Make public key verification check binding.
Until now, we've just warned on failure. This CL makes the update fail
if the check fails.
BUG=chromium-os:19872
TEST=unittests; tested on device
Change-Id: I485b2548849f46d2b802c478736671bb44a85aab
Reviewed-on: http://gerrit.chromium.org/gerrit/6998
Reviewed-by: Darin Petkov <petkov@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>
diff --git a/download_action.cc b/download_action.cc
index 1491caa..9da925c 100644
--- a/download_action.cc
+++ b/download_action.cc
@@ -27,8 +27,7 @@
http_fetcher_(http_fetcher),
code_(kActionCodeSuccess),
delegate_(NULL),
- bytes_received_(0),
- skip_reporting_signature_fail_(NULL) {}
+ bytes_received_(0) {}
DownloadAction::~DownloadAction() {}
@@ -158,18 +157,16 @@
if (delegate_) {
delegate_->SetDownloadStatus(false); // Set to inactive.
}
- bool signature_verify_failed = false;
ActionExitCode code =
successful ? kActionCodeSuccess : kActionCodeDownloadTransferError;
if (code == kActionCodeSuccess) {
if (!install_plan_.is_full_update) {
- if (!delta_performer_->VerifyPayload("",
- install_plan_.download_hash,
- install_plan_.size,
- &signature_verify_failed)) {
+ code = delta_performer_->VerifyPayload("",
+ install_plan_.download_hash,
+ install_plan_.size);
+ if (code != kActionCodeSuccess) {
LOG(ERROR) << "Download of " << install_plan_.download_url
<< " failed due to payload verification error.";
- code = kActionCodeDownloadPayloadVerificationError;
} else if (!delta_performer_->GetNewPartitionInfo(
&install_plan_.kernel_size,
&install_plan_.kernel_hash,
@@ -195,12 +192,6 @@
}
}
- if (skip_reporting_signature_fail_.get() &&
- (code != kActionCodeSuccess || !signature_verify_failed)) {
- LOG(INFO) << "Suppressing signature pub key verification warning";
- skip_reporting_signature_fail_->Run();
- }
-
FlushLinuxCaches();
// Write the path to the output pipe if we're successful.