AU: Detect and report public key verify failures, but continue updating.
Make a new OmahaEvent (Type: 14 (kTypeUpdateDownloadFinished), Result:
0 (kResultError), ErrorCode: 18
(kActionCodeDownloadPayloadPubKeyVerificationError)). This event is
sent if we have a successful download that fails public key
verification. Currently this is a non-fatal failure, but we plan to
make it fatal in future clients.
BUG=chromium-os:13341
TEST=unittests; 3 on device tests: w/o public key on device, w/ pub
key and matching download, w/ pub key and non-matching download
Change-Id: Ib6589c78449c2dfcbffa4c85ab679f7fe844584b
Review URL: http://codereview.chromium.org/6792065
diff --git a/download_action.cc b/download_action.cc
index 9577047..933cbdd 100644
--- a/download_action.cc
+++ b/download_action.cc
@@ -27,7 +27,8 @@
http_fetcher_(http_fetcher),
code_(kActionCodeSuccess),
delegate_(NULL),
- bytes_received_(0) {}
+ bytes_received_(0),
+ skip_reporting_signature_fail_(NULL) {}
DownloadAction::~DownloadAction() {}
@@ -157,6 +158,7 @@
if (delegate_) {
delegate_->SetDownloadStatus(false); // Set to inactive.
}
+ bool signature_verify_failed = false;
ActionExitCode code =
successful ? kActionCodeSuccess : kActionCodeDownloadTransferError;
if (code == kActionCodeSuccess) {
@@ -164,7 +166,7 @@
if (!delta_performer_->VerifyPayload("",
install_plan_.download_hash,
install_plan_.size,
- NULL)) {
+ &signature_verify_failed)) {
LOG(ERROR) << "Download of " << install_plan_.download_url
<< " failed due to payload verification error.";
code = kActionCodeDownloadPayloadVerificationError;
@@ -193,6 +195,12 @@
}
}
+ if (skip_reporting_signature_fail_.get() &&
+ (code != kActionCodeSuccess || !signature_verify_failed)) {
+ LOG(INFO) << "Suppressing signature pub key verification warning";
+ skip_reporting_signature_fail_->Run();
+ }
+
FlushLinuxCaches();
// Write the path to the output pipe if we're successful.