Require download policy to be stricter

2025-09-04 11:40:23 +00:00 · 2022-09-28 14:41:27 +02:00 · 2022-09-28 14:41:27 +02:00 · 5accaad794
commit 5accaad794
parent 109f51e834
2 changed files with 10 additions and 4 deletions
--- a/updater/indexes.go
+++ b/updater/indexes.go
@ -67,7 +67,7 @@ func ParseIndexFile(indexData []byte, channel string, lastIndexRelease time.Time
 	}
 	// Fallback to old format if there are no releases and no channel is defined.
-	// TODO: Remove in v0.10
+	// TODO: Remove in v1
 	if len(indexFile.Releases) == 0 && indexFile.Channel == "" {
 		return loadOldIndexFormat(indexData, channel)
 	}
@ -99,8 +99,8 @@ func loadOldIndexFormat(indexData []byte, channel string) (*IndexFile, error) {
 	}
 	return &IndexFile{
-		Channel:   channel,
+		Channel: channel,
-		Published: time.Now(),
+		// Do NOT define `Published`, as this would break the "is newer" check.
-		Releases:  releases,
+		Releases: releases,
 	}, nil
 }
--- a/updater/registry.go
+++ b/updater/registry.go
@ -1,6 +1,7 @@
 package updater
 import (
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@ -103,6 +104,11 @@ func (reg *ResourceRegistry) Initialize(storageDir *utils.DirStructure) error {
 				return fmt.Errorf("verification enabled for prefix %q, but no trust store configured", prefix)
 			}
 			// DownloadPolicy must be equal or stricter than DiskLoadPolicy.
 			if opts.DiskLoadPolicy < opts.DownloadPolicy {
 				return errors.New("verification download policy must be equal or stricter than the disk load policy")
 			}
 			// Warn if all policies are disabled.
 			if opts.DownloadPolicy == SignaturePolicyDisable &&
 				opts.DiskLoadPolicy == SignaturePolicyDisable {