[PATCH 3 of 3] (issue177) Only install updates with a newer signature on windows
Wald Commits
scm-commit at wald.intevation.org
Fri Nov 21 18:34:07 CET 2014
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1416591238 -3600
# Node ID 3d7ddf6984807fc31b0a9875a90044f14ba5aad1
# Parent 28885e8c891f21dad2ecf3f66d4d9b82117b12fb
(issue177) Only install updates with a newer signature on windows
diff -r 28885e8c891f -r 3d7ddf698480 ui/main.cpp
--- a/ui/main.cpp Fri Nov 21 18:33:31 2014 +0100
+++ b/ui/main.cpp Fri Nov 21 18:33:58 2014 +0100
@@ -74,6 +74,7 @@
int main(int argc, char **argv)
{
+ time_t signed_time = 0;
#ifdef WIN32
/* First verify integrity even before calling QApplication.
* We only do this on Windows as we have a PKCS#7 embedded
@@ -82,7 +83,7 @@
* On GNU/Linux platforms you should use an IDS system to
* monitor executable corruptions.
*/
- if (!selftest()) {
+ if (!selftest(&signed_time)) {
syslog_error_printf("Integrity check failed.");
MessageBoxW(NULL,
L"TrustBridge wurde nach der Installation modifizert.\n"
@@ -188,6 +189,12 @@
app.setFont(font);
}
+ if (signed_time != 0 && signed_time != -1) {
+ QDateTime sigTime = QDateTime::fromTime_t(signed_time);
+ QSettings settigs;
+ settings.setValue("Software/currentSigDt", sigTime);
+ }
+
MainWindow mainWin(trayMode);
return app.exec();
diff -r 28885e8c891f -r 3d7ddf698480 ui/mainwindow.cpp
--- a/ui/mainwindow.cpp Fri Nov 21 18:33:31 2014 +0100
+++ b/ui/mainwindow.cpp Fri Nov 21 18:33:58 2014 +0100
@@ -280,10 +280,20 @@
}
bin_verify_result verifyResult = verify_binary(swFileName.toUtf8().constData(),
swFileName.toUtf8().size());
- qDebug() << "Binary verify result: " << verifyResult.result;
- if (verifyResult.result != VerifyValid) {
+ QDateTime sigDt = QDateTime::fromTime_t (verifyResult.sig_time);
+ QDateTime currentSigDt = mSettings.value("Software/currentSigDt").toDateTime();
+
+ if (verifyResult.result != VerifyValid || (currentSigDt.isValid() && sigDt <= currentSigDt)) {
handleLTE(lteInvalidSoftware);
- qDebug() << "Failed to verify downloaded data.";
+ if (verifyResult.result != VerifyValid) {
+ qDebug() << "Failed to verify downloaded data.";
+ } else {
+ qDebug() << "Software update was signed at: " << sigDt;
+ qDebug() << "But the installed software was signed on: " << currentSigDt;
+ if (verifyResult.fptr) {
+ fclose(verifyResult.fptr);
+ }
+ }
QFile::remove(swFileName);
mSettings.remove("Software/available");
mSettings.remove("Software/availableDate");
@@ -414,9 +424,23 @@
bin_verify_result vres = verify_binary(filePath.toUtf8().constData(),
filePath.toUtf8().size());
- if (vres.result != VerifyValid) {
+ QDateTime sigDt = QDateTime::fromTime_t (vres.sig_time);
+ QDateTime currentSigDt = mSettings.value("Software/currentSigDt").toDateTime();
+
+ if (vres.result != VerifyValid || (currentSigDt.isValid() && sigDt <= currentSigDt)) {
handleLTE(lteInvalidSoftware);
- qDebug() << "Invalid software. Not installing";
+ if (vres.result != VerifyValid) {
+ qDebug() << "Failed to verify installer.";
+ } else {
+ qDebug() << "Software update was signed at: " << sigDt;
+ qDebug() << "But the installed software was signed on: " << currentSigDt;
+ if (vres.fptr) {
+ fclose(vres.fptr);
+ }
+ }
+ QFile::remove(filePath);
+ mSettings.remove("Software/available");
+ mSettings.remove("Software/availableDate");
return;
}
handleLTE(lteInvalidSoftware, true);
More information about the Trustbridge-commits
mailing list