Fix the behavior for metadata verification when no public key presents
The old behavior actually checks if the hash check is mandatory
(install_plan_->hash_checks_mandatory). And it reports an warning
instead of an error for non-mandatory checks when there is no public
key presents. Change the logic to match the old behavior.
Test: unit tests pass, run 'brillo_update_payload verify' without a source image.
Change-Id: Ie9be7553ec018c1c7fd515a462190c2376c67e4c
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index 4b80ae6..4aec00b 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -527,18 +527,19 @@
<< "Trusting metadata size in payload = " << metadata_size_;
}
- // Perform the verification unconditionally.
auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
if (!payload_verifier) {
LOG(ERROR) << "Failed to create payload verifier.";
*error = ErrorCode::kDownloadMetadataSignatureVerificationError;
- return MetadataParseResult::kError;
+ if (perform_verification) {
+ return MetadataParseResult::kError;
+ }
+ } else {
+ // We have the full metadata in |payload|. Verify its integrity
+ // and authenticity based on the information we have in Omaha response.
+ *error = payload_metadata_.ValidateMetadataSignature(
+ payload, payload_->metadata_signature, *payload_verifier);
}
-
- // We have the full metadata in |payload|. Verify its integrity
- // and authenticity based on the information we have in Omaha response.
- *error = payload_metadata_.ValidateMetadataSignature(
- payload, payload_->metadata_signature, *payload_verifier);
if (*error != ErrorCode::kSuccess) {
if (install_plan_->hash_checks_mandatory) {
// The autoupdate_CatchBadSignatures test checks for this string