From f319660f60c9e7d863cec65c983ca24800a6d3ed Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 15 Jan 2021 16:29:54 +0100
Subject: [PATCH] Force run the verification of the signature on occ

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 core/Command/Integrity/CheckApp.php    |  2 +-
 lib/private/IntegrityCheck/Checker.php | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/core/Command/Integrity/CheckApp.php b/core/Command/Integrity/CheckApp.php
index 7bf92001cc8..b95d879941e 100644
--- a/core/Command/Integrity/CheckApp.php
+++ b/core/Command/Integrity/CheckApp.php
@@ -70,7 +70,7 @@ class CheckApp extends Base {
 	protected function execute(InputInterface $input, OutputInterface $output): int {
 		$appid = $input->getArgument('appid');
 		$path = (string)$input->getOption('path');
-		$result = $this->checker->verifyAppSignature($appid, $path);
+		$result = $this->checker->verifyAppSignature($appid, $path, true);
 		$this->writeArrayInOutputFormat($input, $output, $result);
 		if (count($result) > 0) {
 			return 1;
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
index 504cd391c42..353a76f8f1a 100644
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@@ -311,12 +311,13 @@ class Checker {
 	 * @param string $signaturePath
 	 * @param string $basePath
 	 * @param string $certificateCN
+	 * @param bool $forceVerify
 	 * @return array
 	 * @throws InvalidSignatureException
 	 * @throws \Exception
 	 */
-	private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
-		if (!$this->isCodeCheckEnforced()) {
+	private function verify(string $signaturePath, string $basePath, string $certificateCN, bool $forceVerify = false): array {
+		if (!$forceVerify && !$this->isCodeCheckEnforced()) {
 			return [];
 		}
 
@@ -495,9 +496,10 @@ class Checker {
 	 *
 	 * @param string $appId
 	 * @param string $path Optional path. If none is given it will be guessed.
+	 * @param bool $forceVerify
 	 * @return array
 	 */
-	public function verifyAppSignature(string $appId, string $path = ''): array {
+	public function verifyAppSignature(string $appId, string $path = '', bool $forceVerify = false): array {
 		try {
 			if ($path === '') {
 				$path = $this->appLocator->getAppPath($appId);
@@ -505,7 +507,8 @@ class Checker {
 			$result = $this->verify(
 					$path . '/appinfo/signature.json',
 					$path,
-					$appId
+					$appId,
+					$forceVerify
 			);
 		} catch (\Exception $e) {
 			$result = [
-- 
GitLab