step/step_backup_icons.cc
step/step_backup_manifest.cc
step/step_unzip.cc
+ step/step_check_old_certificate.cc
step/step_check_signature.cc
step/step_configure.cc
step/step_copy.cc
--- /dev/null
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "common/step/step_check_old_certificate.h"
+
+#include <pkgmgr-info.h>
+#include <unistd.h>
+
+#include <cstdlib>
+#include <string>
+
+#include "common/utils/logging.h"
+
+namespace {
+
+std::string QueryOldCertificateAuthorCertificate(const std::string& pkgid) {
+ pkgmgrinfo_certinfo_h handle;
+ int ret = pkgmgrinfo_pkginfo_create_certinfo(&handle);
+ if (ret != PMINFO_R_OK) {
+ LOG(ERROR) << "pkgmgrinfo_pkginfo_create_certinfo failed with error: "
+ << ret;
+ return {};
+ }
+ ret = pkgmgrinfo_pkginfo_load_certinfo(pkgid.c_str(), handle, getuid());
+ if (ret != PMINFO_R_OK) {
+ LOG(ERROR) << "pkgmgrinfo_pkginfo_load_certinfo failed with error: " << ret;
+ pkgmgrinfo_pkginfo_destroy_certinfo(handle);
+ return {};
+ }
+ const char* author_cert = nullptr;
+ ret = pkgmgrinfo_pkginfo_get_cert_value(handle, PMINFO_AUTHOR_SIGNER_CERT,
+ &author_cert);
+ if (ret != PMINFO_R_OK) {
+ LOG(ERROR) << "pkgmgrinfo_pkginfo_get_cert_value failed with error: "
+ << ret;
+ pkgmgrinfo_pkginfo_destroy_certinfo(handle);
+ return {};
+ }
+ std::string old_author_certificate;
+ if (author_cert)
+ old_author_certificate = author_cert;
+ pkgmgrinfo_pkginfo_destroy_certinfo(handle);
+ return old_author_certificate;
+}
+
+} // namespace
+
+namespace common_installer {
+namespace old_certificate {
+
+Step::Status StepCheckOldCertificate::process() {
+ std::string old_author_certificate =
+ QueryOldCertificateAuthorCertificate(context_->pkgid.get());
+ if (old_author_certificate.empty())
+ return Status::OK;
+
+ const auto& cert = context_->certificate_info.get().author_certificate.get();
+ if (!cert) {
+ LOG(ERROR) << "Trying to update package without signature is not allowed "
+ << "when the previous version of package has signature";
+ return Status::ERROR;
+ }
+ if (old_author_certificate != cert->getBase64()) {
+ LOG(ERROR) << "Author signature doesn't match the previous one. "
+ << "Update must be aborted";
+ return Status::ERROR;
+ }
+
+ return Status::OK;
+}
+
+} // namespace old_certificate
+} // namespace common_installer
--- /dev/null
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
+#define COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
+
+#include "common/context_installer.h"
+#include "common/step/step.h"
+#include "common/utils/logging.h"
+
+namespace common_installer {
+namespace old_certificate {
+
+class StepCheckOldCertificate : public Step {
+ public:
+ using Step::Step;
+
+ Status process() override;
+ Status undo() override { return Status::OK; }
+ Status clean() override { return Status::OK; }
+ Status precheck() override { return Status::OK; }
+
+ SCOPE_LOG_TAG(CheckOldCertificate)
+};
+
+} // namespace old_certificate
+} // namespace common_installer
+
+#endif // COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
context_->manifest_data.get()->privileges))
return Status::ERROR;
- // TODO(t.iwanek): check old certificate during update...
-
LOG(INFO) << "Signature done";
return Status::OK;
}
#ifdef HOSTTEST
#include "test/mock_pkgmgr_installer.h"
#else
-#include "common/pkgmgr_interface.h"
#include "common/app_installer.h"
+#include "common/pkgmgr_interface.h"
#include "common/step/step_configure.h"
#include "common/step/step_backup_icons.h"
#include "common/step/step_backup_manifest.h"
#include "common/step/step_unzip.h"
#include "common/step/step_update_app.h"
#include "common/step/step_update_security.h"
+#include "common/step/step_check_old_certificate.h"
+#include "common/utils/logging.h"
+
#include "tpk/step/step_parse.h"
#include "tpk/step/step_create_symbolic_link.h"
-#include "common/utils/logging.h"
#endif
-
namespace ci = common_installer;
namespace {
ai.AddStep<ci::unzip::StepUnzip>();
ai.AddStep<tpk::step::StepParse>();
ai.AddStep<ci::signature::StepCheckSignature>();
+ ai.AddStep<ci::old_certificate::StepCheckOldCertificate>();
ai.AddStep<ci::old_manifest::StepOldManifest>();
ai.AddStep<ci::backup_manifest::StepBackupManifest>();
ai.AddStep<ci::backup_icons::StepBackupIcons>();
#include "common/step/step_unzip.h"
#include "common/step/step_update_app.h"
#include "common/step/step_update_security.h"
+#include "common/step/step_check_old_certificate.h"
#include "wgt/step/step_create_symbolic_link.h"
#include "wgt/step/step_check_settings_level.h"
installer.AddStep<wgt::parse::StepParse>();
installer.AddStep<ci::signature::StepCheckSignature>();
installer.AddStep<wgt::check_settings::StepCheckSettingsLevel>();
+ installer.AddStep<ci::old_certificate::StepCheckOldCertificate>();
installer.AddStep<ci::old_manifest::StepOldManifest>();
installer.AddStep<ci::backup_manifest::StepBackupManifest>();
installer.AddStep<ci::backup_icons::StepBackupIcons>();