src/main: fix --no-verify usage for rauc resign

In .. introduced... Due to the additional sanity check in src/main, it was however not possible to omit the keyring and thus this implicitly enforces a (possibly unexpected) post-signing verification.
ejoerns · Oct 24, 2023 · 520d688 · 520d688
1 parent 843464e
commit 520d688
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/src/main.c b/src/main.c
@@ -531,9 +531,8 @@ static gboolean resign_start(int argc, char **argv)
 	}
 
 	if (r_context()->certpath == NULL ||
-	    r_context()->keypath == NULL ||
-	    r_context()->keyringpath == NULL) {
-		g_printerr("Cert, key and keyring files must be provided\n");
+	    r_context()->keypath == NULL) {
+		g_printerr("Cert and key files must be provided\n");
 		r_exit_status = 1;
 		goto out;
 	}

diff --git a/test/rauc.t b/test/rauc.t
@@ -973,7 +973,6 @@ test_expect_success FAKETIME "rauc resign extend (expired, no-verify)" "
     rauc \
     --cert $SHARNESS_TEST_DIRECTORY/openssl-ca/rel/release-1.cert.pem \
     --key $SHARNESS_TEST_DIRECTORY/openssl-ca/rel/private/release-1.pem \
-    --keyring $SHARNESS_TEST_DIRECTORY/openssl-ca/rel-ca.pem \
     --no-verify \
     resign ${TEST_TMPDIR}/out1.raucb ${TEST_TMPDIR}/out2.raucb &&
   test -f ${TEST_TMPDIR}/out2.raucb