Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / bb8e999e212f339a61a55dc91d7572c6b993e852^! / .
commitbb8e999e212f339a61a55dc91d7572c6b993e852[log] [tgz]
authorKelvin Zhang <zhangkelvin@google.com>Mon Dec 28 10:28:48 2020 -0500
committerKelvin Zhang <zhangkelvin@google.com>Mon Jan 04 18:54:00 2021 -0500
treeed0c2cf00d663e01b1ca013e01f66a8dc094a99a
parentcf4600e1582f3001a26b4430a5ffbfe23b3ff4d1 [diff]
Move signature persistence to CheckpointUpdateProgress

After update_engine extracts the signature, it immediately saves it to
disk. However, if the signature is saved but subsequent update
checkpoint isn't saved for some reason, resume will fail. Therefore we
move the signature saving logic to CheckpointUpdateProgress()

Test: treehugger
Bug: 176087961
Change-Id: Iccb6854eaf07c7b81272376e685df43015ea46e2

diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index 08118d8..b06d04e 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc

@@ -979,20 +979,6 @@
   signatures_message_data_.assign(
       buffer_.begin(), buffer_.begin() + manifest_.signatures_size());
 
-  // Save the signature blob because if the update is interrupted after the
-  // download phase we don't go through this path anymore. Some alternatives
-  // to consider:
-  //
-  // 1. On resume, re-download the signature blob from the server and
-  // re-verify it.
-  //
-  // 2. Verify the signature as soon as it's received and don't checkpoint the
-  // blob and the signed sha-256 context.
-  LOG_IF(WARNING,
-         !prefs_->SetString(kPrefsUpdateStateSignatureBlob,
-                            signatures_message_data_))
-      << "Unable to store the signature blob.";
-
   LOG(INFO) << "Extracted signature data of size "
             << manifest_.signatures_size() << " at "
             << manifest_.signatures_offset();
@@ -1425,6 +1411,21 @@
   if (last_updated_operation_num_ != next_operation_num_ || force) {
     // Resets the progress in case we die in the middle of the state update.
     ResetUpdateProgress(prefs_, true);
+    if (!signatures_message_data_.empty()) {
+      // Save the signature blob because if the update is interrupted after the
+      // download phase we don't go through this path anymore. Some alternatives
+      // to consider:
+      //
+      // 1. On resume, re-download the signature blob from the server and
+      // re-verify it.
+      //
+      // 2. Verify the signature as soon as it's received and don't checkpoint
+      // the blob and the signed sha-256 context.
+      LOG_IF(WARNING,
+             !prefs_->SetString(kPrefsUpdateStateSignatureBlob,
+                                signatures_message_data_))
+          << "Unable to store the signature blob.";
+    }
     TEST_AND_RETURN_FALSE(prefs_->SetString(
         kPrefsUpdateStateSHA256Context, payload_hash_calculator_.GetContext()));
     TEST_AND_RETURN_FALSE(