During block verification, load stash reads from the source blocks on
the device instead of the stashed files. And for interrupted update,
it's pretty common that the source blocks has already been overwritten
by subsequent commands.
In that case the hash printing is mostly useless. Moreover we should have
already printed the hash when the first update failed.
Bug: 80241799
Test: Unit tests pass. No longer prints mismatching stashed source blocks on retry.
Change-Id: I4effe684280b0325199f6cc4b2cc26e91295c2d7
Additionally checks for excess args when parsing ERASE, FREE, NEW, STASH
and ZERO. Note that the check for MOVE, BSDIFF, IMGDIFF has been covered
in Command::ParseTargetInfoAndSourceInfo.
Test: Run recovery_unit_test on marlin.
Change-Id: Ic8bc9b7a8dcf98f1f8db2e259607564508726857
The added codes are not used in the updater yet. The switch will happen
in subsequent CLs.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I1ae8a233280f02c2171b43ef028bdccdacb39c59
The two utilities are now converted to dynamic executables as shared
libraries are supported in recovery mode.
As part of the conversion, their location has moved from /sbin to
/system/bin. Reflect the change in the program 'recovery'
Bug: 79146551
Test: adb reboot recovery, and select 'Wipe data/factory reset'. The
data partition is formatted and there is no selinux denial.
Change-Id: Ie7cfc4c50ab1e6767e4a5170533ccf826ec7d7f3
This avoids leaving the created new data writer thread unjoined, in the
presence of transfer list parsing errors, or the early exit case on
`total_blocks == 0`.
Also fix a minor issue when dumping the errno on pthread_create error
(pthread_create returns the error number, as opposed to setting errno).
Test: Run recovery_component_test on marlin.
Change-Id: Icfac27fef0c64736eb8c76264da73c223b4960cb
As suggested by the style guide
(https://google.github.io/styleguide/cppguide.html#Reference_Arguments),
all parameters passed by reference must be labeled const. This CL moves
most of the non-const references in blockimg.cpp to pointers, except for
the CommandParameters& parameter in PerformCommand* functions, which
will be handled in separate CLs.
Test: mmma -j bootable/recovery
Test: Run recovery_component_test on marlin.
Change-Id: I84299208e9a1699f5381fb2228d4120f0c8dacb3
This is a stress test that instantiates multiple testcases that
interrupt a BBOTA update at every transfer command. Each testcase
asserts the last_command_file after the interruption, verifies the
update resumability, then resumes the update and asserts the updated
image.
The transfer list in the testcase covers most of the transfer commands
(stash/free/move/bsdiff/zero/new), as well as some special pattern like
having duplicate stash ids.
This CL also addresses one issue in the updater code, by resetting the
stash_map before each run. The stash map should be valid only per
block_image_verify/block_image_update run. Having leftover may cause
issue in subsequent runs, in particular when calling block_image_verify
after a previous run of block_image_{update,verify}.
Test: Run recovery_component_test on marlin.
Change-Id: I6f9a0368d194a754ce41a9c9819c6d5be2657248
None of the callers actually uses the value.
(Even in the earlier versions, e.g. the one in M, the value wasn't used
either.)
Test: Run recovery_component_test on marlin.
Change-Id: I53e61a1afa211f71a200889ed3aa4046763b46ea
Move the commands map parsing out of PerformBlockImageUpdate(), as this
can be done more easily by the caller.
The goal (not done in this CL) is to decouple command parsing logic from
the performers. This allows (a) focusing on the command logic in the
performer; and (b) extending BBOTA commands syntax separately.
Test: Run recovery_unit_test and recovery_component_test.
Change-Id: Ife202398a7660b152d84a3ba17b90f93d19c55f2
This avoids the signedness issue, and makes the code more readable.
Test: mmma bootable/recovery
Test: Run recovery_component_test.
Change-Id: I01c3a0357887cfd7c9d4aba4239ef650cfa18388
It no longer needs to be conditional, as we've removed the support for
BBOTA v1/v2.
Test: mmma bootable/recovery
Change-Id: I881de8afa38cc5b41b48e6d48d85170699ea5eb4
The last command file has the last executed stash command by convention.
So we should update the file after we actually finishes executing the command;
instead of after loading src/tgt.
Bug: 79756267
Test: unit tests pass
Change-Id: I4535b5836e7eb13b3abe3d02f9f362ec5e9ec969
We cannot skip "new" commands while resuming an update with
last_command_file, because they read in the data sequentially from the
package.
Bug: 69858743
Test: Interrupt an update that has new commands. Check the update log.
Change-Id: I05fb67246f5ea3ba2a0f78f10255c0d9b0bc2f5a
Prior to the change, the BBOTA updater would try to re-run all the
commands for a given partition on retry, including creating stashes
according to the list of commands. This could fail a retry when the
previous update had moved on to next stage, with leftovers in /cache.
This CL creates a marker on /cache upon successfully updating a
partition. The update commands will be skipped when trying to apply
updates on an updated partition. Note that the marker is expected to be
removed while doing a normal boot (in particular, handled by
RecoverySystem#handleAftermath). If that didn't happen, the updater
would also remove the marker before starting next fresh update.
Alternatively, we can achieve the same goal by changing the OTA script,
which needs to additionally compare the checksum against the target
build. For example,
range_sha1("/system", "ranges") == SHA1_of_updated_system ||
block_image_update("/system");
The downside is that we need to pay that cost on each install, as the
edify script doesn't support caching the result in a variable.
Bug: 79165963
Test: Simulate the process on device (by triggering a reboot while
updating /vendor). Check the update log and result.
Change-Id: I731031fa336133e1221b33edfc469969706e8091
This breaks the dependency on common.h (which belongs to
recovery/librecovery) from librecovery_ui. reboot() is now owned by
libotautil, which is expected to be a leaf node to be depended on.
With the change, recovery and updater also share the same reboot() code
now.
Test: mmma -j bootable/recovery
Change-Id: I1cc5d702cfe49302048db33d31c9c87ddc97ac71
Export its header (mounts.h) from there, and drop the dot dot dependency
from libupdater / updater.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
We have a general need for overriding more paths (e.g. "/tmp"), mostly
for testing purpose. Rename CacheLocation to Paths, and use that to
manage TEMPORARY_{INSTALL,LOG}_FILE.
Test: mmma -j bootable/recovery
Test: recovery_component_test
Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
As they're accepting the SinkFn callback, it makes more sense to leave
the work to their callers.
Test: mmma -j bootable/recovery
Test: Run recovery_component_test on marlin.
Test: No other active user of the two functions.
Change-Id: I8d67b38ce037925442296f136b483e0c71983777
The total sectors that we want to format is used in different meanings from
various users. This notifies its size based on 512 bytes explicitly.
Bug: 76407663
Change-Id: I20687b40a1733d3b459a45f8b64a338c37a7bc95
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
