From d95590bc015da0a8112aa2731d3d42d971e14d12 Mon Sep 17 00:00:00 2001
From: Pawel Sikorski
Date: Tue, 30 Jun 2015 03:27:21 -0700
Subject: [PATCH] There is some problem with retrieving certificate during the
update. It will be analysed.
Revert "Author signature match check during update installation"
This reverts commit cc61057fe2021f10fa0408dbb048f7d0f6c1ea92.
Change-Id: Ic9c3aeb64a08c20cfd6edc6307c91a5c1575baba
---
src/common/CMakeLists.txt | 1 -
src/common/step/step_check_old_certificate.cc | 74 ---------------------------
src/common/step/step_check_old_certificate.h | 30 -----------
src/common/step/step_check_signature.cc | 2 +
src/tpk/task.cc | 8 ++-
src/wgt/wgt_backend.cc | 2 -
6 files changed, 5 insertions(+), 112 deletions(-)
delete mode 100644 src/common/step/step_check_old_certificate.cc
delete mode 100644 src/common/step/step_check_old_certificate.h
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index 9baeff3..cbbf1dd 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -9,7 +9,6 @@ SET(SRCS
step/step_backup_icons.cc
step/step_backup_manifest.cc
step/step_unzip.cc
- step/step_check_old_certificate.cc
step/step_check_signature.cc
step/step_configure.cc
step/step_copy.cc
diff --git a/src/common/step/step_check_old_certificate.cc b/src/common/step/step_check_old_certificate.cc
deleted file mode 100644
index 2d2fc6e..0000000
--- a/src/common/step/step_check_old_certificate.cc
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-// Use of this source code is governed by a apache 2.0 license that can be
-// found in the LICENSE file.
-
-#include "common/step/step_check_old_certificate.h"
-
-#include
-#include
-
-#include
-#include
-
-#include "common/utils/logging.h"
-
-namespace {
-
-std::string QueryOldCertificateAuthorCertificate(const std::string& pkgid) {
- pkgmgrinfo_certinfo_h handle;
- int ret = pkgmgrinfo_pkginfo_create_certinfo(&handle);
- if (ret != PMINFO_R_OK) {
- LOG(ERROR) << "pkgmgrinfo_pkginfo_create_certinfo failed with error: "
- << ret;
- return {};
- }
- ret = pkgmgrinfo_pkginfo_load_certinfo(pkgid.c_str(), handle, getuid());
- if (ret != PMINFO_R_OK) {
- LOG(ERROR) << "pkgmgrinfo_pkginfo_load_certinfo failed with error: " << ret;
- pkgmgrinfo_pkginfo_destroy_certinfo(handle);
- return {};
- }
- const char* author_cert = nullptr;
- ret = pkgmgrinfo_pkginfo_get_cert_value(handle, PMINFO_AUTHOR_SIGNER_CERT,
- &author_cert);
- if (ret != PMINFO_R_OK) {
- LOG(ERROR) << "pkgmgrinfo_pkginfo_get_cert_value failed with error: "
- << ret;
- pkgmgrinfo_pkginfo_destroy_certinfo(handle);
- return {};
- }
- std::string old_author_certificate;
- if (author_cert)
- old_author_certificate = author_cert;
- pkgmgrinfo_pkginfo_destroy_certinfo(handle);
- return old_author_certificate;
-}
-
-} // namespace
-
-namespace common_installer {
-namespace old_certificate {
-
-Step::Status StepCheckOldCertificate::process() {
- std::string old_author_certificate =
- QueryOldCertificateAuthorCertificate(context_->pkgid.get());
- if (old_author_certificate.empty())
- return Status::OK;
-
- const auto& cert = context_->certificate_info.get().author_certificate.get();
- if (!cert) {
- LOG(ERROR) << "Trying to update package without signature is not allowed "
- << "when the previous version of package has signature";
- return Status::ERROR;
- }
- if (old_author_certificate != cert->getBase64()) {
- LOG(ERROR) << "Author signature doesn't match the previous one. "
- << "Update must be aborted";
- return Status::ERROR;
- }
-
- return Status::OK;
-}
-
-} // namespace old_certificate
-} // namespace common_installer
diff --git a/src/common/step/step_check_old_certificate.h b/src/common/step/step_check_old_certificate.h
deleted file mode 100644
index 20a873f..0000000
--- a/src/common/step/step_check_old_certificate.h
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-// Use of this source code is governed by a apache 2.0 license that can be
-// found in the LICENSE file.
-
-#ifndef COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
-#define COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
-
-#include "common/context_installer.h"
-#include "common/step/step.h"
-#include "common/utils/logging.h"
-
-namespace common_installer {
-namespace old_certificate {
-
-class StepCheckOldCertificate : public Step {
- public:
- using Step::Step;
-
- Status process() override;
- Status undo() override { return Status::OK; }
- Status clean() override { return Status::OK; }
- Status precheck() override { return Status::OK; }
-
- SCOPE_LOG_TAG(CheckOldCertificate)
-};
-
-} // namespace old_certificate
-} // namespace common_installer
-
-#endif // COMMON_STEP_STEP_CHECK_OLD_CERTIFICATE_H_
diff --git a/src/common/step/step_check_signature.cc b/src/common/step/step_check_signature.cc
index 79fe0f6..f0585f2 100644
--- a/src/common/step/step_check_signature.cc
+++ b/src/common/step/step_check_signature.cc
@@ -228,6 +228,8 @@ Step::Status StepCheckSignature::process() {
context_->manifest_data.get()->privileges))
return Status::ERROR;
+ // TODO(t.iwanek): check old certificate during update...
+
LOG(INFO) << "Signature done";
return Status::OK;
}
diff --git a/src/tpk/task.cc b/src/tpk/task.cc
index 4e07239..d817fff 100644
--- a/src/tpk/task.cc
+++ b/src/tpk/task.cc
@@ -3,8 +3,8 @@
#ifdef HOSTTEST
#include "test/mock_pkgmgr_installer.h"
#else
-#include "common/app_installer.h"
#include "common/pkgmgr_interface.h"
+#include "common/app_installer.h"
#include "common/step/step_configure.h"
#include "common/step/step_backup_icons.h"
#include "common/step/step_backup_manifest.h"
@@ -24,13 +24,12 @@
#include "common/step/step_unzip.h"
#include "common/step/step_update_app.h"
#include "common/step/step_update_security.h"
-#include "common/step/step_check_old_certificate.h"
-#include "common/utils/logging.h"
-
#include "tpk/step/step_parse.h"
#include "tpk/step/step_create_symbolic_link.h"
+#include "common/utils/logging.h"
#endif
+
namespace ci = common_installer;
namespace {
@@ -114,7 +113,6 @@ int Task::Update() {
ai.AddStep();
ai.AddStep();
ai.AddStep();
- ai.AddStep();
ai.AddStep();
ai.AddStep();
ai.AddStep();
diff --git a/src/wgt/wgt_backend.cc b/src/wgt/wgt_backend.cc
index 422ace9..ea62696 100644
--- a/src/wgt/wgt_backend.cc
+++ b/src/wgt/wgt_backend.cc
@@ -26,7 +26,6 @@
#include "common/step/step_unzip.h"
#include "common/step/step_update_app.h"
#include "common/step/step_update_security.h"
-#include "common/step/step_check_old_certificate.h"
#include "wgt/step/step_create_symbolic_link.h"
#include "wgt/step/step_check_settings_level.h"
@@ -69,7 +68,6 @@ int main(int argc, char** argv) {
installer.AddStep();
installer.AddStep();
installer.AddStep();
- installer.AddStep();
installer.AddStep();
installer.AddStep();
installer.AddStep();
--
2.7.4