Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / b552a68af39efa42d462a9272d3dc47eb39c6db8
commitb552a68af39efa42d462a9272d3dc47eb39c6db8[log] [tgz]
authorAlex Deymo <deymo@google.com>Wed Sep 30 09:36:49 2015 -0700
committerAlex Deymo <deymo@google.com>Wed Sep 30 18:38:05 2015 +0000
tree53faa7503c8acb0ffcf28fbc881fe3aee86fdc20
parent05322879380a15f7042f4023b4ce4fec4b8bf50b [diff]
Check all signatures regardless of the version.

The update_engine daemon had a fixed version number for the public key
used to verify both the metadata and whole payload signatures. The
public key itself is installed by the signer, implying that the source
code and the signer need to be in sync if we ever need to roll the
payload key.

This situation becomes more of a problem if we don't control when the
version number included in the source code is updated in the built
image sent for payload generation and signing.

This patch makes update_engine ignore the version number associated
with a signature and instead tries to verify all the signatures
included in the payload against the public key found in the code. This
effectively deprecates the key version number. To be compatible with
old versions, the version number 1 is included in all signatures.

Bug: 23601118
Test: Added unittests.

Change-Id: I4f96cc207ad6b9c011def5ce586d0e0e85af28ab
7 files changed
tree: 53faa7503c8acb0ffcf28fbc881fe3aee86fdc20
  1. dbus_bindings/
  2. include/
  3. init/
  4. payload_generator/
  5. sample_images/
  6. update_manager/
  7. update_payload_key/
  8. .gitignore
  9. action.h
  10. action_pipe.h
  11. action_pipe_unittest.cc
  12. action_processor.cc
  13. action_processor.h
  14. action_processor_unittest.cc
  15. action_unittest.cc
  16. Android.mk
  17. boot_control.h
  18. boot_control_android.cc
  19. boot_control_android.h
  20. boot_control_chromeos.cc
  21. boot_control_chromeos.h
  22. boot_control_chromeos_unittest.cc
  23. boot_control_interface.h
  24. bzip.cc
  25. bzip.h
  26. bzip_extent_writer.cc
  27. bzip_extent_writer.h
  28. bzip_extent_writer_unittest.cc
  29. certificate_checker.cc
  30. certificate_checker.h
  31. certificate_checker_unittest.cc
  32. chrome_browser_proxy_resolver.cc
  33. chrome_browser_proxy_resolver.h
  34. chrome_browser_proxy_resolver_unittest.cc
  35. clock.cc
  36. clock.h
  37. clock_interface.h
  38. connection_manager.cc
  39. connection_manager.h
  40. connection_manager_interface.h
  41. connection_manager_unittest.cc
  42. constants.cc
  43. constants.h
  44. daemon.cc
  45. daemon.h
  46. dbus_service.cc
  47. dbus_service.h
  48. dbus_service_unittest.cc
  49. dbus_test_utils.h
  50. delta_performer.cc
  51. delta_performer.h
  52. delta_performer_integration_test.cc
  53. delta_performer_unittest.cc
  54. download_action.cc
  55. download_action.h
  56. download_action_unittest.cc
  57. error_code.h
  58. extent_writer.cc
  59. extent_writer.h
  60. extent_writer_unittest.cc
  61. fake_boot_control.h
  62. fake_clock.h
  63. fake_file_writer.h
  64. fake_hardware.h
  65. fake_p2p_manager.h
  66. fake_p2p_manager_configuration.h
  67. fake_prefs.cc
  68. fake_prefs.h
  69. fake_shill_proxy.cc
  70. fake_shill_proxy.h
  71. fake_system_state.cc
  72. fake_system_state.h
  73. file_descriptor.cc
  74. file_descriptor.h
  75. file_writer.cc
  76. file_writer.h
  77. file_writer_unittest.cc
  78. filesystem_verifier_action.cc
  79. filesystem_verifier_action.h
  80. filesystem_verifier_action_unittest.cc
  81. generate_pc_file.sh
  82. hardware.h
  83. hardware_android.cc
  84. hardware_android.h
  85. hardware_chromeos.cc
  86. hardware_chromeos.h
  87. hardware_interface.h
  88. http_common.cc
  89. http_common.h
  90. http_fetcher.cc
  91. http_fetcher.h
  92. http_fetcher_unittest.cc
  93. hwid_override.cc
  94. hwid_override.h
  95. hwid_override_unittest.cc
  96. install_plan.cc
  97. install_plan.h
  98. libcros_proxy.cc
  99. libcros_proxy.h
  100. libcurl_http_fetcher.cc
  101. libcurl_http_fetcher.h
  102. libupdate_engine-client-test.pc.in
  103. libupdate_engine-client.pc.in
  104. local_coverage_rate
  105. main.cc
  106. metrics.cc
  107. metrics.h
  108. mock_action.h
  109. mock_action_processor.h
  110. mock_certificate_checker.h
  111. mock_connection_manager.h
  112. mock_file_writer.h
  113. mock_hardware.h
  114. mock_http_fetcher.cc
  115. mock_http_fetcher.h
  116. mock_omaha_request_params.h
  117. mock_p2p_manager.h
  118. mock_payload_state.h
  119. mock_prefs.h
  120. mock_update_attempter.h
  121. MODULE_LICENSE_APACHE2
  122. mtd_file_descriptor.cc
  123. mtd_file_descriptor.h
  124. multi_range_http_fetcher.cc
  125. multi_range_http_fetcher.h
  126. NOTICE
  127. omaha_hash_calculator.cc
  128. omaha_hash_calculator.h
  129. omaha_hash_calculator_unittest.cc
  130. omaha_request_action.cc
  131. omaha_request_action.h
  132. omaha_request_action_unittest.cc
  133. omaha_request_params.cc
  134. omaha_request_params.h
  135. omaha_request_params_unittest.cc
  136. omaha_response.h
  137. omaha_response_handler_action.cc
  138. omaha_response_handler_action.h
  139. omaha_response_handler_action_unittest.cc
  140. OWNERS
  141. p2p_manager.cc
  142. p2p_manager.h
  143. p2p_manager_unittest.cc
  144. payload_constants.cc
  145. payload_constants.h
  146. payload_state.cc
  147. payload_state.h
  148. payload_state_interface.h
  149. payload_state_unittest.cc
  150. payload_verifier.cc
  151. payload_verifier.h
  152. platform_constants.h
  153. platform_constants_android.cc
  154. platform_constants_chromeos.cc
  155. postinstall_runner_action.cc
  156. postinstall_runner_action.h
  157. postinstall_runner_action_unittest.cc
  158. prefs.cc
  159. prefs.h
  160. prefs_interface.h
  161. prefs_unittest.cc
  162. PRESUBMIT.cfg
  163. proxy_resolver.cc
  164. proxy_resolver.h
  165. real_system_state.cc
  166. real_system_state.h
  167. run_unittests
  168. sample_omaha_v3_response.xml
  169. shill_proxy.cc
  170. shill_proxy.h
  171. shill_proxy_interface.h
  172. subprocess.cc
  173. subprocess.h
  174. subprocess_unittest.cc
  175. system_state.h
  176. tar_bunzip2.gypi
  177. terminator.cc
  178. terminator.h
  179. terminator_unittest.cc
  180. test_http_server.cc
  181. test_utils.cc
  182. test_utils.h
  183. test_utils_unittest.cc
  184. testrunner.cc
  185. unittest_key.pem
  186. unittest_key2.pem
  187. update_attempter.cc
  188. update_attempter.h
  189. update_attempter_unittest.cc
  190. update_engine-client.gyp
  191. update_engine.conf
  192. update_engine.gyp
  193. update_engine.rc
  194. update_engine_client.cc
  195. update_metadata.proto
  196. UpdateEngine.conf
  197. utils.cc
  198. utils.h
  199. utils_unittest.cc
  200. WATCHLISTS
  201. zip_unittest.cc