Require download policy to be stricter

safing · Sep 28, 2022 · 5accaad · 5accaad
1 parent 109f51e
commit 5accaad
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/updater/indexes.go b/updater/indexes.go
@@ -67,7 +67,7 @@ func ParseIndexFile(indexData []byte, channel string, lastIndexRelease time.Time
 	}
 
 	// Fallback to old format if there are no releases and no channel is defined.
-	// TODO: Remove in v0.10
+	// TODO: Remove in v1
 	if len(indexFile.Releases) == 0 && indexFile.Channel == "" {
 		return loadOldIndexFormat(indexData, channel)
 	}
@@ -99,8 +99,8 @@ func loadOldIndexFormat(indexData []byte, channel string) (*IndexFile, error) {
 	}
 
 	return &IndexFile{
-		Channel:   channel,
-		Published: time.Now(),
-		Releases:  releases,
+		Channel: channel,
+		// Do NOT define `Published`, as this would break the "is newer" check.
+		Releases: releases,
 	}, nil
 }
diff --git a/updater/registry.go b/updater/registry.go
@@ -1,6 +1,7 @@
 package updater
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -103,6 +104,11 @@ func (reg *ResourceRegistry) Initialize(storageDir *utils.DirStructure) error {
 				return fmt.Errorf("verification enabled for prefix %q, but no trust store configured", prefix)
 			}
 
+			// DownloadPolicy must be equal or stricter than DiskLoadPolicy.
+			if opts.DiskLoadPolicy < opts.DownloadPolicy {
+				return errors.New("verification download policy must be equal or stricter than the disk load policy")
+			}
+
 			// Warn if all policies are disabled.
 			if opts.DownloadPolicy == SignaturePolicyDisable &&
 				opts.DiskLoadPolicy == SignaturePolicyDisable {