blob: c663208562a5f6f367add5d05689af0880680a50 [file] [log] [blame]
// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef UPDATE_ENGINE_DELTA_PERFORMER_H_
#define UPDATE_ENGINE_DELTA_PERFORMER_H_
#include <inttypes.h>
#include <string>
#include <vector>
#include <base/time/time.h>
#include <google/protobuf/repeated_field.h>
#include <gtest/gtest_prod.h> // for FRIEND_TEST
#include "update_engine/file_writer.h"
#include "update_engine/install_plan.h"
#include "update_engine/omaha_hash_calculator.h"
#include "update_engine/system_state.h"
#include "update_engine/update_metadata.pb.h"
namespace chromeos_update_engine {
class PrefsInterface;
// This class performs the actions in a delta update synchronously. The delta
// update itself should be passed in in chunks as it is received.
class DeltaPerformer : public FileWriter {
public:
enum MetadataParseResult {
kMetadataParseSuccess,
kMetadataParseError,
kMetadataParseInsufficientData,
};
static const uint64_t kDeltaVersionSize;
static const uint64_t kDeltaManifestSizeSize;
static const uint64_t kSupportedMajorPayloadVersion;
static const uint64_t kSupportedMinorPayloadVersion;
static const uint64_t kFullPayloadMinorVersion;
static const char kUpdatePayloadPublicKeyPath[];
// Defines the granularity of progress logging in terms of how many "completed
// chunks" we want to report at the most.
static const unsigned kProgressLogMaxChunks;
// Defines a timeout since the last progress was logged after which we want to
// force another log message (even if the current chunk was not completed).
static const unsigned kProgressLogTimeoutSeconds;
// These define the relative weights (0-100) we give to the different work
// components associated with an update when computing an overall progress.
// Currently they include the download progress and the number of completed
// operations. They must add up to one hundred (100).
static const unsigned kProgressDownloadWeight;
static const unsigned kProgressOperationsWeight;
DeltaPerformer(PrefsInterface* prefs,
SystemState* system_state,
InstallPlan* install_plan)
: prefs_(prefs),
system_state_(system_state),
install_plan_(install_plan),
fd_(-1),
kernel_fd_(-1),
manifest_parsed_(false),
manifest_valid_(false),
metadata_size_(0),
next_operation_num_(0),
buffer_offset_(0),
last_updated_buffer_offset_(kuint64max),
block_size_(0),
public_key_path_(kUpdatePayloadPublicKeyPath),
total_bytes_received_(0),
num_rootfs_operations_(0),
num_total_operations_(0),
overall_progress_(0),
last_progress_chunk_(0),
forced_progress_log_wait_(
base::TimeDelta::FromSeconds(kProgressLogTimeoutSeconds)) {}
// Opens the kernel. Should be called before or after Open(), but before
// Write(). The kernel file will be close()d when Close() is called.
bool OpenKernel(const char* kernel_path);
// flags and mode ignored. Once Close()d, a DeltaPerformer can't be
// Open()ed again.
int Open(const char* path, int flags, mode_t mode);
// FileWriter's Write implementation where caller doesn't care about
// error codes.
bool Write(const void* bytes, size_t count) {
ErrorCode error;
return Write(bytes, count, &error);
}
// FileWriter's Write implementation that returns a more specific |error| code
// in case of failures in Write operation.
bool Write(const void* bytes, size_t count, ErrorCode *error);
// Wrapper around close. Returns 0 on success or -errno on error.
// Closes both 'path' given to Open() and the kernel path.
int Close();
// Returns |true| only if the manifest has been processed and it's valid.
bool IsManifestValid();
// Verifies the downloaded payload against the signed hash included in the
// payload, against the update check hash (which is in base64 format) and
// size using the public key and returns ErrorCode::kSuccess on success, an
// error code on failure. This method should be called after closing the
// stream. Note this method skips the signed hash check if the public key is
// unavailable; it returns ErrorCode::kSignedDeltaPayloadExpectedError if the
// public key is available but the delta payload doesn't include a signature.
ErrorCode VerifyPayload(const std::string& update_check_response_hash,
const uint64_t update_check_response_size);
// Reads from the update manifest the expected sizes and hashes of the target
// kernel and rootfs partitions. These values can be used for applied update
// hash verification. This method must be called after the update manifest has
// been parsed (e.g., after closing the stream). Returns true on success, and
// false on failure (e.g., when the values are not present in the update
// manifest).
bool GetNewPartitionInfo(uint64_t* kernel_size,
std::vector<char>* kernel_hash,
uint64_t* rootfs_size,
std::vector<char>* rootfs_hash);
// Converts an ordered collection of Extent objects which contain data of
// length full_length to a comma-separated string. For each Extent, the
// string will have the start offset and then the length in bytes.
// The length value of the last extent in the string may be short, since
// the full length of all extents in the string is capped to full_length.
// Also, an extent starting at kSparseHole, appears as -1 in the string.
// For example, if the Extents are {1, 1}, {4, 2}, {kSparseHole, 1},
// {0, 1}, block_size is 4096, and full_length is 5 * block_size - 13,
// the resulting string will be: "4096:4096,16384:8192,-1:4096,0:4083"
static bool ExtentsToBsdiffPositionsString(
const google::protobuf::RepeatedPtrField<Extent>& extents,
uint64_t block_size,
uint64_t full_length,
std::string* positions_string);
// Returns true if a previous update attempt can be continued based on the
// persistent preferences and the new update check response hash.
static bool CanResumeUpdate(PrefsInterface* prefs,
std::string update_check_response_hash);
// Resets the persistent update progress state to indicate that an update
// can't be resumed. Performs a quick update-in-progress reset if |quick| is
// true, otherwise resets all progress-related update state. Returns true on
// success, false otherwise.
static bool ResetUpdateProgress(PrefsInterface* prefs, bool quick);
// Attempts to parse the update metadata starting from the beginning of
// |payload|. On success, returns kMetadataParseSuccess. Returns
// kMetadataParseInsufficientData if more data is needed to parse the complete
// metadata. Returns kMetadataParseError if the metadata can't be parsed given
// the payload.
MetadataParseResult ParsePayloadMetadata(const std::vector<char>& payload,
ErrorCode* error);
void set_public_key_path(const std::string& public_key_path) {
public_key_path_ = public_key_path;
}
// Returns the byte offset at which the payload version can be found.
static uint64_t GetVersionOffset();
// Returns the byte offset where the size of the manifest is stored in
// a payload. This offset precedes the actual start of the manifest
// that's returned by the GetManifestOffset method.
static uint64_t GetManifestSizeOffset();
// Returns the byte offset at which the manifest protobuf begins in a
// payload.
static uint64_t GetManifestOffset();
// Returns the size of the payload metadata, which includes the payload header
// and the manifest. Is the header was not yet parsed, returns zero.
uint64_t GetMetadataSize() const;
// If the manifest was successfully parsed, copies it to |*out_manifest_p|.
// Returns true on success.
bool GetManifest(DeltaArchiveManifest* out_manifest_p) const;
private:
friend class DeltaPerformerTest;
FRIEND_TEST(DeltaPerformerTest, IsIdempotentOperationTest);
FRIEND_TEST(DeltaPerformerTest, UsePublicKeyFromResponse);
// Appends up to |*count_p| bytes from |*bytes_p| to |buffer_|, but only to
// the extent that the size of |buffer_| does not exceed |max|. Advances
// |*cbytes_p| and decreases |*count_p| by the actual number of bytes copied,
// and returns this number.
size_t CopyDataToBuffer(const char** bytes_p, size_t* count_p, size_t max);
// If |op_result| is false, emits an error message using |op_type_name| and
// sets |*error| accordingly. Otherwise does nothing. Returns |op_result|.
bool HandleOpResult(bool op_result, const char* op_type_name,
ErrorCode* error);
// Logs the progress of downloading/applying an update.
void LogProgress(const char* message_prefix);
// Update overall progress metrics, log as necessary.
void UpdateOverallProgress(bool force_log, const char* message_prefix);
static bool IsIdempotentOperation(
const DeltaArchiveManifest_InstallOperation& op);
// Verifies that the expected source partition hashes (if present) match the
// hashes for the current partitions. Returns true if there are no expected
// hashes in the payload (e.g., if it's a new-style full update) or if the
// hashes match; returns false otherwise.
bool VerifySourcePartitions();
// Returns true if enough of the delta file has been passed via Write()
// to be able to perform a given install operation.
bool CanPerformInstallOperation(
const DeltaArchiveManifest_InstallOperation& operation);
// Checks the integrity of the payload manifest. Returns true upon success,
// false otherwise.
ErrorCode ValidateManifest();
// Validates that the hash of the blobs corresponding to the given |operation|
// matches what's specified in the manifest in the payload.
// Returns ErrorCode::kSuccess on match or a suitable error code otherwise.
ErrorCode ValidateOperationHash(
const DeltaArchiveManifest_InstallOperation& operation);
// Interprets the given |protobuf| as a DeltaArchiveManifest protocol buffer
// of the given protobuf_length and verifies that the signed hash of the
// metadata matches what's specified in the install plan from Omaha.
// Returns ErrorCode::kSuccess on match or a suitable error code otherwise.
// This method must be called before any part of the |protobuf| is parsed
// so that a man-in-the-middle attack on the SSL connection to the payload
// server doesn't exploit any vulnerability in the code that parses the
// protocol buffer.
ErrorCode ValidateMetadataSignature(const char* protobuf,
uint64_t protobuf_length);
// Returns true on success.
bool PerformInstallOperation(
const DeltaArchiveManifest_InstallOperation& operation);
// These perform a specific type of operation and return true on success.
bool PerformReplaceOperation(
const DeltaArchiveManifest_InstallOperation& operation,
bool is_kernel_partition);
bool PerformMoveOperation(
const DeltaArchiveManifest_InstallOperation& operation,
bool is_kernel_partition);
bool PerformBsdiffOperation(
const DeltaArchiveManifest_InstallOperation& operation,
bool is_kernel_partition);
// Returns true if the payload signature message has been extracted from
// |operation|, false otherwise.
bool ExtractSignatureMessage(
const DeltaArchiveManifest_InstallOperation& operation);
// Updates the hash calculator with the bytes in |buffer_|. Then discard the
// content, ensuring that memory is being deallocated. If |do_advance_offset|,
// advances the internal offset counter accordingly.
void DiscardBuffer(bool do_advance_offset);
// Checkpoints the update progress into persistent storage to allow this
// update attempt to be resumed after reboot.
bool CheckpointUpdateProgress();
// Primes the required update state. Returns true if the update state was
// successfully initialized to a saved resume state or if the update is a new
// update. Returns false otherwise.
bool PrimeUpdateState();
// Sends UMA statistics for the given error code.
void SendUmaStat(ErrorCode code);
// If the Omaha response contains a public RSA key and we're allowed
// to use it (e.g. if we're in developer mode), extract the key from
// the response and store it in a temporary file and return true. In
// the affirmative the path to the temporary file is stored in
// |out_tmp_key| and it is the responsibility of the caller to clean
// it up.
bool GetPublicKeyFromResponse(base::FilePath *out_tmp_key);
// Update Engine preference store.
PrefsInterface* prefs_;
// Global context of the system.
SystemState* system_state_;
// Install Plan based on Omaha Response.
InstallPlan* install_plan_;
// File descriptor of open device.
int fd_;
// File descriptor of the kernel device
int kernel_fd_;
std::string path_; // Path that fd_ refers to.
std::string kernel_path_; // Path that kernel_fd_ refers to.
DeltaArchiveManifest manifest_;
bool manifest_parsed_;
bool manifest_valid_;
uint64_t metadata_size_;
// Index of the next operation to perform in the manifest.
size_t next_operation_num_;
// A buffer used for accumulating downloaded data. Initially, it stores the
// payload metadata; once that's downloaded and parsed, it stores data for the
// next update operation.
std::vector<char> buffer_;
// Offset of buffer_ in the binary blobs section of the update.
uint64_t buffer_offset_;
// Last |buffer_offset_| value updated as part of the progress update.
uint64_t last_updated_buffer_offset_;
// The block size (parsed from the manifest).
uint32_t block_size_;
// Calculates the payload hash.
OmahaHashCalculator hash_calculator_;
// Saves the signed hash context.
std::string signed_hash_context_;
// Signatures message blob extracted directly from the payload.
std::vector<char> signatures_message_data_;
// The public key to be used. Provided as a member so that tests can
// override with test keys.
std::string public_key_path_;
// The number of bytes received so far, used for progress tracking.
size_t total_bytes_received_;
// The number rootfs and total operations in a payload, once we know them.
size_t num_rootfs_operations_;
size_t num_total_operations_;
// An overall progress counter, which should reflect both download progress
// and the ratio of applied operations. Range is 0-100.
unsigned overall_progress_;
// The last progress chunk recorded.
unsigned last_progress_chunk_;
// The timeout after which we should force emitting a progress log (constant),
// and the actual point in time for the next forced log to be emitted.
const base::TimeDelta forced_progress_log_wait_;
base::Time forced_progress_log_time_;
DISALLOW_COPY_AND_ASSIGN(DeltaPerformer);
};
} // namespace chromeos_update_engine
#endif // UPDATE_ENGINE_DELTA_PERFORMER_H_