ValidationCore::SignatureValidator validator(file_info);
ValidationCore::SignatureData data;
- ValidationCore::VCerr result = validator.check(
- base_path.string(), // app content path for checking hash of file ref.
- true, // ocsp check flag
- check_reference, // file reference hash check flag
- data); // output signature data
+ ValidationCore::VCerr result;
+ if (check_reference) {
+ result = validator.check(base_path.string(), true, true, data);
+ } else {
+ result = validator.checkList(true, ValidationCore::UriList(), data);
+ }
std::string errnum = boost::str(boost::format("%d") % result);
*error_message = validator.errorToString(result);
Step::Status StepCheckSignature::process() {
PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
bool check_reference = true;
- if (getuid() == 0 &&
+ if (context_->request_type.get() == ci::RequestType::Reinstall ||
+ (getuid() == 0 &&
(context_->request_type.get() == ci::RequestType::ManifestDirectInstall ||
- context_->request_type.get() == ci::RequestType::ManifestDirectUpdate))
+ context_->request_type.get() == ci::RequestType::ManifestDirectUpdate)))
check_reference = false;
bool is_preload = context_->is_preload_request.get();
Status status = CheckSignatures(check_reference, is_preload, &level);
strdup(common::privileges::kPrivForPlatform));
break;
default:
- // At this stage we should have defined privilege level and
- // untrusted packages are not accepted anymore.
- // TODO(t.iwanek): report error here when reinstall tpk mode is fixed
- context_->manifest_data.get()->privileges =
- g_list_append(context_->manifest_data.get()->privileges,
- strdup(common::privileges::kPrivForPublic));
- break;
+ LOG(ERROR) << "Untrusted package are not suppored anymore";
+ return Status::PRIVILEGE_ERROR;
}
if (!ret) {
LOG(ERROR) << "Error during adding default privileges for certificates.";