Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_update_engine / 69bc273dceb74407b5b051676c67da8640d27e20
commit69bc273dceb74407b5b051676c67da8640d27e20[log] [tgz]
authorDavid Zeuthen <zeuthen@chromium.org>Tue Nov 26 16:08:21 2013 -0800
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Fri Dec 06 04:20:21 2013 +0000
treedf779480cf3c30556ad3986d47502b9ec495b899
parentb8dd1d9e78c0ce14268aa38e472c0ee7a0e53bc5 [diff]
Delete p2p file if metadata or payload verification fails.

Currently, if metadata or payload verification fails we don't delete
the p2p file. In the payload verification case, this is especially
problematic as other devices may pick up the bad (and complete)
payload still being shared, fail themselves, and then continue to
propagate the badness. The metadata verification case is slightly less
bad, since we only leave a .tmp file around in /var/cache/p2p.

Note that this problem never manifest itself unless someone
deliberately injects a bad payload. The severity is additionally
mitigated by the fact that p2p will turn itself off after ten update
attempts or two wall-clock days, whichever comes first.

I noticed this while working on CL:177631.

This CL fixes the problem. I verified the fix by serving a payload in
the following way:

Fail metadata verification:

 $ ./devserver.py --test_image                  \
     --private_key                              \
       ../update_engine/unittest_key.pem        \
     --private_key_for_metadata_hash_signature  \
       ../update_engine/unittest_key.pem        \
     --public_key                               \
       ../update_engine/unittest_key2.pub.pem

Fail payload verification:

 $ ./devserver.py --test_image                  \
     --private_key                              \
       ../update_engine/unittest_key.pem        \
     --private_key_for_metadata_hash_signature  \
       ../update_engine/unittest_key2.pem       \
     --public_key                               \
       ../update_engine/unittest_key2.pub.pem

to a device with p2p enabled and ensured that the p2p files were
deleted on failure.

BUG=chromium:323733
TEST=Manually tested, see above.

Change-Id: Ieb439972f5415727920ff5b0c22dbb86503f911c
Reviewed-on: https://chromium-review.googlesource.com/178132
Reviewed-by: Chris Sosa <sosa@chromium.org>
Commit-Queue: David Zeuthen <zeuthen@chromium.org>
Tested-by: David Zeuthen <zeuthen@chromium.org>
1 file changed
tree: df779480cf3c30556ad3986d47502b9ec495b899
  1. .gitignore
  2. 99-gpio-dutflag.rules
  3. action.h
  4. action_mock.h
  5. action_pipe.h
  6. action_pipe_unittest.cc
  7. action_processor.cc
  8. action_processor.h
  9. action_processor_mock.h
  10. action_processor_unittest.cc
  11. action_unittest.cc
  12. build
  13. bzip.cc
  14. bzip.h
  15. bzip_extent_writer.cc
  16. bzip_extent_writer.h
  17. bzip_extent_writer_unittest.cc
  18. certificate_checker.cc
  19. certificate_checker.h
  20. certificate_checker_mock.h
  21. certificate_checker_unittest.cc
  22. chrome_browser_proxy_resolver.cc
  23. chrome_browser_proxy_resolver.h
  24. chrome_browser_proxy_resolver_unittest.cc
  25. clock.cc
  26. clock.h
  27. clock_interface.h
  28. connection_manager.cc
  29. connection_manager.h
  30. connection_manager_unittest.cc
  31. constants.cc
  32. constants.h
  33. cycle_breaker.cc
  34. cycle_breaker.h
  35. cycle_breaker_unittest.cc
  36. dbus_constants.h
  37. dbus_interface.h
  38. dbus_service.cc
  39. dbus_service.h
  40. delta_diff_generator.cc
  41. delta_diff_generator.h
  42. delta_diff_generator_unittest.cc
  43. delta_performer.cc
  44. delta_performer.h
  45. delta_performer_unittest.cc
  46. download_action.cc
  47. download_action.h
  48. download_action_unittest.cc
  49. error_code.h
  50. extent_mapper.cc
  51. extent_mapper.h
  52. extent_mapper_unittest.cc
  53. extent_ranges.cc
  54. extent_ranges.h
  55. extent_ranges_unittest.cc
  56. extent_writer.cc
  57. extent_writer.h
  58. extent_writer_unittest.cc
  59. fake_clock.h
  60. fake_hardware.h
  61. fake_p2p_manager.h
  62. fake_p2p_manager_configuration.h
  63. file_descriptor.cc
  64. file_descriptor.h
  65. file_writer.cc
  66. file_writer.h
  67. file_writer_mock.h
  68. file_writer_unittest.cc
  69. filesystem_copier_action.cc
  70. filesystem_copier_action.h
  71. filesystem_copier_action_unittest.cc
  72. filesystem_iterator.cc
  73. filesystem_iterator.h
  74. filesystem_iterator_unittest.cc
  75. full_update_generator.cc
  76. full_update_generator.h
  77. full_update_generator_unittest.cc
  78. gen_coverage_html
  79. generate_delta_main.cc
  80. gpio_handler.cc
  81. gpio_handler.h
  82. gpio_handler_unittest.cc
  83. gpio_handler_unittest.h
  84. gpio_mock_file_descriptor.cc
  85. gpio_mock_file_descriptor.h
  86. gpio_mock_udev_interface.cc
  87. gpio_mock_udev_interface.h
  88. graph_types.h
  89. graph_utils.cc
  90. graph_utils.h
  91. graph_utils_unittest.cc
  92. hardware.cc
  93. hardware.h
  94. hardware_interface.h
  95. http_common.cc
  96. http_common.h
  97. http_fetcher.cc
  98. http_fetcher.h
  99. http_fetcher_unittest.cc
  100. inherit-review-settings-ok
  101. install_plan.cc
  102. install_plan.h
  103. libcurl_http_fetcher.cc
  104. libcurl_http_fetcher.h
  105. LICENSE
  106. local_coverage_rate
  107. main.cc
  108. marshal.list
  109. metadata.cc
  110. metadata.h
  111. metadata_unittest.cc
  112. mock_connection_manager.h
  113. mock_dbus_interface.h
  114. mock_file_writer.h
  115. mock_gpio_handler.h
  116. mock_hardware.h
  117. mock_http_fetcher.cc
  118. mock_http_fetcher.h
  119. mock_p2p_manager.h
  120. mock_payload_state.h
  121. mock_system_state.cc
  122. mock_system_state.h
  123. multi_range_http_fetcher.cc
  124. multi_range_http_fetcher.h
  125. omaha_hash_calculator.cc
  126. omaha_hash_calculator.h
  127. omaha_hash_calculator_unittest.cc
  128. omaha_request_action.cc
  129. omaha_request_action.h
  130. omaha_request_action_unittest.cc
  131. omaha_request_params.cc
  132. omaha_request_params.h
  133. omaha_request_params_unittest.cc
  134. omaha_response.h
  135. omaha_response_handler_action.cc
  136. omaha_response_handler_action.h
  137. omaha_response_handler_action_unittest.cc
  138. org.chromium.UpdateEngine.service
  139. p2p_manager.cc
  140. p2p_manager.h
  141. p2p_manager_unittest.cc
  142. payload_signer.cc
  143. payload_signer.h
  144. payload_signer_unittest.cc
  145. payload_state.cc
  146. payload_state.h
  147. payload_state_interface.h
  148. payload_state_unittest.cc
  149. postinstall_runner_action.cc
  150. postinstall_runner_action.h
  151. postinstall_runner_action_unittest.cc
  152. prefs.cc
  153. prefs.h
  154. prefs_interface.h
  155. prefs_mock.h
  156. prefs_unittest.cc
  157. proxy_resolver.cc
  158. proxy_resolver.h
  159. real_system_state.h
  160. run_unittests
  161. sample_omaha_v3_response.xml
  162. SConstruct
  163. setup_dev_packages
  164. simple_key_value_store.cc
  165. simple_key_value_store.h
  166. simple_key_value_store_unittest.cc
  167. subprocess.cc
  168. subprocess.h
  169. subprocess_unittest.cc
  170. system_state.cc
  171. system_state.h
  172. tarjan.cc
  173. tarjan.h
  174. tarjan_unittest.cc
  175. terminator.cc
  176. terminator.h
  177. terminator_unittest.cc
  178. test_http_server.cc
  179. test_utils.cc
  180. test_utils.h
  181. testrunner.cc
  182. topological_sort.cc
  183. topological_sort.h
  184. topological_sort_unittest.cc
  185. udev_interface.h
  186. unittest_key.pem
  187. unittest_key2.pem
  188. update_attempter.cc
  189. update_attempter.h
  190. update_attempter_mock.h
  191. update_attempter_unittest.cc
  192. update_check_scheduler.cc
  193. update_check_scheduler.h
  194. update_check_scheduler_unittest.cc
  195. update_engine.xml
  196. update_engine_client.cc
  197. update_metadata.proto
  198. UpdateEngine.conf
  199. utils.cc
  200. utils.h
  201. utils_unittest.cc
  202. WATCHLISTS
  203. zip_unittest.cc