1aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 2aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// Copyright (C) 2011 The Android Open Source Project 3aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 4aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// Licensed under the Apache License, Version 2.0 (the "License"); 5aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// you may not use this file except in compliance with the License. 6aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// You may obtain a copy of the License at 7aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 8aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// http://www.apache.org/licenses/LICENSE-2.0 9aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 10aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// Unless required by applicable law or agreed to in writing, software 11aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// distributed under the License is distributed on an "AS IS" BASIS, 12aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// See the License for the specific language governing permissions and 14aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// limitations under the License. 15aea4c1cea20dda7ae7e85fc8924a2d784f70d806Alex Deymo// 163defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com 173defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com#include "update_engine/omaha_response_handler_action.h" 1873058b421f91e04cc605c2a113e0010009a63594Darin Petkov 193defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com#include <string> 2073058b421f91e04cc605c2a113e0010009a63594Darin Petkov 2173058b421f91e04cc605c2a113e0010009a63594Darin Petkov#include <base/logging.h> 2275039d7397f03dff77bdf4e26398049ff88edc4cAlex Vakulenko#include <base/strings/string_util.h> 231f84723f499b3b309efac11324ed4e6c937341b6Gilad Arnold#include <policy/device_policy.h> 2473058b421f91e04cc605c2a113e0010009a63594Darin Petkov 2539910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/common/constants.h" 2639910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/common/hardware_interface.h" 2739910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/common/prefs_interface.h" 2839910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/common/utils.h" 29f6ee0163504eaf1a7cc136ba2c075d77ae2b4dd5Alex Deymo#include "update_engine/connection_manager_interface.h" 301f84723f499b3b309efac11324ed4e6c937341b6Gilad Arnold#include "update_engine/omaha_request_params.h" 3139910dcd1d68987ccee7c3031dc269233a8490bbAlex Deymo#include "update_engine/payload_consumer/delta_performer.h" 3255f50c24c2624487b803ba2f93588494cc69e523Jay Srinivasan#include "update_engine/payload_state_interface.h" 333defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com 343defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.comusing std::string; 353defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com 363defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.comnamespace chromeos_update_engine { 373defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com 386f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay SrinivasanOmahaResponseHandlerAction::OmahaResponseHandlerAction( 396f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan SystemState* system_state) 406dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo : OmahaResponseHandlerAction(system_state, 416dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo constants::kOmahaResponseDeadlineFile) {} 424dbd47eb03169faac44fce86daffef10cac94b7dGilad Arnold 434dbd47eb03169faac44fce86daffef10cac94b7dGilad ArnoldOmahaResponseHandlerAction::OmahaResponseHandlerAction( 444dbd47eb03169faac44fce86daffef10cac94b7dGilad Arnold SystemState* system_state, const string& deadline_file) 454dbd47eb03169faac44fce86daffef10cac94b7dGilad Arnold : system_state_(system_state), 464dbd47eb03169faac44fce86daffef10cac94b7dGilad Arnold got_no_update_response_(false), 47e6fc8e1c01e6b733eee45c97d47b1960d0b64f1cAlex Deymo key_path_(constants::kUpdatePayloadPublicKeyPath), 484dbd47eb03169faac44fce86daffef10cac94b7dGilad Arnold deadline_file_(deadline_file) {} 49abc7bc0f5d88f110b463191bb8384f95d3c4230aDarin Petkov 503defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.comvoid OmahaResponseHandlerAction::PerformAction() { 513defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com CHECK(HasInputObject()); 523defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com ScopedActionCompleter completer(processor_, this); 536a5b3229b44c1f81ee153829e9b501e547f29926Darin Petkov const OmahaResponse& response = GetInputObject(); 543defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com if (!response.update_exists) { 554fe15d017c145aca449c2248420c1b4ec8c23758Andrew de los Reyes got_no_update_response_ = true; 563defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com LOG(INFO) << "There are no updates. Aborting."; 573defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com return; 583defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com } 596f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan 606f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan // All decisions as to which URL should be used have already been done. So, 6153173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan // make the current URL as the download URL. 6253173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan string current_url = system_state_->payload_state()->GetCurrentUrl(); 6353173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan if (current_url.empty()) { 6453173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan // This shouldn't happen as we should always supply the HTTPS backup URL. 6553173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan // Handling this anyway, just in case. 6653173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan LOG(ERROR) << "There are no suitable URLs in the response to use."; 67d1c4d2dd3daed1d507038046c0355fbafb85260cGilad Arnold completer.set_code(ErrorCode::kOmahaResponseInvalid); 6853173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan return; 6953173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan } 7053173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan 7153173b964f6f43c89dbaba41875fcadd7077b2eaJay Srinivasan install_plan_.download_url = current_url; 72fb1020e30511825c1c39f3764f07ef237a6f668eChris Sosa install_plan_.version = response.version; 736f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan 7474b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold OmahaRequestParams* const params = system_state_->request_params(); 7574b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold PayloadStateInterface* const payload_state = system_state_->payload_state(); 768f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen 778f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen // If we're using p2p to download and there is a local peer, use it. 7874b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold if (payload_state->GetUsingP2PForDownloading() && 7974b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold !payload_state->GetP2PUrl().empty()) { 808f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen LOG(INFO) << "Replacing URL " << install_plan_.download_url 8174b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold << " with local URL " << payload_state->GetP2PUrl() 828f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen << " since p2p is enabled."; 8374b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold install_plan_.download_url = payload_state->GetP2PUrl(); 8474b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold payload_state->SetUsingP2PForDownloading(true); 858f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen } 868f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen 876f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan // Fill up the other properties based on the response. 8851dcf260754837962dd22db3b7babee181471e7dJay Srinivasan install_plan_.payload_size = response.size; 8951dcf260754837962dd22db3b7babee181471e7dJay Srinivasan install_plan_.payload_hash = response.hash; 90f4318709ff5bd808a5fb8dd360acd9b66253a24eJay Srinivasan install_plan_.metadata_size = response.metadata_size; 91f4318709ff5bd808a5fb8dd360acd9b66253a24eJay Srinivasan install_plan_.metadata_signature = response.metadata_signature; 92e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen install_plan_.public_key_rsa = response.public_key_rsa; 93738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan install_plan_.hash_checks_mandatory = AreHashChecksMandatory(response); 940406e40b8e414792cfc89ea32d57f947330964f0Darin Petkov install_plan_.is_resume = 956f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan DeltaPerformer::CanResumeUpdate(system_state_->prefs(), response.hash); 96be45bef9e283188b00e7def8967f81843669a7f1Chris Sosa if (install_plan_.is_resume) { 9774b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold payload_state->UpdateResumed(); 98be45bef9e283188b00e7def8967f81843669a7f1Chris Sosa } else { 9974b5f55e6ff608857664fe151f54d78bfe0b75bbGilad Arnold payload_state->UpdateRestarted(); 1006f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan LOG_IF(WARNING, !DeltaPerformer::ResetUpdateProgress( 1016f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan system_state_->prefs(), false)) 1020406e40b8e414792cfc89ea32d57f947330964f0Darin Petkov << "Unable to reset the update progress."; 1036f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan LOG_IF(WARNING, !system_state_->prefs()->SetString( 1046f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan kPrefsUpdateCheckResponseHash, response.hash)) 1050406e40b8e414792cfc89ea32d57f947330964f0Darin Petkov << "Unable to save the update check response hash."; 1060406e40b8e414792cfc89ea32d57f947330964f0Darin Petkov } 1074073fd6bb7dcc302f5c9e5b64d68946730c4fe82Alex Deymo install_plan_.payload_type = response.is_delta_payload 1084073fd6bb7dcc302f5c9e5b64d68946730c4fe82Alex Deymo ? InstallPayloadType::kDelta 1094073fd6bb7dcc302f5c9e5b64d68946730c4fe82Alex Deymo : InstallPayloadType::kFull; 1100406e40b8e414792cfc89ea32d57f947330964f0Darin Petkov 111763e7dbaac735da0ae802933a1015b6b7874bce2Alex Deymo install_plan_.source_slot = system_state_->boot_control()->GetCurrentSlot(); 112763e7dbaac735da0ae802933a1015b6b7874bce2Alex Deymo install_plan_.target_slot = install_plan_.source_slot == 0 ? 1 : 0; 1133defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com 114856166594771c61973856f563e622ccb7dd48aa1Alex Deymo // The Omaha response doesn't include the channel name for this image, so we 115856166594771c61973856f563e622ccb7dd48aa1Alex Deymo // use the download_channel we used during the request to tag the target slot. 116856166594771c61973856f563e622ccb7dd48aa1Alex Deymo // This will be used in the next boot to know the channel the image was 117856166594771c61973856f563e622ccb7dd48aa1Alex Deymo // downloaded from. 118856166594771c61973856f563e622ccb7dd48aa1Alex Deymo string current_channel_key = 119856166594771c61973856f563e622ccb7dd48aa1Alex Deymo kPrefsChannelOnSlotPrefix + std::to_string(install_plan_.target_slot); 120856166594771c61973856f563e622ccb7dd48aa1Alex Deymo system_state_->prefs()->SetString(current_channel_key, 121856166594771c61973856f563e622ccb7dd48aa1Alex Deymo params->download_channel()); 122856166594771c61973856f563e622ccb7dd48aa1Alex Deymo 1231c0fe79c7ef2b43946d756b54c8505d2bf48b93bJay Srinivasan if (params->to_more_stable_channel() && params->is_powerwash_allowed()) 124ae4697c073b84b260990a141acd53c6806da0708Jay Srinivasan install_plan_.powerwash_required = true; 1251c0fe79c7ef2b43946d756b54c8505d2bf48b93bJay Srinivasan 126f98bff879c8e90840582f6a60a93918465f2d8b9Andrew de los Reyes TEST_AND_RETURN(HasOutputPipe()); 1273defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com if (HasOutputPipe()) 12863b96d74b2ffe5999243ab5c33f588030bcb42ceAndrew de los Reyes SetOutputObject(install_plan_); 1293defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com LOG(INFO) << "Using this install plan:"; 13063b96d74b2ffe5999243ab5c33f588030bcb42ceAndrew de los Reyes install_plan_.Dump(); 1316a5b3229b44c1f81ee153829e9b501e547f29926Darin Petkov 1326c11864907e9a92f8069c77c08650102e0b34e0dDarin Petkov // Send the deadline data (if any) to Chrome through a file. This is a pretty 1336c11864907e9a92f8069c77c08650102e0b34e0dDarin Petkov // hacky solution but should be OK for now. 1346c11864907e9a92f8069c77c08650102e0b34e0dDarin Petkov // 135072359ca138504065e1e0c1189eb38c09576d324Alex Vakulenko // TODO(petkov): Re-architect this to avoid communication through a 136be45bef9e283188b00e7def8967f81843669a7f1Chris Sosa // file. Ideally, we would include this information in D-Bus's GetStatus 1376c11864907e9a92f8069c77c08650102e0b34e0dDarin Petkov // method and UpdateStatus signal. A potential issue is that update_engine may 1386c11864907e9a92f8069c77c08650102e0b34e0dDarin Petkov // be unresponsive during an update download. 1396dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo if (!deadline_file_.empty()) { 1406dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo utils::WriteFile(deadline_file_.c_str(), 1416dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo response.deadline.data(), 1426dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo response.deadline.size()); 1436dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo chmod(deadline_file_.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); 1446dd160ab4a0e631fdf1faf33eb7cb746ddf5ccdbAlex Deymo } 1456c11864907e9a92f8069c77c08650102e0b34e0dDarin Petkov 146d1c4d2dd3daed1d507038046c0355fbafb85260cGilad Arnold completer.set_code(ErrorCode::kSuccess); 1473defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com} 1483defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com 149738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasanbool OmahaResponseHandlerAction::AreHashChecksMandatory( 150738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan const OmahaResponse& response) { 151907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // We sometimes need to waive the hash checks in order to download from 152907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // sources that don't provide hashes, such as dev server. 153907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // At this point UpdateAttempter::IsAnyUpdateSourceAllowed() has already been 154907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // checked, so an unofficial update URL won't get this far unless it's OK to 155907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // use without a hash. Additionally, we want to always waive hash checks on 156907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // unofficial builds (i.e. dev/test images). 157907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // The end result is this: 158907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // * Base image: 159907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // - Official URLs require a hash. 160907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // - Unofficial URLs only get this far if the IsAnyUpdateSourceAllowed() 161907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // devmode/debugd checks pass, in which case the hash is waived. 162907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // * Dev/test image: 163907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell // - Any URL is allowed through with no hash checking. 164907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell if (!system_state_->request_params()->IsUpdateUrlOfficial() || 165907b4fa4009e5221f7b5f13cc03d9382e693c0c2David Pursell !system_state_->hardware()->IsOfficialBuild()) { 16602c1864e204997175302b1aebe3e0be9c6699ea5David Pursell // Still do a hash check if a public key is included. 167e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen if (!response.public_key_rsa.empty()) { 168bc27aace82f59884bd3f2d37064644037ccccfc2David Zeuthen // The autoupdate_CatchBadSignatures test checks for this string 169bc27aace82f59884bd3f2d37064644037ccccfc2David Zeuthen // in log-files. Keep in sync. 170e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen LOG(INFO) << "Mandating payload hash checks since Omaha Response " 171e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen << "for unofficial build includes public RSA key."; 172e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen return true; 173e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen } else { 17402c1864e204997175302b1aebe3e0be9c6699ea5David Pursell LOG(INFO) << "Waiving payload hash checks for unofficial update URL."; 175e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen return false; 176e7f8917f378773fbfee0b2d21f1cb6b3ba8bdcabDavid Zeuthen } 177738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan } 178738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan 1798f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen // If we're using p2p, |install_plan_.download_url| may contain a 1808f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen // HTTP URL even if |response.payload_urls| contain only HTTPS URLs. 181a3cf75a1d01aeb03d2341600ebff3db0a8316200Alex Vakulenko if (!base::StartsWith(install_plan_.download_url, "https://", 182a3cf75a1d01aeb03d2341600ebff3db0a8316200Alex Vakulenko base::CompareCase::INSENSITIVE_ASCII)) { 1838f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen LOG(INFO) << "Mandating hash checks since download_url is not HTTPS."; 1848f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen return true; 1858f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen } 1868f191b22a1a1ab2b803d65ee488729206e648695David Zeuthen 187738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan // TODO(jaysri): VALIDATION: For official builds, we currently waive hash 188738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan // checks for HTTPS until we have rolled out at least once and are confident 189738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan // nothing breaks. chromium-os:37082 tracks turning this on for HTTPS 190738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan // eventually. 1916f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan 1926f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan // Even if there's a single non-HTTPS URL, make the hash checks as 1936f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan // mandatory because we could be downloading the payload from any URL later 1946f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan // on. It's really hard to do book-keeping based on each byte being 1956f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan // downloaded to see whether we only used HTTPS throughout. 1966f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan for (size_t i = 0; i < response.payload_urls.size(); i++) { 197a3cf75a1d01aeb03d2341600ebff3db0a8316200Alex Vakulenko if (!base::StartsWith(response.payload_urls[i], "https://", 198a3cf75a1d01aeb03d2341600ebff3db0a8316200Alex Vakulenko base::CompareCase::INSENSITIVE_ASCII)) { 1996f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan LOG(INFO) << "Mandating payload hash checks since Omaha response " 2006f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan << "contains non-HTTPS URL(s)"; 2016f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan return true; 2026f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan } 203738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan } 204738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan 2056f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan LOG(INFO) << "Waiving payload hash checks since Omaha response " 2066f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan << "only has HTTPS URL(s)"; 2076f6ea00aa8c4cf54b6842be32ca1226854c24f78Jay Srinivasan return false; 208738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan} 209738fdf37c15284b60dac703408b8de19eef9c6a3Jay Srinivasan 2103defe6acb3609e70e851a6eff062577d25a2af9dadlr@google.com} // namespace chromeos_update_engine 211