Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / update_engine / b552a68af39efa42d462a9272d3dc47eb39c6db8^! / . / payload_generator / generate_delta_main.cc
commitb552a68af39efa42d462a9272d3dc47eb39c6db8[log] [tgz]
authorAlex Deymo <deymo@google.com>Wed Sep 30 09:36:49 2015 -0700
committerAlex Deymo <deymo@google.com>Wed Sep 30 18:38:05 2015 +0000
tree53faa7503c8acb0ffcf28fbc881fe3aee86fdc20
parent05322879380a15f7042f4023b4ce4fec4b8bf50b [diff] [blame]
Check all signatures regardless of the version.

The update_engine daemon had a fixed version number for the public key
used to verify both the metadata and whole payload signatures. The
public key itself is installed by the signer, implying that the source
code and the signer need to be in sync if we ever need to roll the
payload key.

This situation becomes more of a problem if we don't control when the
version number included in the source code is updated in the built
image sent for payload generation and signing.

This patch makes update_engine ignore the version number associated
with a signature and instead tries to verify all the signatures
included in the payload against the public key found in the code. This
effectively deprecates the key version number. To be compatible with
old versions, the version number 1 is included in all signatures.

Bug: 23601118
Test: Added unittests.

Change-Id: I4f96cc207ad6b9c011def5ce586d0e0e85af28ab

diff --git a/payload_generator/generate_delta_main.cc b/payload_generator/generate_delta_main.cc
index d38c5c5..a600c9c 100644
--- a/payload_generator/generate_delta_main.cc
+++ b/payload_generator/generate_delta_main.cc

@@ -171,15 +171,13 @@
 }
 
 void VerifySignedPayload(const string& in_file,
-                         const string& public_key,
-                         int public_key_version) {
+                         const string& public_key) {
   LOG(INFO) << "Verifying signed payload.";
   LOG_IF(FATAL, in_file.empty())
       << "Must pass --in_file to verify signed payload.";
   LOG_IF(FATAL, public_key.empty())
       << "Must pass --public_key to verify signed payload.";
-  CHECK(PayloadVerifier::VerifySignedPayload(in_file, public_key,
-                                             public_key_version));
+  CHECK(PayloadVerifier::VerifySignedPayload(in_file, public_key));
   LOG(INFO) << "Done verifying signed payload.";
 }
 
@@ -241,9 +239,8 @@
                 "Path to output metadata hash file");
   DEFINE_string(private_key, "", "Path to private key in .pem format");
   DEFINE_string(public_key, "", "Path to public key in .pem format");
-  DEFINE_int32(public_key_version,
-               chromeos_update_engine::kSignatureMessageCurrentVersion,
-               "Key-check version # of client");
+  DEFINE_int32(public_key_version, -1,
+               "DEPRECATED. Key-check version # of client");
   DEFINE_string(prefs_dir, "/tmp/update_engine_prefs",
                 "Preferences directory, used with apply_delta");
   DEFINE_string(signature_size, "",
@@ -344,8 +341,9 @@
     return 0;
   }
   if (!FLAGS_public_key.empty()) {
-    VerifySignedPayload(FLAGS_in_file, FLAGS_public_key,
-                        FLAGS_public_key_version);
+    LOG_IF(WARNING, FLAGS_public_key_version != -1)
+        << "--public_key_version is deprecated and ignored.";
+    VerifySignedPayload(FLAGS_in_file, FLAGS_public_key);
     return 0;
   }
   if (!FLAGS_in_file.empty()) {