From 520d688ef055fbaf60e9a7433cf913f6cee09691 Mon Sep 17 00:00:00 2001 From: Enrico Joerns Date: Tue, 24 Oct 2023 13:06:28 +0200 Subject: [PATCH] src/main: fix --no-verify usage for rauc resign In .. introduced... Due to the additional sanity check in src/main, it was however not possible to omit the keyring and thus this implicitly enforces a (possibly unexpected) post-signing verification. --- src/main.c | 5 ++--- test/rauc.t | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/main.c b/src/main.c index b0dd6a3d4..c2335f87b 100644 --- a/src/main.c +++ b/src/main.c @@ -531,9 +531,8 @@ static gboolean resign_start(int argc, char **argv) } if (r_context()->certpath == NULL || - r_context()->keypath == NULL || - r_context()->keyringpath == NULL) { - g_printerr("Cert, key and keyring files must be provided\n"); + r_context()->keypath == NULL) { + g_printerr("Cert and key files must be provided\n"); r_exit_status = 1; goto out; } diff --git a/test/rauc.t b/test/rauc.t index 1c8a38815..af5eb7780 100755 --- a/test/rauc.t +++ b/test/rauc.t @@ -973,7 +973,6 @@ test_expect_success FAKETIME "rauc resign extend (expired, no-verify)" " rauc \ --cert $SHARNESS_TEST_DIRECTORY/openssl-ca/rel/release-1.cert.pem \ --key $SHARNESS_TEST_DIRECTORY/openssl-ca/rel/private/release-1.pem \ - --keyring $SHARNESS_TEST_DIRECTORY/openssl-ca/rel-ca.pem \ --no-verify \ resign ${TEST_TMPDIR}/out1.raucb ${TEST_TMPDIR}/out2.raucb && test -f ${TEST_TMPDIR}/out2.raucb