subscription: conditionalize checks

signed subscription info files should always be checked to catch
attempts of invalid signatures, but the age and serverid checks only
need to apply to "active" files, else the status might switch from a
more meaningful one to "invalid" by accident.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2022-09-07 10:40:45 +02:00
parent 4beac11b34
commit f908f216ae

View File

@ -91,10 +91,12 @@ pub fn read_subscription<P: AsRef<Path>>(
Some(raw) => {
let mut info = parse_subscription_file(&raw)?;
if let Some(info) = info.as_mut() {
// these will set `status` to INVALID if checks fail!
info.check_signature(signature_keys);
info.check_server_id();
info.check_age(false);
if info.status == SubscriptionStatus::Active {
// these will set `status` to INVALID if checks fail!
info.check_server_id();
info.check_age(false);
}
};
Ok(info)