devserver: deprecate payload signing
There is not gonna be use case for this feature anymore. We are not
supposed to generate or sign payloads with devserver so this should be
cut off.
BUG=chromium:872441
TEST=unittest
TEST=start_devserver
Change-Id: I88599d666f27b683a311d690e7822a81079e47aa
Reviewed-on: https://chromium-review.googlesource.com/1595104
Tested-by: Amin Hassani <ahassani@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Congbin Guo <guocb@chromium.org>
diff --git a/autoupdate.py b/autoupdate.py
index ec9d8d6..1f259bf 100644
--- a/autoupdate.py
+++ b/autoupdate.py
@@ -147,8 +147,6 @@
through.
board: board for the image. Needed for pre-generating of updates.
copy_to_static_root: copies images generated from the cache to ~/static.
- private_key: path to private key in PEM format.
- private_key_for_metadata_hash_signature: path to private key in PEM format.
public_key: path to public key in PEM format.
critical_update: whether provisioned payload is critical.
remote_payload: whether provisioned payload is remotely staged.
@@ -169,8 +167,7 @@
def __init__(self, xbuddy, urlbase=None, forced_image=None, payload_path=None,
proxy_port=None, src_image='', board=None,
- copy_to_static_root=True, private_key=None,
- private_key_for_metadata_hash_signature=None, public_key=None,
+ copy_to_static_root=True, public_key=None,
critical_update=False, remote_payload=False, max_updates=-1,
host_log=False, *args, **kwargs):
super(Autoupdate, self).__init__(*args, **kwargs)
@@ -182,9 +179,6 @@
self.proxy_port = proxy_port
self.board = board or self.GetDefaultBoardID()
self.copy_to_static_root = copy_to_static_root
- self.private_key = private_key
- self.private_key_for_metadata_hash_signature = \
- private_key_for_metadata_hash_signature
self.public_key = public_key
self.critical_update = critical_update
self.remote_payload = remote_payload
@@ -316,9 +310,6 @@
if src_image:
update_command.extend(['--src_image', src_image])
- if self.private_key:
- update_command.extend(['--private_key', self.private_key])
-
_Log('Running %s', ' '.join(update_command))
subprocess.check_call(update_command)
@@ -354,16 +345,12 @@
CACHE_DIR/<dest_hash>
Delta updates:
CACHE_DIR/<src_hash>_<dest_hash>
- Signed updates (self.private_key):
- CACHE_DIR/<src_hash>_<dest_hash>+<private_key_hash>
"""
update_dir = ''
if src_image:
update_dir += common_util.GetFileMd5(src_image) + '_'
update_dir += common_util.GetFileMd5(dest_image)
- if self.private_key:
- update_dir += '+' + common_util.GetFileMd5(self.private_key)
return os.path.join(constants.CACHE_DIR, update_dir)
@@ -828,30 +815,6 @@
else:
return path_to_payload
- @staticmethod
- def _SignMetadataHash(private_key_path, metadata_hash):
- """Signs metadata hash.
-
- Signs a metadata hash with a private key. This includes padding the
- hash with PKCS#1 v1.5 padding as well as an ASN.1 header.
-
- Args:
- private_key_path: The path to a private key to use for signing.
- metadata_hash: A raw SHA-256 hash (32 bytes).
-
- Returns:
- The raw signature.
- """
- args = ['openssl', 'rsautl', '-pkcs', '-sign', '-inkey', private_key_path]
- padded_metadata_hash = ('\x30\x31\x30\x0d\x06\x09\x60\x86'
- '\x48\x01\x65\x03\x04\x02\x01\x05'
- '\x00\x04\x20') + metadata_hash
- child = subprocess.Popen(args,
- stdin=subprocess.PIPE,
- stdout=subprocess.PIPE)
- signature, _ = child.communicate(input=padded_metadata_hash)
- return signature
-
def HandleUpdatePing(self, data, label=''):
"""Handles an update ping from an update client.
@@ -940,13 +903,6 @@
_Log('Failed to process an update: %r', e)
return autoupdate_lib.GetNoUpdateResponse(protocol, appid)
- # Sign the metadata hash, if requested.
- signed_metadata_hash = None
- if self.private_key_for_metadata_hash_signature:
- signed_metadata_hash = base64.b64encode(Autoupdate._SignMetadataHash(
- self.private_key_for_metadata_hash_signature,
- base64.b64decode(metadata_obj.metadata_hash)))
-
# Include public key, if requested.
public_key_data = None
if self.public_key:
@@ -955,7 +911,7 @@
update_response = autoupdate_lib.GetUpdateResponse(
metadata_obj.sha1, metadata_obj.sha256, metadata_obj.size, url,
metadata_obj.is_delta_format, metadata_obj.metadata_size,
- signed_metadata_hash, public_key_data, protocol, appid,
+ None, public_key_data, protocol, appid,
self.critical_update)
_Log('Responding to client to use url %s to get image', url)
diff --git a/autoupdate_unittest.py b/autoupdate_unittest.py
index 903af51..98efbb3 100755
--- a/autoupdate_unittest.py
+++ b/autoupdate_unittest.py
@@ -91,26 +91,22 @@
**kwargs)
return dummy
- def testGetRightSignedDeltaPayloadDir(self):
- """Test that our directory is what we expect it to be for signed updates."""
+ def testGetRightDeltaPayloadDir(self):
+ """Test that our directory is what we expect it to be for updates."""
self.mox.StubOutWithMock(common_util, 'GetFileMd5')
- key_path = 'test_key_path'
src_image = 'test_src_image'
target_image = 'test_target_image'
src_hash = '12345'
target_hash = '67890'
- key_hash = 'abcde'
common_util.GetFileMd5(src_image).AndReturn(src_hash)
common_util.GetFileMd5(target_image).AndReturn(target_hash)
- common_util.GetFileMd5(key_path).AndReturn(key_hash)
self.mox.ReplayAll()
au_mock = self._DummyAutoupdateConstructor()
- au_mock.private_key = key_path
update_dir = au_mock.FindCachedUpdateImageSubDir(src_image, target_image)
self.assertEqual(os.path.basename(update_dir),
- '%s_%s+%s' % (src_hash, target_hash, key_hash))
+ '%s_%s' % (src_hash, target_hash))
self.mox.VerifyAll()
def testGenerateLatestUpdateImage(self):
@@ -167,9 +163,6 @@
update_image = os.path.join(cache_dir, constants.UPDATE_FILE)
with open(update_image, 'w') as fh:
fh.write('')
- metadata_hash = os.path.join(cache_dir, constants.METADATA_HASH_FILE)
- with open(metadata_hash, 'w') as fh:
- fh.write('')
common_util.IsInsideChroot().AndReturn(True)
au_mock.GenerateUpdateImageWithCache(forced_image).WithSideEffects(
@@ -270,9 +263,6 @@
update_gz = os.path.join(new_image_dir, constants.UPDATE_FILE)
with open(update_gz, 'w') as fh:
fh.write('')
- metadata_hash = os.path.join(new_image_dir, constants.METADATA_HASH_FILE)
- with open(metadata_hash, 'w') as fh:
- fh.write('')
common_util.GetFileSha1(os.path.join(
new_image_dir, 'update.gz')).AndReturn(self.sha1)
diff --git a/devserver.py b/devserver.py
index 7d67065..5aa2f25 100755
--- a/devserver.py
+++ b/devserver.py
@@ -1761,16 +1761,6 @@
metavar='NUM', default=-1, type='int',
help='maximum number of update checks handled positively '
'(default: unlimited)')
- group.add_option('--private_key',
- metavar='PATH', default=None,
- help='path to the private key in pem format. If this is set '
- 'the devserver will generate update payloads that are '
- 'signed with this key.')
- group.add_option('--private_key_for_metadata_hash_signature',
- metavar='PATH', default=None,
- help='path to the private key in pem format. If this is set '
- 'the devserver will sign the metadata hash with the given '
- 'key and transmit in the Omaha-style XML response.')
group.add_option('--public_key',
metavar='PATH', default=None,
help='path to the public key in pem format. If this is set '
@@ -1956,9 +1946,6 @@
src_image=options.src_image,
board=options.board,
copy_to_static_root=not options.exit,
- private_key=options.private_key,
- private_key_for_metadata_hash_signature=(
- options.private_key_for_metadata_hash_signature),
public_key=options.public_key,
critical_update=options.critical_update,
remote_payload=options.remote_payload,
