commit e4d75c9ea06a80745be74a4215efd70a30a1a817
author Arup Mukherjee <arup@google.com> Mon May 18 19:10:02 2015 -0700
committer Arup Mukherjee <arup@google.com> Mon May 18 19:11:03 2015 -0700
tree 7327459030453a9e209cf752bdd83ea9902aaf89
parent e1d1cf5c9104b614f048e1e60f769ba1b49ccaa8

services/device/internal/impl: Accept unsigned packages

Allow unsigned packages to be used alongside a signed binary.

There are also a few go vet fixes in this change.

Change-Id: If593a3835cca60929535c01c998416018096d7b0

services/device/internal/impl/app_service.go

diff --git a/services/device/internal/impl/app_service.go b/services/device/internal/impl/app_service.go
index 5b6a762..dd5c50e 100644
--- a/services/device/internal/impl/app_service.go
+++ b/services/device/internal/impl/app_service.go
@@ -550,7 +550,7 @@
 	if err != nil {
 		return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("PublicKey().MarshalBinary() failed: %v", err))
 	}
-	if err := call.SendStream().Send(device.BlessServerMessageInstancePublicKey{mPubKey}); err != nil {
+	if err := call.SendStream().Send(device.BlessServerMessageInstancePublicKey{Value: mPubKey}); err != nil {
 		return err
 	}
 	if !call.RecvStream().Advance() {
@@ -851,7 +851,7 @@
 	} else {
 		cmd.Env = append(cmd.Env, ref.EnvCredentials+"="+filepath.Join(instanceDir, "credentials"))
 	}
-	handle := vexec.NewParentHandle(cmd, vexec.ConfigOpt{cfg})
+	handle := vexec.NewParentHandle(cmd, vexec.ConfigOpt{Config: cfg})
 	defer func() {
 		if handle != nil {
 			if err := handle.Clean(); err != nil {
@@ -1473,10 +1473,10 @@
 	switch len(i.suffix) {
 	case 2:
 		status, err := i.installationStatus(ctx)
-		return device.StatusInstallation{status}, err
+		return device.StatusInstallation{Value: status}, err
 	case 3:
 		status, err := i.instanceStatus(ctx)
-		return device.StatusInstance{status}, err
+		return device.StatusInstance{Value: status}, err
 	default:
 		return nil, verror.New(ErrInvalidSuffix, ctx)
 	}

services/device/internal/impl/util.go

diff --git a/services/device/internal/impl/util.go b/services/device/internal/impl/util.go
index 1f42989..317fcae 100644
--- a/services/device/internal/impl/util.go
+++ b/services/device/internal/impl/util.go
@@ -11,6 +11,7 @@
 	"os"
 	"os/exec"
 	"path/filepath"
+	"reflect"
 	"strings"
 	"time"
 
@@ -74,8 +75,11 @@
 		if err != nil {
 			return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("ReadPackage(%v) failed: %v", path, err))
 		}
-		if err := verifySignature(data, publisher, pkgName.Signature); err != nil {
-			return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("Publisher package(%v:%v) signature verification failed", localPkg, pkgName))
+		// If a nonempty signature is present, verify it. (i.e., we accept unsigned packages.)
+		if !reflect.DeepEqual(pkgName.Signature, security.Signature{}) {
+			if err := verifySignature(data, publisher, pkgName.Signature); err != nil {
+				return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("Publisher package(%v:%v) signature verification failed", localPkg, pkgName))
+			}
 		}
 	}
 	return nil