#21: Add signature validation during installations

2019-05-28 13:23:23 -05:00
parent 43598a08bb
commit 51c30aefb6
2 changed files with 3 additions and 2 deletions
--- a/public/electron.js
+++ b/public/electron.js
@@ -727,8 +727,8 @@ ipcMain.on(Constants.IPC_Install_Upgrade, (event, data) => {
    }, err);
  };

-  const hasSignature = data.Signature && (data.Signature.length > 0);
-  const hasHash = data.Sha256 && (data.Sha256.length > 0);
+  const hasSignature = !data.SkipVerification && data.Signature && (data.Signature.length > 0);
+  const hasHash = !data.SkipVerification && data.Sha256 && (data.Sha256.length > 0);
  if (hasSignature) {
    try {
      const files = helpers.createSignatureFiles(data.Signature, Constants.DEV_PUBLIC_KEY);
--- a/src/App.js
+++ b/src/App.js
@@ -300,6 +300,7 @@ class App extends IPCContainer {
      this.sendRequest(Constants.IPC_Install_Upgrade, {
        Sha256: sha256,
        Signature: signature,
+        SkipVerification: false,
        Source: data.Destination,
      });
    } else {