Update GPG verification always fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
android (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Since the GPG validation in recovery is now working correctly, I noticed another bug in system-
The bad code is probably:
if ! verify_signature device-signing /cache/recovery/$2 && \
! verify_signature image-signing /cache/recovery/$2; then
This should probably be $3 instead of $2.
I tested this with $3 and updates were applied correctly instead of showing "Invalid signature". However, I haven't tested the opposite, i.e. if it discards updates with bad signature.
Status changed to 'Confirmed' because the bug affects multiple users.