AU: Detect and report public key verify failures, but continue updating.
Make a new OmahaEvent (Type: 14 (kTypeUpdateDownloadFinished), Result:
0 (kResultError), ErrorCode: 18
(kActionCodeDownloadPayloadPubKeyVerificationError)). This event is
sent if we have a successful download that fails public key
verification. Currently this is a non-fatal failure, but we plan to
make it fatal in future clients.
BUG=chromium-os:13341
TEST=unittests; 3 on device tests: w/o public key on device, w/ pub
key and matching download, w/ pub key and non-matching download
Change-Id: Ib6589c78449c2dfcbffa4c85ab679f7fe844584b
Review URL: http://codereview.chromium.org/6792065
diff --git a/update_attempter.cc b/update_attempter.cc
index c9ee712..f56c0d1 100644
--- a/update_attempter.cc
+++ b/update_attempter.cc
@@ -32,6 +32,7 @@
using base::TimeDelta;
using base::TimeTicks;
+using google::protobuf::NewPermanentCallback;
using std::make_pair;
using std::tr1::shared_ptr;
using std::string;
@@ -188,6 +189,21 @@
shared_ptr<DownloadAction> download_action(
new DownloadAction(prefs_, new MultiRangeHTTPFetcher(
new LibcurlHttpFetcher(GetProxyResolver()))));
+ // This action is always initially in place to warn OS vendor of a
+ // signature failure. If it's not needed, it will be told to skip.
+ shared_ptr<OmahaRequestAction> download_signature_warning(
+ new OmahaRequestAction(
+ prefs_,
+ omaha_request_params_,
+ new OmahaEvent(
+ OmahaEvent::kTypeUpdateDownloadFinished,
+ OmahaEvent::kResultError,
+ kActionCodeDownloadPayloadPubKeyVerificationError),
+ new LibcurlHttpFetcher(GetProxyResolver())));
+ download_action->set_skip_reporting_signature_fail(
+ NewPermanentCallback(download_signature_warning.get(),
+ &OmahaRequestAction::set_should_skip,
+ true));
shared_ptr<OmahaRequestAction> download_finished_action(
new OmahaRequestAction(prefs_,
omaha_request_params_,
@@ -217,6 +233,7 @@
kernel_filesystem_copier_action));
actions_.push_back(shared_ptr<AbstractAction>(download_started_action));
actions_.push_back(shared_ptr<AbstractAction>(download_action));
+ actions_.push_back(shared_ptr<AbstractAction>(download_signature_warning));
actions_.push_back(shared_ptr<AbstractAction>(download_finished_action));
actions_.push_back(shared_ptr<AbstractAction>(filesystem_verifier_action));
actions_.push_back(shared_ptr<AbstractAction>(