Mercurial > trustbridge > trustbridge
diff ui/mainwindow.cpp @ 1365:3d7ddf698480
(issue177) Only install updates with a newer signature on windows
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Fri, 21 Nov 2014 18:33:58 +0100 |
| parents | c2b76c8a8b82 |
| children | 23df332b2a4c |
line wrap: on
line diff
--- a/ui/mainwindow.cpp Fri Nov 21 18:33:31 2014 +0100 +++ b/ui/mainwindow.cpp Fri Nov 21 18:33:58 2014 +0100 @@ -280,10 +280,20 @@ } bin_verify_result verifyResult = verify_binary(swFileName.toUtf8().constData(), swFileName.toUtf8().size()); - qDebug() << "Binary verify result: " << verifyResult.result; - if (verifyResult.result != VerifyValid) { + QDateTime sigDt = QDateTime::fromTime_t (verifyResult.sig_time); + QDateTime currentSigDt = mSettings.value("Software/currentSigDt").toDateTime(); + + if (verifyResult.result != VerifyValid || (currentSigDt.isValid() && sigDt <= currentSigDt)) { handleLTE(lteInvalidSoftware); - qDebug() << "Failed to verify downloaded data."; + if (verifyResult.result != VerifyValid) { + qDebug() << "Failed to verify downloaded data."; + } else { + qDebug() << "Software update was signed at: " << sigDt; + qDebug() << "But the installed software was signed on: " << currentSigDt; + if (verifyResult.fptr) { + fclose(verifyResult.fptr); + } + } QFile::remove(swFileName); mSettings.remove("Software/available"); mSettings.remove("Software/availableDate"); @@ -414,9 +424,23 @@ bin_verify_result vres = verify_binary(filePath.toUtf8().constData(), filePath.toUtf8().size()); - if (vres.result != VerifyValid) { + QDateTime sigDt = QDateTime::fromTime_t (vres.sig_time); + QDateTime currentSigDt = mSettings.value("Software/currentSigDt").toDateTime(); + + if (vres.result != VerifyValid || (currentSigDt.isValid() && sigDt <= currentSigDt)) { handleLTE(lteInvalidSoftware); - qDebug() << "Invalid software. Not installing"; + if (vres.result != VerifyValid) { + qDebug() << "Failed to verify installer."; + } else { + qDebug() << "Software update was signed at: " << sigDt; + qDebug() << "But the installed software was signed on: " << currentSigDt; + if (vres.fptr) { + fclose(vres.fptr); + } + } + QFile::remove(filePath); + mSettings.remove("Software/available"); + mSettings.remove("Software/availableDate"); return; } handleLTE(lteInvalidSoftware, true);