Darin Petkov | 7ed561b | 2011-10-04 02:59:03 -0700 | [diff] [blame] | 1 | // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "update_engine/omaha_response_handler_action.h" |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 6 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 7 | #include <string> |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 8 | |
| 9 | #include <base/logging.h> |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame^] | 10 | #include "base/string_util.h" |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 11 | |
Darin Petkov | 0406e40 | 2010-10-06 21:33:11 -0700 | [diff] [blame] | 12 | #include "update_engine/delta_performer.h" |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 13 | #include "update_engine/prefs_interface.h" |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 14 | #include "update_engine/utils.h" |
| 15 | |
| 16 | using std::string; |
| 17 | |
| 18 | namespace chromeos_update_engine { |
| 19 | |
Darin Petkov | 6c11864 | 2010-10-21 12:06:30 -0700 | [diff] [blame] | 20 | const char OmahaResponseHandlerAction::kDeadlineFile[] = |
| 21 | "/tmp/update-check-response-deadline"; |
| 22 | |
Darin Petkov | abc7bc0 | 2011-02-23 14:39:43 -0800 | [diff] [blame] | 23 | OmahaResponseHandlerAction::OmahaResponseHandlerAction(PrefsInterface* prefs) |
| 24 | : prefs_(prefs), |
| 25 | got_no_update_response_(false), |
| 26 | key_path_(DeltaPerformer::kUpdatePayloadPublicKeyPath) {} |
| 27 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 28 | void OmahaResponseHandlerAction::PerformAction() { |
| 29 | CHECK(HasInputObject()); |
| 30 | ScopedActionCompleter completer(processor_, this); |
Darin Petkov | 6a5b322 | 2010-07-13 14:55:28 -0700 | [diff] [blame] | 31 | const OmahaResponse& response = GetInputObject(); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 32 | if (!response.update_exists) { |
Andrew de los Reyes | 4fe15d0 | 2009-12-10 19:01:36 -0800 | [diff] [blame] | 33 | got_no_update_response_ = true; |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 34 | LOG(INFO) << "There are no updates. Aborting."; |
| 35 | return; |
| 36 | } |
Andrew de los Reyes | 63b96d7 | 2010-05-10 13:08:54 -0700 | [diff] [blame] | 37 | install_plan_.download_url = response.codebase; |
Jay Srinivasan | 51dcf26 | 2012-09-13 17:24:32 -0700 | [diff] [blame] | 38 | install_plan_.payload_size = response.size; |
| 39 | install_plan_.payload_hash = response.hash; |
Jay Srinivasan | f431870 | 2012-09-24 11:56:24 -0700 | [diff] [blame] | 40 | install_plan_.metadata_size = response.metadata_size; |
| 41 | install_plan_.metadata_signature = response.metadata_signature; |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame^] | 42 | install_plan_.hash_checks_mandatory = AreHashChecksMandatory(response); |
Darin Petkov | 0406e40 | 2010-10-06 21:33:11 -0700 | [diff] [blame] | 43 | install_plan_.is_resume = |
| 44 | DeltaPerformer::CanResumeUpdate(prefs_, response.hash); |
| 45 | if (!install_plan_.is_resume) { |
Darin Petkov | 9b23057 | 2010-10-08 10:20:09 -0700 | [diff] [blame] | 46 | LOG_IF(WARNING, !DeltaPerformer::ResetUpdateProgress(prefs_, false)) |
Darin Petkov | 0406e40 | 2010-10-06 21:33:11 -0700 | [diff] [blame] | 47 | << "Unable to reset the update progress."; |
| 48 | LOG_IF(WARNING, !prefs_->SetString(kPrefsUpdateCheckResponseHash, |
| 49 | response.hash)) |
| 50 | << "Unable to save the update check response hash."; |
| 51 | } |
| 52 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 53 | TEST_AND_RETURN(GetInstallDev( |
| 54 | (!boot_device_.empty() ? boot_device_ : utils::BootDevice()), |
Andrew de los Reyes | 63b96d7 | 2010-05-10 13:08:54 -0700 | [diff] [blame] | 55 | &install_plan_.install_path)); |
| 56 | install_plan_.kernel_install_path = |
| 57 | utils::BootKernelDevice(install_plan_.install_path); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 58 | |
Andrew de los Reyes | f98bff8 | 2010-05-06 13:33:25 -0700 | [diff] [blame] | 59 | TEST_AND_RETURN(HasOutputPipe()); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 60 | if (HasOutputPipe()) |
Andrew de los Reyes | 63b96d7 | 2010-05-10 13:08:54 -0700 | [diff] [blame] | 61 | SetOutputObject(install_plan_); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 62 | LOG(INFO) << "Using this install plan:"; |
Andrew de los Reyes | 63b96d7 | 2010-05-10 13:08:54 -0700 | [diff] [blame] | 63 | install_plan_.Dump(); |
Darin Petkov | 6a5b322 | 2010-07-13 14:55:28 -0700 | [diff] [blame] | 64 | |
Darin Petkov | 6c11864 | 2010-10-21 12:06:30 -0700 | [diff] [blame] | 65 | // Send the deadline data (if any) to Chrome through a file. This is a pretty |
| 66 | // hacky solution but should be OK for now. |
| 67 | // |
| 68 | // TODO(petkov): Rearchitect this to avoid communication through a |
| 69 | // file. Ideallly, we would include this information in D-Bus's GetStatus |
| 70 | // method and UpdateStatus signal. A potential issue is that update_engine may |
| 71 | // be unresponsive during an update download. |
| 72 | utils::WriteFile(kDeadlineFile, |
| 73 | response.deadline.data(), |
| 74 | response.deadline.size()); |
| 75 | chmod(kDeadlineFile, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 76 | |
Darin Petkov | c1a8b42 | 2010-07-19 11:34:49 -0700 | [diff] [blame] | 77 | completer.set_code(kActionCodeSuccess); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 78 | } |
| 79 | |
| 80 | bool OmahaResponseHandlerAction::GetInstallDev(const std::string& boot_dev, |
| 81 | std::string* install_dev) { |
Andrew de los Reyes | f98bff8 | 2010-05-06 13:33:25 -0700 | [diff] [blame] | 82 | TEST_AND_RETURN_FALSE(utils::StringHasPrefix(boot_dev, "/dev/")); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 83 | string ret(boot_dev); |
Andrew de los Reyes | f98bff8 | 2010-05-06 13:33:25 -0700 | [diff] [blame] | 84 | string::reverse_iterator it = ret.rbegin(); // last character in string |
| 85 | // Right now, we just switch '3' and '5' partition numbers. |
| 86 | TEST_AND_RETURN_FALSE((*it == '3') || (*it == '5')); |
| 87 | *it = (*it == '3') ? '5' : '3'; |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 88 | *install_dev = ret; |
| 89 | return true; |
| 90 | } |
| 91 | |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame^] | 92 | bool OmahaResponseHandlerAction::AreHashChecksMandatory( |
| 93 | const OmahaResponse& response) { |
| 94 | // All our internal testing uses dev server which doesn't generate metadata |
| 95 | // signatures yet. So, in order not to break image_to_live or other AU tools, |
| 96 | // we should waive the hash checks for those cases. Since all internal |
| 97 | // testing is done using a dev_image or test_image, we can use that as a |
| 98 | // criteria for waiving. This criteria reduces the attack surface as |
| 99 | // opposed to waiving the checks when we're in dev mode, because we do want |
| 100 | // to enforce the hash checks when our end customers run in dev mode if they |
| 101 | // are using an official build, so that they are protected more. |
| 102 | if (!utils::IsOfficialBuild()) { |
| 103 | LOG(INFO) << "Waiving payload hash checks for unofficial builds"; |
| 104 | return false; |
| 105 | } |
| 106 | |
| 107 | // TODO(jaysri): VALIDATION: For official builds, we currently waive hash |
| 108 | // checks for HTTPS until we have rolled out at least once and are confident |
| 109 | // nothing breaks. chromium-os:37082 tracks turning this on for HTTPS |
| 110 | // eventually. |
| 111 | if (StartsWithASCII(response.codebase, "https://", false)) { |
| 112 | LOG(INFO) << "Waiving payload hash checks since Omaha response " |
| 113 | << "only has HTTPS URL(s)"; |
| 114 | return false; |
| 115 | } |
| 116 | |
| 117 | // No exceptions apply. So hash checks are mandatory, by default. |
| 118 | LOG(INFO) << "Mandating payload hash checks since Omaha response " |
| 119 | << "contains HTTP URL(s)"; |
| 120 | return true; |
| 121 | } |
| 122 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 123 | } // namespace chromeos_update_engine |