAFM_VERSION="${PROJECT_VERSION}"
 )
 if(ALLOW_NO_SIGNATURE)
-       add_definitions(-DDEFAULT_ALLOW_NO_SIGNATURE=1)
-else(ALLOW_NO_SIGNATURE)
-       add_definitions(-DDEFAULT_ALLOW_NO_SIGNATURE=0)
+       add_definitions(-DALLOW_NO_SIGNATURE=1)
 endif(ALLOW_NO_SIGNATURE)
 if(DISTINCT_VERSIONS)
        add_definitions(-DDISTINCT_VERSIONS=1)

diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index d8ec58e..d190d23 100644 (file)
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -308,7 +308,7 @@ int verify_digsig(struct filedesc *fdesc)
        int res, fd;
 
        assert ((fdesc->flags & flag_signature) != 0);
-       DEBUG("-- checking file %s",fdesc->name);
+       DEBUG("-- checking file %s", fdesc->name);
 
        /* reset the flags */
        file_clear_flags();
@@ -343,13 +343,23 @@ int check_all_signatures(int allow_none)
        struct filedesc *fdesc;
 
        n = signature_count();
-       if (n == 0 && !allow_none) {
-               ERROR("no signature found");
-               return -1;
+       if (n == 0) {
+               if (!allow_none) {
+                       ERROR("no signature found");
+                       return -1;
+               }
+               return 0;
        }
+
+       rc = xmlsec_init();
+       if (rc < 0) {
+               ERROR("can't check signature");
+               return rc;
+       }
+
        rc = 0;
-       for (i = n ; i-- > 0 ; ) {
-               fdesc = signature_of_index(i);
+       for (i = n ; i ; ) {
+               fdesc = signature_of_index(--i);
                irc = verify_digsig(fdesc);
                if (irc < 0)
                        rc = irc;

diff --git a/src/wgtpkg-digsig.h b/src/wgtpkg-digsig.h
index 8c105d6..defcfa1 100644 (file)
--- a/src/wgtpkg-digsig.h
+++ b/src/wgtpkg-digsig.h
@@ -26,6 +26,3 @@ extern int create_digsig(unsigned int index, const char *key, const char **certs
 /* check the signatures of the current directory */
 extern int check_all_signatures(int allow_none);
 
-#if !defined(DEFAULT_ALLOW_NO_SIGNATURE)
-#define DEFAULT_ALLOW_NO_SIGNATURE 0
-#endif

diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index 386d70b..c7de1f8 100644 (file)
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -567,7 +567,7 @@ struct wgt_info *install_widget(const char *wgtfile, const char *root, int force
        struct wgt_info *ifo;
        const struct wgt_desc *desc;
        char installdir[PATH_MAX];
-       int err;
+       int err, rc;
        struct unitconf uconf;
 
        NOTICE("-- INSTALLING widget %s to %s --", wgtfile, root);
@@ -582,7 +582,12 @@ struct wgt_info *install_widget(const char *wgtfile, const char *root, int force
        if (zread(wgtfile, 0))
                goto error2;
 
-       if (check_all_signatures(DEFAULT_ALLOW_NO_SIGNATURE))
+#if defined(ALLOW_NO_SIGNATURE)
+       rc = check_all_signatures(1);
+#else
+       rc = check_all_signatures(0);
+#endif
+       if (rc)
                goto error2;
 
        ifo = wgt_info_createat(workdirfd, NULL, 1, 1, 1);