Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 9b90c93edcaa16f6c734f421ccf00201a474d9ea^! / . / scripts / update_payload / checker.py
commit9b90c93edcaa16f6c734f421ccf00201a474d9ea[log] [tgz]
authorGilad Arnold <garnold@chromium.org>Wed May 22 17:12:56 2013 -0700
committerChromeBot <chrome-bot@google.com>Wed May 22 19:15:54 2013 -0700
tree791c5a1c3c7ee0076d98cfc3d465fc8832781f69
parent432d601e236bf8b9110fdb497e5f5c87899346e2 [diff] [blame]
paycheck: move default pubkey handling inside the library

This is a more sensible choice given that the pubkey ships within the
library directory and hence should not be specified explicitly by an
outside entity (like paycheck). From the practical standpoint, it makes
this useful feature available to clients who use the library directly.

BUG=chromium:241283
TEST=Unit + integration tests

Change-Id: I059302326af1e0e394829466ee97ad2f60de4986
Reviewed-on: https://gerrit.chromium.org/gerrit/56335
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>

diff --git a/scripts/update_payload/checker.py b/scripts/update_payload/checker.py
index a9edce3..eabcedb 100644
--- a/scripts/update_payload/checker.py
+++ b/scripts/update_payload/checker.py

@@ -16,6 +16,7 @@
 import array
 import base64
 import hashlib
+import os
 import subprocess
 
 import common
@@ -26,7 +27,7 @@
 
 
 #
-# Constants / helper functions.
+# Constants.
 #
 _CHECK_DST_PSEUDO_EXTENTS = 'dst-pseudo-extents'
 _CHECK_MOVE_SAME_SRC_DST_BLOCK = 'move-same-src-dst-block'
@@ -42,6 +43,10 @@
 
 _DEFAULT_BLOCK_SIZE = 4096
 
+_DEFAULT_PUBKEY_BASE_NAME = 'update-payload-key.pub.pem'
+_DEFAULT_PUBKEY_FILE_NAME = os.path.join(os.path.dirname(__file__),
+                                         _DEFAULT_PUBKEY_BASE_NAME)
+
 
 #
 # Helper functions.
@@ -1058,6 +1063,9 @@
       PayloadError if payload verification failed.
 
     """
+    if not pubkey_file_name:
+      pubkey_file_name = _DEFAULT_PUBKEY_FILE_NAME
+
     report = _PayloadReport()
 
     # Get payload file size.
@@ -1068,9 +1076,6 @@
     try:
       # Check metadata signature (if provided).
       if metadata_sig_file:
-        if not pubkey_file_name:
-          raise PayloadError(
-              'no public key provided, cannot verify metadata signature')
         metadata_sig = base64.b64decode(metadata_sig_file.read())
         self._CheckSha256Signature(metadata_sig, pubkey_file_name,
                                    self.payload.manifest_hasher.digest(),
@@ -1116,9 +1121,6 @@
 
       # Part 5: handle payload signatures message.
       if self.check_payload_sig and self.sigs_size:
-        if not pubkey_file_name:
-          raise PayloadError(
-              'no public key provided, cannot verify payload signature')
         self._CheckSignatures(report, pubkey_file_name)
 
       # Part 6: summary.