autoupdater: allow skipping the signatures check

this commit introduces a new cli flag "--force-signatures"
2019-01-07 15:01:17 +01:00 · 2019-01-07 15:01:17 +01:00 · f39c29ddae
parent a52d5ced54
commit f39c29ddae
2 changed files with 9 additions and 1 deletions
--- a/admin/autoupdater/src/autoupdater.c
+++ b/admin/autoupdater/src/autoupdater.c
@ -86,6 +86,7 @@ static void usage(void) {
 		"                       really flash a new firmware if one is available.\n\n"
 		"  --fallback           Upgrade if and only if the upgrade timespan of the new\n"
 		"                       version has passed for at least 24 hours.\n\n"
+		"  --force-signatures   Skip signature check.\n\n"
 		"  --force-version      Skip version check to allow downgrades.\n\n"
 		"  <mirror> ...         Override the mirror URLs given in the configuration. If\n"
 		"                       specified, these are not shuffled.\n\n",
@ -102,6 +103,7 @@ static void parse_args(int argc, char *argv[], struct settings *settings) {
 		OPTION_NO_ACTION = 'n',
 		OPTION_FALLBACK = 256,
 		OPTION_FORCE_VERSION = 257,
+		OPTION_FORCE_SIGNATURES = 258,
 	};

 	const struct option options[] = {
@ -110,6 +112,7 @@ static void parse_args(int argc, char *argv[], struct settings *settings) {
 		{"fallback",  no_argument,       NULL, OPTION_FALLBACK},
 		{"no-action", no_argument,       NULL, OPTION_NO_ACTION},
 		{"force-version", no_argument, NULL, OPTION_FORCE_VERSION},
+		{"force-signatures", no_argument, NULL, OPTION_FORCE_SIGNATURES},
 		{"help",      no_argument,       NULL, OPTION_HELP},
 	};

@ -143,6 +146,10 @@ static void parse_args(int argc, char *argv[], struct settings *settings) {
 			settings->force_version = true;
 			break;

+		case OPTION_FORCE_SIGNATURES:
+			settings->force_signatures = true;
+			break;
+
 		default:
 			usage();
 			exit(1);
@ -305,7 +312,7 @@ static bool autoupdate(const char *mirror, struct settings *s, int lock_fd) {
 			ecdsa_verify_prepare_legacy(&ctxs[i], &hash, m->signatures[i]);

 		long unsigned int good_signatures = ecdsa_verify_list_legacy(ctxs, m->n_signatures, s->pubkeys, s->n_pubkeys);
-		if (good_signatures < s->good_signatures) {
+		if (good_signatures < s->good_signatures && !s->force_signatures) {
 			fprintf(stderr, "autoupdater: warning: manifest %s only carried %lu valid signatures, %lu are required\n", manifest_url, good_signatures, s->good_signatures);
 			goto out;
 		}
--- a/admin/autoupdater/src/settings.h
+++ b/admin/autoupdater/src/settings.h
@ -34,6 +34,7 @@ struct settings {
 	bool fallback;
 	bool no_action;
 	bool force_version;
+	bool force_signatures;
 	const char *branch;
 	unsigned long good_signatures;
 	char *old_version;