From 7ea1070ee471141f58e9e4c03df5c95bbcef907d Mon Sep 17 00:00:00 2001 From: Jose Bollo Date: Wed, 11 Sep 2019 16:23:04 +0200 Subject: [PATCH] Refactor ALLOW_NO_SIGNATURE compile flag MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Fix a tiny bug and minor improvements Bug-AGL: SPEC-2840 Change-Id: I9b74a8fd604980615d5669219cb5de801de61163 Signed-off-by: José Bollo --- CMakeLists.txt | 4 +--- src/wgtpkg-digsig.c | 22 ++++++++++++++++------ src/wgtpkg-digsig.h | 3 --- src/wgtpkg-install.c | 9 +++++++-- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c1d80ce..191725a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -75,9 +75,7 @@ add_definitions( -DAFM_VERSION="${PROJECT_VERSION}" ) if(ALLOW_NO_SIGNATURE) - add_definitions(-DDEFAULT_ALLOW_NO_SIGNATURE=1) -else(ALLOW_NO_SIGNATURE) - add_definitions(-DDEFAULT_ALLOW_NO_SIGNATURE=0) + add_definitions(-DALLOW_NO_SIGNATURE=1) endif(ALLOW_NO_SIGNATURE) if(DISTINCT_VERSIONS) add_definitions(-DDISTINCT_VERSIONS=1) diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c index d8ec58e..d190d23 100644 --- a/src/wgtpkg-digsig.c +++ b/src/wgtpkg-digsig.c @@ -308,7 +308,7 @@ int verify_digsig(struct filedesc *fdesc) int res, fd; assert ((fdesc->flags & flag_signature) != 0); - DEBUG("-- checking file %s",fdesc->name); + DEBUG("-- checking file %s", fdesc->name); /* reset the flags */ file_clear_flags(); @@ -343,13 +343,23 @@ int check_all_signatures(int allow_none) struct filedesc *fdesc; n = signature_count(); - if (n == 0 && !allow_none) { - ERROR("no signature found"); - return -1; + if (n == 0) { + if (!allow_none) { + ERROR("no signature found"); + return -1; + } + return 0; } + + rc = xmlsec_init(); + if (rc < 0) { + ERROR("can't check signature"); + return rc; + } + rc = 0; - for (i = n ; i-- > 0 ; ) { - fdesc = signature_of_index(i); + for (i = n ; i ; ) { + fdesc = signature_of_index(--i); irc = verify_digsig(fdesc); if (irc < 0) rc = irc; diff --git a/src/wgtpkg-digsig.h b/src/wgtpkg-digsig.h index 8c105d6..defcfa1 100644 --- a/src/wgtpkg-digsig.h +++ b/src/wgtpkg-digsig.h @@ -26,6 +26,3 @@ extern int create_digsig(unsigned int index, const char *key, const char **certs /* check the signatures of the current directory */ extern int check_all_signatures(int allow_none); -#if !defined(DEFAULT_ALLOW_NO_SIGNATURE) -#define DEFAULT_ALLOW_NO_SIGNATURE 0 -#endif diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index 386d70b..c7de1f8 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -567,7 +567,7 @@ struct wgt_info *install_widget(const char *wgtfile, const char *root, int force struct wgt_info *ifo; const struct wgt_desc *desc; char installdir[PATH_MAX]; - int err; + int err, rc; struct unitconf uconf; NOTICE("-- INSTALLING widget %s to %s --", wgtfile, root); @@ -582,7 +582,12 @@ struct wgt_info *install_widget(const char *wgtfile, const char *root, int force if (zread(wgtfile, 0)) goto error2; - if (check_all_signatures(DEFAULT_ALLOW_NO_SIGNATURE)) +#if defined(ALLOW_NO_SIGNATURE) + rc = check_all_signatures(1); +#else + rc = check_all_signatures(0); +#endif + if (rc) goto error2; ifo = wgt_info_createat(workdirfd, NULL, 1, 1, 1); -- 2.16.6