Executables should be in /system/bin
rather than sbin.
Bug: 78793464
Test: boot into recovery, try adb sideload
Change-Id: I194589119a099d29e56b0648f0906a5ae2aa6770
Switching to the protobuf format helps to make the care_map more
extensible. As we have such plans in the future, add the support to
parse the protobuf message in the update_verifier.
Bug: 77867897
Test: unit tests pass, update_verifier successfully verifies a care_map.pb
Change-Id: I9fe83cb4dd3cc8d6fd0260f2a47338fe142d3938
And uses the shared lib version of libbase and libfs_mgr.
Bug: 78793464
Test: `m dist`
Test: Run recovery_{unit,component}_test on marlin.
Change-Id: I750c02d0bfccd6e58fb01f641de02532ace52e00
Updates Wear Recovery UI to fix bug. Recovery UI now will
display the proper Recovery Text during progress actions above the
ProgressBarBaseline as defined in device make files.
Change-Id: Idef0cb046dd06979042ca877ba0c61e9faaedec1
Bug: 64330124
(cherry picked from commit 19f6cccdafe53e14b9cd083e69da5887028070a0)
This applies to the standalone applypatch executable
(/system/bin/applypatch on device). This executable is only used when
installing (via patching or flashing) a recovery image on non-A/B
device.
This CL removes the support for patching non-eMMC targets from
applypatch that has been deprecated as part of file-based OTA. For
patching eMMC targets, it also drops the support for accepting multiple
patches (not useful, since the source file must be fixed).
This CL needs the matching change in the same topic, which writes the
script of "/system/bin/install-recovery.sh". Note that this CL doesn't
chanage the applypatch API signatures, in order to minimize the CL size.
*BEFORE*
usage: /system/bin/applypatch [-b <bonus-file>] <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...]
or /system/bin/applypatch -c <file> [<sha1> ...]
or /system/bin/applypatch -l
Filenames may be of the form
EMMC:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:...
to specify reading from or writing to an EMMC partition.
*AFTER*
Usage:
check mode
applypatch --check EMMC:<target-file>:<target-size>:<target-sha1>
flash mode
applypatch --flash <source-file>
--target EMMC:<target-file>:<target-size>:<target-sha1>
patch mode
applypatch [--bonus <bonus-file>]
--patch <patch-file>
--target EMMC:<target-file>:<target-size>:<target-sha1>
--source EMMC:<source-file>:<source-size>:<source-sha1>
show license
applypatch --license
Bug: 110106408
Test: Run recovery_component_test and recovery_unit_test on marlin.
Test: Build a non-A/B target that has /system/bin/install-recovery.sh.
Verify that it installs recovery image successfully.
Test: Build a non-A/B target that has /system/bin/install-recovery.sh in
flashing mode. Verify that it installs recovery image successfully.
Change-Id: I71f9a71fb457e6f663e0b5511946949e65b4b78c
The getopt_long(3) implementation in Android (upstream freebsd) expects
a null-terminated array while parsing long options with required args.
if (long_options[match].has_arg == required_argument) {
optarg = nargv[optind++];
}
...
if (long_options[match].has_arg == required_argument && optarg == NULL) {
return (BADARG);
}
This seems to make sense in practice, as getopt(3) takes the first two
arguments of argc and argv that are "as passed to the main() function on
program invocation", and both of C and C++ spec say "the value of
argv[argc] shall be 0".
Prior to the CL, we may run into undefined behavior on malformed input
command line (e.g. missing arg for an option that requires one). This CL
fixes the issue by always appending a nullptr to the argument list (but
without counting that into argc).
Test: Build and boot into recovery with commands.
Change-Id: Ic6c37548f4db2f30aeabd40f387ca916eeca5392
They are doing exactly the same thing, except for the slightly different
error return value (1 vs -1).
int CacheSizeCheck(size_t bytes);
int MakeFreeSpaceOnCache(size_t bytes_needed);
This CL consolidates the two functions and uses bool as its return type.
// Checks whether /cache partition has at least 'bytes'-byte free space. Returns true immediately
// if so. Otherwise, it will try to free some space by removing older logs, checks again and
// returns the checking result.
bool CheckAndFreeSpaceOnCache(size_t bytes);
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I94a96934d2b18713f8f39ad5aa96a02c98d87963
TemporaryDir only deletes empty dirs (not done by its dtor because it
tries to keep the temporary files available on error exit).
Also change FreeCacheTest::MockFreeSpaceChecker to be static.
Test: Run recovery_unit_test on marlin. Check /data/local/tmp post-run.
Change-Id: I1bd54eb840e3094b4f22ee84c059eec2998773bf
Prior to this CL, FreeSpaceForFile() was returning `size_t`, which may
overflow on ILP32 when called on a partition with 4GiB+ free space.
Additionally, it was returning static_cast<size_t>(-1) on error, but the
caller in freecache.cpp didn't check for that.
This CL changes its return type to `int64_t`, and moves the function
into freecache.cpp since there's no external caller.
Test: Run recovery_unit_test on marlin.
Test: Code search shows no external user of FreeSpaceForFile().
Change-Id: I00f501a057726e1f1ab69f367c46c77b30f2d774
We already know the flakiness happens in bspatch, and the issue is
tracked in b/80193170.
Bug: 67849209
Test: unit tests pass
Change-Id: Ib4772b8f2f0225125096fe7407d083b5bb542cfb
It used to return a Value blob to be consumed by sha1_check() (which has
been deprecated). Currently there's no other generic updater function
that works with BLOB Values. This CL changes read_file() to return a
string Value to make it more useful (e.g. allowing equality check).
Test: Run recovery_component_test and recovery_unit_test on marlin.
Change-Id: Iba986ba649030112babefe898f26aa9ffe69eeb7
Also simplify the helper function expect() in {edify,updater}_test.cpp.
Test: Run recovery_component_test on marlin.
Change-Id: If54febba4b5013f6d71546318a1ca6b635204ac8
Test: mmma -j bootable/recovery
Test: Run recovery_component_test and recovery_unit_test on marlin.
Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
Also fix an error-pone behavior in previous code when verifying an eMMC
target. As long as it loads the partition content successfully according
to the SHAs embedded in the filename, it shouldn't further check against
the SHAs given in the second argument. Because the loaded contents
relate to a specific partition size.
For example:
apply_patch_check(
"EMMC:/boot.img:src_size:src_hash:tgt_size:tgt_hash",
"src_hash");
Assume "/boot.img" already has the desired hash of "tgt_hash", the
previous code would give wrong verification result. The issue can be
addressed by additionally listing "tgt_hash" as one of the desired SHAs
(or by applying this CL).
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I8daafdbecd083f687e24d563ab089caa25667633
Note that the code exists in debugging path only, and won't be hit
unless device has flaky flash.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I0c71adc271f08f00e3eabd9d14cd8af3186c5bae
The matching edify function has been removed from EdifyGenerator [1]. In
theory device-specific releasetools script may still use this function,
but it no longer looks useful. Because a) we should use range_sha1()
when asserting the SHA-1 hash of a block device; b) we should look into
the contents when asserting a text file.
[1] https://android-review.googlesource.com/c/platform/build/+/714104
Test: Run recovery_component_test on marlin.
Test: Code search shows no active user.
Change-Id: Id39439101534fb89cf8c5cea80a4b758c8a1a60d
This will be used for testing purpose only, replacing the previously
used "fail", to intentionally abort an update.
As we're separating the logic between commands parsing and execution,
"abort" needs to be considered as a valid command during the parsing.
Test: recovery_unit_test and recovery_component_test on marlin.
Change-Id: I47c41c423e62c41cc8515fd92f3c5959be08da02
... into unit/applypatch_test.cpp. And rename the file to
component/applypatch_modes_test.cpp.
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Ic23c4f054baa2fa0d5e8ea2fcffd22572f1f112e
If two consecutive call are made to drmModePageFlip, the second call
may fail with -EBUSY because the first flip is not completed yet.
This patch adds a wait for completion mechanism based on
drmHandleEvent.
Change-Id: Ied13ebefc7523003431b1b307bae70d1a70cb24b
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Signed-off-by: Benoit Fradin <benoit.fradin@intel.com>
During block verification, load stash reads from the source blocks on
the device instead of the stashed files. And for interrupted update,
it's pretty common that the source blocks has already been overwritten
by subsequent commands.
In that case the hash printing is mostly useless. Moreover we should have
already printed the hash when the first update failed.
Bug: 80241799
Test: Unit tests pass. No longer prints mismatching stashed source blocks on retry.
Change-Id: I4effe684280b0325199f6cc4b2cc26e91295c2d7
Additionally checks for excess args when parsing ERASE, FREE, NEW, STASH
and ZERO. Note that the check for MOVE, BSDIFF, IMGDIFF has been covered
in Command::ParseTargetInfoAndSourceInfo.
Test: Run recovery_unit_test on marlin.
Change-Id: Ic8bc9b7a8dcf98f1f8db2e259607564508726857
The added codes are not used in the updater yet. The switch will happen
in subsequent CLs.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I1ae8a233280f02c2171b43ef028bdccdacb39c59
