receive_new_data may exit too early if the zip processor has sent all
the raw data. As a result, the last few 'new' commands will fail even
though the brotli decoder has more output in its buffer.
Restruct the code so that 'NewThreadInfo' owns the decoder state solely;
and receive_brotli_new_data is responsible for the decompression.
Also reduce the test data size to 100 blocks to avoid the test timeout.
Bug: 63802629
Test: recovery_component_test. on bullhead, apply full updates with and
w/o brotli compressed entries, apply an incremental update.
Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
Add a new writer that can decode the brotli-compressed system/vendor
new data stored in the OTA zip.
Brotli generally gives better compression rate at the cost of slightly
increased time consumption. The patch.dat is already compressed
by BZ; so there's no point to further compress it.
For the given 1.9G bullhead system image:
Size: 875M -> 787M; ~10% reduction of package size.
Time: 147s -> 153s; ~4% increase of the block_image_update execution time.
(I guess I/O takes much longer time than decompression.)
Also it takes 4 minutes to compress the system image on my local
machine, 3 more minutes than zip.
Test: recovery tests pass && apply a full OTA with brotli compressed
system/vendor.new.dat on bullhead
Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
In a rare case, a random chunk will pass both the gzip header check
and the inflation process; but fail the uncompressed length check in the
footer. This leads to a imgdiff failure. So, we should treat this chunk
as 'normal' instead of 'inflated' while generating the patch.
Bug: 63334984
Test: imgdiff generates patch successfully on previous failing images.
Change-Id: Ice84f22d3653bce9756bda91e70528c0d2f264a0
package_extract_dir() was removed in go/aog/402383, and the
corresponding UpdaterTest should be removed as well.
Bug: 62918308
Test: mma && code search
Change-Id: Ibe9c473a5d41d2fa4d26abca5684e71b104891b0
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:
$ fastboot --set-active=_a
Setting current slot to 'a'...
OKAY [ 0.023s]
finished. total time: 0.023s
$ fastboot reboot
rebooting...
finished. total time: 0.050s
$ adb wait-for-device
$ adb logcat |grep update_verifier
03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier.
Bug: None
Test: Manually tested on device using AVB bootloader.
Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
This will help us to identify the patch corruption.
Meanwhile fix a wrong size parameter passed to bspatch.
(patch->data.size() into patch->data.size() - patch_offset).
Also remove the only usage of "ApplyBSDiffPatchMem()" and inline its
Sink function for simplicity.
Bug: 37855643
Test: Prints SHA1 for corrupted patch in imgdiff_test.
Change-Id: Ibf2db8c08b0ded1409bb7c91a3547a6bf99c601d
This allows writing native tests for non-A/B update_binary_command().
Prior to this CL, it was extracting the updater to a hard-coded
location (/tmp/update_binary) that's not available under the test
environment.
Test: recovery_component_test on angler and marlin respectively.
Test: Sideload OTA packages on angler and marlin respectively.
Change-Id: I78b9cc211d90c0a16a84e94e339b65759300e2a8
run_fuse_sideload() is passing the block size as the max_read
option, so it will only handle a request that involves at most two
blocks at a time. However, the minimal allowed value was set to 1024
prior to this CL, which is inconsistent with the kernel code
(fs/fuse/inode.c) that sets it to the greater of 4096 and the passed-in
max_read option. This would fail the calls with a block size / max_read
less than 4096 due to the wrongly computed block indices.
Note that we didn't observe real issue in practice, because we have been
using 64 KiB block sizes for both of adb and sdcard sideload calls. The
issue only shows up in my local CL (to come later) that uses 1024 block
size in run_fuse_sideload() tests.
Test: recovery_component_test
Test: adb sideload with the new recovery image on angler
Change-Id: Id9f0cfea13d0d193dcb7cd41a1553a23739545f2
The SpaceMode (applypatch -s) was used in amend script (cupcake) only,
which has been removed since commit
9ce2ebf5d300eba5f6086583b0941ef68a3e4b42 (platform/build). The later
(and current) edify script uses apply_patch_space().
Note that other modes (PatchMode, CheckMode) of applypatch executable
are mostly used by install-recovery.sh script.
Test: No active user of "applypatch -s".
Test: recovery_component_test
Change-Id: I1d689b7fedd3884077e88ed1d6c22f7a2198859d
ApplyPatchFullTest and ApplyPatchDoubleCacheTest were used for defining
testcases for file-based OTA. The testcases have already been removed by
commit 40e144dae8. This CL removes the
obsolete class defnitions.
Bug: 37559618
Test: recovery_component_test on angler and marlin respectively.
Change-Id: I3f4f1dfc8580cf010365e671de256f68bbc0d99a
This now covers the actual calls to libvintf, and asserts we're getting
identical results through verify_package_compatibility() and by calling
libvintf directly.
We were missing the coverage and introduced the double free bug (fixed
by commit f978278995).
Bug: 37413730
Test: recovery_component_test passes.
Test: recovery_component_test fails w/o commit
f978278995.
Change-Id: If5195ea1c583fd7c440a1de289da82145e80e23c
The libvintf API has landed. Hook up to do the actual verification.
Bug: 36597505
Test: recovery_component_test
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that contain dummy compatibility entries.
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that don't contain any compatibility entries.
Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f
(cherry picked from commit da320ac6ab)
Expose update_binary_command() through private/install.h for testing
purpose.
Also make minor clean-ups to install.cpp: a) adding more verbose logging
on ExtractToMemory failures; b) update_binary_command() taking
std::string instead of const char*; c) moving a few macro and global
constants into update_binary_command().
Bug: 37300957
Test: recovery_component_test on marlin
Test: Build new recovery and adb sideload on angler and sailfish.
Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
verify_package_compatibility() is added to parse the compatibility entry
(compatibility.zip) in a given OTA package. If entry is present, the
information is sent to libvintf to check the compatibility.
This CL doesn't actually call libvintf, since the API there is not
available yet.
Bug: 36597505
Test: Doesn't break the install with existing packages (i.e. w/o the
compatibility entry).
Test: recovery_component_test
Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
(cherry picked from commit 62e0bc7586)
Right now the update stuck in a deadlock if there's less new data than
expection. Add some checkers and abort the update if such case happens.
Also add a corresponding test.
Bug: 36787146
Test: update aborts correctly on bullhead && recovery_component_test passes
Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
Since commit fb00d82f32 has added
get_bootloader_message_blk_device() as an API, switch the tests-local
implementation to it.
Test: recovery_component_test on angler.
Test: recovery_component_test on a local build that doesn't have /misc.
Change-Id: I4f5f542cb9ef58292c587a677da73d8822db7262
This CL makes the following changes to RangeSet:
- Uses std::pair<size_t, size_t> to represent a Range;
- Uses std::vector<Range> to represent a RangeSet;
- Provides const iterators (forward and reverse);
- Provides const accessor;
- 'blocks()' returns the number of blocks (formerly 'size');
- 'size()' returns the number of Range's (formerly 'count').
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
Also move RangeSet into a header file to make it testable, and add unit
tests.
In RangeSet::Parse() (the former parse_range()), use libbase logging to
do assertions. This has the same effect as the previous
exit(EXIT_FAILURE) to terminate the updater process and abort an update.
The difference lies in the exit status code (i.e. WEXITSTATUS(status) in
install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0.
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
Per the comment in build/make/core/base_rules.mk:
Ninja has an implicit dependency on the command being run, and kati will
regenerate the ninja manifest if any read makefile changes, so there is no
need to have dependencies on makefiles.
Test: mmma bootable/recovery
Change-Id: I27b97df10d40f39ad966be70b33811175a665439
Also factor out the common parts in {setup,clear}_bcb into a separate
function.
Test: recovery_component_test
Change-Id: I7b95cced925c8135e020dcb791ca2425d4f28449
Mostly for applypatch family APIs like ApplyBSDiffPatch() and
ApplyImagePatch(). Changing to size_t doesn't indicate they would
necessarily work with very large size_t (e.g. > ssize_t), just
similar to write(2). But otherwise accepting negative length doesn't
make much sense.
Also change the return type of SinkFn from ssize_t to size_t. Callers
tell a successful sink by comparing the number of written bytes against
the desired value. Negative return values like -1 are not needed. This
also makes it consistent with bsdiff::bspatch interface.
Test: recovery_component_test
Test: Apply an incremental with the new updater.
Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
For the BadPackage tests from VerifierTest: one alters the footer, and
the other alters the metadata. Move the two tests to be based on
otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also
construct the testdata files dynamically (to save the space and for
better readability).
Test: recovery_component_test
Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc
Switch the locale header in the png files from Locale.toString() to
Locale.toLanguageTag(). For example, en_US --> en-us and sr__#Latn
--> sr-Latn. Also clean up recovery a bit to expect the new locale
format.
Bug: 35215015
Test: sr-Latn shows correctly under graphic tests && recovery tests pass
Change-Id: Ic62bab7756cdc6e5f98f26076f7c2dd046f811db
It's valid to provide only 1 argument to apply_patch_check(). We
shouldn't fail the argument parsing.
Bug: 36541737
Test: recovery_component_test passes.
Test: recovery_component_test captures the failure without the fix.
Test: The previously failed update applies successfully.
Change-Id: Iee4c54ed33b877fc4885945b085341ec5c64f663
And switch them to std::vector & std::unique_ptr
Bug: 32117870
Test: recovery tests passed on sailfish
Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
We should not touch any data while verifying packages (or parsing the
in-memory ASN.1 structures).
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Test: recovery_unit_test passes.
Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
A follow-up to commit 5e535014dd.
Also clean up Android.mk, since libverifier no longer needs anything
from libminui.
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
