Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / update_engine / 21504f0a591cd15a894cad6a6a3aba44673cbf90^! / . / delta_performer.cc
commit21504f0a591cd15a894cad6a6a3aba44673cbf90[log] [tgz]
authorGilad Arnold <garnold@chromium.org>Fri May 24 08:51:22 2013 -0700
committerChromeBot <chrome-bot@google.com>Fri May 24 16:28:05 2013 -0700
treebc64872e6556733daa2b89b961f81a712e4fc14e
parentd1cd325c3135d88498483da811b594ba6b91ce42 [diff] [blame]
Revert "Revert "AU: do not copy filesystem during full updates""

This reverts commit d1cd325c3135d88498483da811b594ba6b91ce42

The problem that caused all autotests to fail with the original CL has now been rectified; lab devservers were updated to send the correct delta flag in their omaha response.

Change-Id: I664afb33f72856572baaa658cbd473c07271af36
Reviewed-on: https://gerrit.chromium.org/gerrit/56600
Reviewed-by: Gilad Arnold <garnold@chromium.org>
Tested-by: Gilad Arnold <garnold@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>

diff --git a/delta_performer.cc b/delta_performer.cc
index 360272f..5615801 100644
--- a/delta_performer.cc
+++ b/delta_performer.cc

@@ -383,6 +383,11 @@
     if (result == kMetadataParseInsufficientData) {
       return true;
     }
+
+    // Checks the integrity of the payload manifest.
+    if ((*error = ValidateManifest()) != kErrorCodeSuccess)
+      return false;
+
     // Remove protobuf and header info from buffer_, so buffer_ contains
     // just data blobs
     DiscardBufferHeadBytes(manifest_metadata_size_);
@@ -831,6 +836,30 @@
   return kErrorCodeSuccess;
 }
 
+ErrorCode DeltaPerformer::ValidateManifest() {
+  // Ensure that a full update does not contain old partition hashes, which is
+  // indicative of a delta.
+  //
+  // TODO(garnold) in general, the presence of an old partition hash should be
+  // the sole indicator for a delta update, as we would generally like update
+  // payloads to be self contained and not assume an Omaha response to tell us
+  // that. However, since this requires some massive reengineering of the update
+  // flow (making filesystem copying happen conditionally only *after*
+  // downloading and parsing of the update manifest) we'll put it off for now.
+  // See chromium-os:7597 for further discussion.
+  if (install_plan_->is_full_update &&
+      (manifest_.has_old_kernel_info() || manifest_.has_old_rootfs_info())) {
+    LOG(ERROR) << "Purported full payload contains old partition "
+                  "hash(es), aborting update";
+    return kErrorCodePayloadMismatchedType;
+  }
+
+  // TODO(garnold) we should be adding more and more manifest checks, such as
+  // partition boundaries etc (see chromium-os:37661).
+
+  return kErrorCodeSuccess;
+}
+
 ErrorCode DeltaPerformer::ValidateOperationHash(
     const DeltaArchiveManifest_InstallOperation& operation) {