tighten up some restrictions

2019-12-18 09:12:10 -05:00 · 2019-12-18 09:12:10 -05:00 · 43896ea67d
parent ae3a64801d
commit 43896ea67d
3 changed files with 13 additions and 6 deletions
--- a/schema/lib/types/cksum.xsd
+++ b/schema/lib/types/cksum.xsd
@ -66,10 +66,11 @@
    </xs:complexType>

    <xs:complexType name="t_cksum_verify">
-        <xs:sequence>
-            <xs:element name="checksum" minOccurs="0" maxOccurs="unbounded" type="t_cksum_hash"/>
+        <xs:choice minOccurs="1" maxOccurs="unbounded">
+            <xs:element name="checksum" minOccurs="0" maxOccurs="unbounded" type="t_cksum_hash">
+            </xs:element>
            <xs:element name="checksumFile" minOccurs="0" maxOccurs="unbounded" type="t_cksum_file"/>
-        </xs:sequence>
+        </xs:choice>
    </xs:complexType>

 </xs:schema>
--- a/schema/lib/types/gpg.xsd
+++ b/schema/lib/types/gpg.xsd
@ -8,7 +8,7 @@

    <xs:simpleType name="t_gpg_key_id">
        <xs:restriction base="xs:string">
-            <xs:pattern value="(auto|default)"/><!-- Program should accept any key IDs it finds (INSECURE) -->
+            <xs:pattern value="auto"/><!-- Program should use hardcoded default (POSSIBLY INSECURE) -->
            <xs:pattern value="\s*(0x)?[0-9A-Fa-f]{40}\s*"/><!-- Full key ID -->
            <xs:pattern value="\s*(0x)?[0-9A-Fa-f]{16}\s*"/><!-- Shorthand key ID ("keyid-format long") -->
            <xs:pattern value="\s*(0x)?[0-9A-Fa-f]{8}\s*"/><!-- Legacy shorter shorthand ("keyid-format short") -->
@ -26,6 +26,7 @@
            <xs:element name="keyID" minOccurs="0" maxOccurs="unbounded" type="t_gpg_key_id"/>
            <xs:element name="keyFile" minOccurs="0" maxOccurs="unbounded" type="t_net_generic_resource"/>
        </xs:choice>
+        <xs:attribute name="detect" use="optional" default="false" type="xs:boolean"/>
    </xs:complexType>

    <xs:simpleType name="t_gpg_sig">
--- a/schema/lib/types/sys.xsd
+++ b/schema/lib/types/sys.xsd
@ -18,9 +18,14 @@

    <xs:complexType name="t_sys_verifyfile">
        <xs:choice minOccurs="1" maxOccurs="2">
-            <xs:element name="gpg" minOccurs="0" maxOccurs="1" type="t_gpg_verify">
+            <xs:element name="gpg" minOccurs="0" maxOccurs="1" type="t_gpg_verify"/>
+            <xs:element name="hash" minOccurs="0" maxOccurs="1" type="t_cksum_verify">
+                <xs:unique name="uniq_cksum_value_attr">
+                    <xs:selector xpath="checksum"/>
+                    <xs:field xpath="@hashType"/>
+                    <xs:field xpath="."/>
+                </xs:unique>
            </xs:element>
-            <xs:element name="hash" minOccurs="0" maxOccurs="1" type="t_cksum_verify"/>
        </xs:choice>
    </xs:complexType>