Make the update installer fail when attempting to install a 64-bit update on a 32-bit-only system

chrome/installer/mac/keystone_install.sh

 #!/bin/bash -p
 
 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # usage: keystone_install.sh update_dmg_mount_point
 #
 # Called by the Keystone system to update the installed application with a new
 # version from a disk image.
@@ skipping 13 matching lines @@
 #  4  Update driven by user ticket when a system ticket is also present
 #  5  Could not prepare existing installed version to receive update
 #  6  Patch sanity check failure
 #  7  rsync failed (could not copy new versioned directory to Versions)
 #  8  rsync failed (could not update outer .app bundle)
 #  9  Could not get the version, update URL, or channel after update
 # 10  Updated application does not have the version number from the update
 # 11  ksadmin failure
 # 12  dirpatcher failed for versioned directory
 # 13  dirpatcher failed for outer .app bundle
+# 14  The update is incompatible with the system

[Nico, 2014/01/06 05:32:14]

Since that other patch mentioned something in chrome checks these update codes:
will this exit code 14 be handled by old chromes?

 #
 # The following exit codes can be used to convey special meaning to Keystone.
 # KeystoneRegistration will present these codes to Chrome as "success."
 # 66  (unused) success, request reboot
 # 77  (unused) try installation again later
 
 set -eu
 
 # http://b/2290916: Keystone runs the installation with a restrictive PATH
 # that only includes the directory containing ksadmin, /bin, and /usr/bin.  It
@@ skipping 443 matching lines @@
 # This function exists because the update process delivers new copies of
 # Info.plist files to the disk behind cfprefsd's back, and if cfprefsd becomes
 # aware of the original version of the file for any reason (such as this
 # script reading values from it via "defaults read"), the new version of the
 # file will not be immediately effective or visible via cfprefsd after the
 # update is applied.
 infoplist_read() {
   __CFPREFERENCES_AVOID_DAEMON=1 defaults read "${@}"
 }
 
+# Adjust the tag to contain the -32bit tag suffix. This is intended to be used
+# as a last resort, if sanity checks show that a non-32-bit update is about to
+# be applied to a 32-bit-only system. If this happens, it means that the
+# server delivered a non-32-bit update to a 32-bit-only system, most likely
+# because the tag was never updated to include the -32bit tag suffix.
+#
+# This mechanism takes a heavy-handed approach, clearing --tag-path and
+# --tag-key so that the channel identity will no longer follow the installed
+# application. However, it's expected that once -32bit is added to the tag,
+# the server will deliver a 32-bit update (possibly the final 32-bit version),
+# and once installed, that update will restore the --tag-path and --tag-key.
+# In any event, channel identity in this case may be moot, if 32-bit builds
+# are no longer being produced.
+#
+# This provides some resilience in the update system for old 32-bit-only
+# systems that aren't used during the window between when the -32bit tag
+# suffix begins being used and 32-bit releases end.
+mark_32_bit_only_system() {
+  local product_id="${1}"
+
+  # This step isn't critical.
+  local set_e=
+  if [[ "${-}" =~ e ]]; then
+    set_e="y"
+    set +e
+  fi
+
+  note "marking 32-bit-only system"
+
+  if ! ksadmin_supports_tagpath_tagkey; then
+    note "couldn't mark 32-bit-only system, no ksadmin support"
+    if [[ -n "${set_e}" ]]; then
+      set -e
+    fi
+    return 0
+  fi
+
+  local current_tag="$(ksadmin --productid "${product_id}" --print-tag)"
+  note "current_tag = ${current_tag}"
+
+  if grep -Eq -- '-32bit(-|$)' <<< "${current_tag}"; then
+    note "current tag already has -32bit"
+    if [[ -n "${set_e}" ]]; then
+      set -e
+    fi
+    return 0
+  fi
+
+  # This clears any other tag suffix, but that shouldn't be a problem. The
+  # only other currently-defined tag suffix component is -full, but -full and
+  # -32bit were introduced at the same time, so if -full appears, whatever set
+  # it would have already had enough knowledge to set -32bit as well, and this
+  # codepath wouldn't be entered.
+  local current_channel="$(sed -e 's/-.*//' <<< "${current_tag}")"
+  local new_tag="${current_channel}-32bit"
+  note "new_tag = ${new_tag}"
+
+  # Using ksadmin without --register only updates specified values in the
+  # ticket, without changing other existing values. Giving empty values for
+  # --tag-path and --tag-key clears those fields.
+  if ! ksadmin --productid "${product_id}" \
+               --tag "${new_tag}" --tag-path '' --tag-key ''; then
+    err "ksadmin failed to mark 32-bit-only system"
+  else
+    note "marked 32-bit-only system"
+  fi
+
+  # Go back to how things were.
+  if [[ -n "${set_e}" ]]; then
+    set -e
+  fi
+}
+
 # When a patch update fails because the old installed copy doesn't match the
 # expected state, mark_failed_patch_update updates the Keystone ticket by
 # adding "-full" to the tag. The server will see this on a subsequent update
 # attempt and will provide a full update (as opposed to a patch) to the
 # client.
 #
 # Even if mark_failed_patch_update fails to modify the tag, the user will
 # eventually be updated. Patch updates are only provided for successive
 # releases on a particular channel, to update version o to version o+1. If a
 # patch update fails in this case, eventually version o+2 will be released,
 # and no patch update will exist to update o to o+2, so the server will
 # provide a full update package.
 mark_failed_patch_update() {
   local product_id="${1}"
   local want_full_installer_path="${2}"
   local old_ks_plist="${3}"
   local old_version_app="${4}"
   local system_ticket="${5}"
 
-  set +e
+  # This step isn't critical.
+  local set_e=
+  if [[ "${-}" =~ e ]]; then
+    set_e="y"
+    set +e
+  fi
 
   note "marking failed patch update"
 
   local channel
   channel="$(infoplist_read "${old_ks_plist}" "${KS_CHANNEL_KEY}" 2> /dev/null)"
 
   local tag="${channel}"
   local tag_key="${KS_CHANNEL_KEY}"
   if has_32_bit_only_cpu; then
     tag="${tag}-32bit"
     tag_key="${tag_key}-32bit"
   fi
 
   tag="${tag}-full"
   tag_key="${tag_key}-full"
 
   note "tag = ${tag}"
   note "tag_key = ${tag_key}"
 
   # ${old_ks_plist}, used for --tag-path, is the Info.plist for the old
   # version of Chrome. It may not contain the keys for the "-full" tag suffix.
   # If it doesn't, just bail out without marking the patch update as failed.
   local read_tag="$(infoplist_read "${old_ks_plist}" "${tag_key}" 2> /dev/null)"
   note "read_tag = ${read_tag}"
   if [[ -z "${read_tag}" ]]; then
     note "couldn't mark failed patch update"
+    if [[ -n "${set_e}" ]]; then
+      set -e
+    fi
     return 0
   fi
 
   # Chrome can't easily read its Keystone ticket prior to registration, and
   # when Chrome registers with Keystone, it obliterates old tag values in its
   # ticket. Therefore, an alternative mechanism is provided to signal to
   # Chrome that a full installer is desired. If the .want_full_installer file
   # is present and it contains Chrome's current version number, Chrome will
   # include "-full" in its tag when it registers with Keystone. This allows
   # "-full" to persist in the tag even after Chrome is relaunched, which on a
@@ skipping 35 matching lines @@
   if ksadmin_supports_tagpath_tagkey; then
     ksadmin_args+=(
       --tag-path "${old_ks_plist_path}"
       --tag-key "${tag_key}"
     )
   fi
 
   note "ksadmin_args = ${ksadmin_args[*]}"
 
   if ! ksadmin "${ksadmin_args[@]}"; then
-    err "ksadmin failed"
+    err "ksadmin failed to mark failed patch update"
+  else
+    note "marked failed patch update"
   fi
 
-  note "marked failed patch update"
-
-  set -e
+  # Go back to how things were.
+  if [[ -n "${set_e}" ]]; then
+    set -e
+  fi
 }
 
 usage() {
   echo "usage: ${ME} update_dmg_mount_point" >& 2
 }
 
 main() {
   local update_dmg_mount_point="${1}"
 
   # Early steps are critical.  Don't continue past any failure.
@@ skipping 329 matching lines @@
   # Collect the installed application's brand code, it will be used later.  It
   # is not an error for the installed application to not have a brand code.
   local old_ks_plist="${installed_app_plist}"
   note "old_ks_plist = ${old_ks_plist}"
   local old_brand
   old_brand="$(infoplist_read "${old_ks_plist}" \
                               "${KS_BRAND_KEY}" 2> /dev/null ||
                true)"
   note "old_brand = ${old_brand}"
 
+  if has_32_bit_only_cpu; then
+    # On a 32-bit-only system, make sure that the update contains 32-bit code.
+    note "system is 32-bit-only"
+
+    local test_binary
+    if [[ -z "${is_patch}" ]]; then
+      # For a full installer, the framework is available, so check it for
+      # 32-bit code.
+      local old_framework_dir="${old_versioned_dir}/${FRAMEWORK_DIR}"
+      test_binary="${old_framework_dir}/${FRAMEWORK_NAME}"
+    else
+      # No application code is guaranteed to be available at this point for a
+      # patch updater, but goobspatch is built alongside and will have the
+      # same bitness of the product that this updater will install, so it's a
+      # reasonable proxy.
+      test_binary="${patch_dir}/goobspatch"
+    fi
+    note "test_binary = ${test_binary}"
+
+    if ! file "${test_binary}" | grep -q 'i386$'; then
+      err "can't install non-32-bit update on 32-bit-only system"
+      mark_32_bit_only_system "${product_id}"
+      exit 14
+    else
+      note "update will run on a 32-bit-only system"
+    fi
+  fi
+
   ensure_writable_symlinks_recursive "${installed_app}"
 
   # By copying to ${installed_app}, the existing application name will be
   # preserved, if the user has renamed the application on disk.  Respecting
   # the user's changes is friendly.
 
   # Make sure that ${installed_versions_dir} exists, so that it can receive
   # the versioned directory.  It may not exist if updating from an older
   # version that did not use the versioned layout on disk.  Later, during the
   # rsync to copy the application directory, the mode bits and timestamp on
@@ skipping 587 matching lines @@
 
 # Check "less than" instead of "not equal to" in case Keystone ever changes to
 # pass more arguments.
 if [[ ${#} -lt 1 ]]; then
   usage
   exit 2
 fi
 
 main "${@}"
 exit ${?}