update_engine: Don't require hashes for non-official builds.
CL 228293 changed hash check logic such that hashes are always required
for official update URLs, on the assumption that they will always be
available.
This turns out to cause problems for situations like the referenced bug,
where the devserver counts as an official URL but isn't providing
hashes. This CL waives the hash check requirement for non-official
(dev/test) builds.
BUG=chromium:452139
TEST=cros_run_unit_tests --board=panther --packages=update_engine
Change-Id: I0a48bfe216a8afdff27e06baa24b3d37e7517b25
Reviewed-on: https://chromium-review.googlesource.com/243730
Trybot-Ready: David Pursell <dpursell@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: David Pursell <dpursell@chromium.org>
Tested-by: David Pursell <dpursell@chromium.org>
diff --git a/update_attempter.cc b/update_attempter.cc
index a6aa2b5..ae7f89b 100644
--- a/update_attempter.cc
+++ b/update_attempter.cc
@@ -1628,13 +1628,18 @@
}
bool UpdateAttempter::IsAnyUpdateSourceAllowed() {
- // Non-official (dev or test) builds can always use a custom update source.
+ // We allow updates from any source if either of these are true:
+ // * The device is running an unofficial (dev/test) image.
+ // * The debugd dev features are accessible (i.e. in devmode with no owner).
+ // This protects users running a base image, while still allowing a specific
+ // window (gated by the debug dev features) where `cros flash` is usable.
if (!system_state_->hardware()->IsOfficialBuild()) {
LOG(INFO) << "Non-official build; allowing any update source.";
return true;
}
- // Official images not in devmode are never allowed a custom update source.
+ // Even though the debugd tools are also gated on devmode, checking here can
+ // save us a D-Bus call so it's worth doing explicitly.
if (system_state_->hardware()->IsNormalBootMode()) {
LOG(INFO) << "Not in devmode; disallowing custom update sources.";
return false;