This avoids the signedness issue, and makes the code more readable.
Test: mmma bootable/recovery
Test: Run recovery_component_test.
Change-Id: I01c3a0357887cfd7c9d4aba4239ef650cfa18388
It no longer needs to be conditional, as we've removed the support for
BBOTA v1/v2.
Test: mmma bootable/recovery
Change-Id: I881de8afa38cc5b41b48e6d48d85170699ea5eb4
The last command file has the last executed stash command by convention.
So we should update the file after we actually finishes executing the command;
instead of after loading src/tgt.
Bug: 79756267
Test: unit tests pass
Change-Id: I4535b5836e7eb13b3abe3d02f9f362ec5e9ec969
We cannot skip "new" commands while resuming an update with
last_command_file, because they read in the data sequentially from the
package.
Bug: 69858743
Test: Interrupt an update that has new commands. Check the update log.
Change-Id: I05fb67246f5ea3ba2a0f78f10255c0d9b0bc2f5a
Prior to the change, the BBOTA updater would try to re-run all the
commands for a given partition on retry, including creating stashes
according to the list of commands. This could fail a retry when the
previous update had moved on to next stage, with leftovers in /cache.
This CL creates a marker on /cache upon successfully updating a
partition. The update commands will be skipped when trying to apply
updates on an updated partition. Note that the marker is expected to be
removed while doing a normal boot (in particular, handled by
RecoverySystem#handleAftermath). If that didn't happen, the updater
would also remove the marker before starting next fresh update.
Alternatively, we can achieve the same goal by changing the OTA script,
which needs to additionally compare the checksum against the target
build. For example,
range_sha1("/system", "ranges") == SHA1_of_updated_system ||
block_image_update("/system");
The downside is that we need to pay that cost on each install, as the
edify script doesn't support caching the result in a variable.
Bug: 79165963
Test: Simulate the process on device (by triggering a reboot while
updating /vendor). Check the update log and result.
Change-Id: I731031fa336133e1221b33edfc469969706e8091
This breaks the dependency on common.h (which belongs to
recovery/librecovery) from librecovery_ui. reboot() is now owned by
libotautil, which is expected to be a leaf node to be depended on.
With the change, recovery and updater also share the same reboot() code
now.
Test: mmma -j bootable/recovery
Change-Id: I1cc5d702cfe49302048db33d31c9c87ddc97ac71
Export its header (mounts.h) from there, and drop the dot dot dependency
from libupdater / updater.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: Ic26a6b9b78a34dbe1f178b138f3abaafffbec44c
We have a general need for overriding more paths (e.g. "/tmp"), mostly
for testing purpose. Rename CacheLocation to Paths, and use that to
manage TEMPORARY_{INSTALL,LOG}_FILE.
Test: mmma -j bootable/recovery
Test: recovery_component_test
Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
As they're accepting the SinkFn callback, it makes more sense to leave
the work to their callers.
Test: mmma -j bootable/recovery
Test: Run recovery_component_test on marlin.
Test: No other active user of the two functions.
Change-Id: I8d67b38ce037925442296f136b483e0c71983777
The total sectors that we want to format is used in different meanings from
various users. This notifies its size based on 512 bytes explicitly.
Bug: 76407663
Change-Id: I20687b40a1733d3b459a45f8b64a338c37a7bc95
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Otherwise the applypatch executable will fail to back up the source
file to /cache when patching the recovery image.
Bug: 74198354
Test: run applypatch from boot to recovery
Change-Id: I6e5b9cd06d6ed0b26066b779a348437ecf984b92
This class allows us to set the following locations dynamically:
cache_temp_source, last_command_file, stash_directory_base.
In the updater's main function, we reset the values of these variables
to their default locations in /cache; while we can set them to temp
files in unit tests or host simulation.
Test: unit tests pass
Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
In BlockImageVerify some commands are undefined, e.g. "erase", "new",
"zero". And we should not error out if the corresponding function
pointer of these commands is null; otherwise we will fail the
verification.
The old code is:
if (cmd->f != nullptr && cmd->f(params) == -1)
return false;
In the last_command_file change the logic was wrongly modified to
if (cmd->f == nullptr)
return false;
...
if (cmd->f(params) == -1)
return false;
Test: sideload an incremental OTA twice on bullhead
Change-Id: I2561c365badb850da0e416629ccd61f0df7da5d7
There is no logical change to the file; merely the function definition
reorder and some comestic change to make the future review easier.
Test: mma
Change-Id: I7ffe952f8c78e840f10aa6bfad0c4b5a58e29896
When performing an update, save the index and cmdline of the current
command into the last command file if this command writes to the stash
either explicitly of implicitly. This mitigates the overhead to update
the last command file for every command. I ran a simple test on angler
and the time to update 1000 times is ~2.3 seconds.
Upon resuming an update, read the saved index first; then
1. In verification mode, check if all commands before the saved index
have already produced the expected target blocks. If not, delete the
last command file so that we will later resume the update from the
start of the transfer list.
2. In update mode, skip all commands before the saved index. Therefore,
we can avoid deleting stashes with duplicate id unintentionally;
and also speed up the update.
If an update succeeds or is unresumable, delete the last command file.
Bug: 69858743
Test: Unittest passed, apply a failed update with invalid cmd on angler
and check the last_command content, apply a failed update with invalid
source hash and last_command is deleted.
Change-Id: Ib60ba1e3c6d111d9f33097759b17dbcef97a37bf
The AbortFn() used to overwrite the error message, hiding the real
failure reported in ErrorAbort(). And we will miss the failure in
the script patterns like 'blockimageupdate() || abort()'
We will ensure there's one line break at the end of ErrorAbort's
error message; and append to the existing error message when calling
abort().
Test: Message from ErrorAbort shows up in the log
Change-Id: I3aebd06629c5129330250c7fe5e8cdead2ae85bc
An interrupted update may stash extra blocks in /cache, leading to a
failure when checking the cache size. We can save the incremented
retry_count in the BCB before installing the update; and distinguish
a fresh update from an interrupted one this way.
Bug: 68679601
Test: An interrupted update reapplies successfully.
Change-Id: Ic1403e1fd25a937c91ef34c14b92a0f6c8f1c0f4
It used to be "const Value*", but nullptr won't be a valid input.
Test: recovery_host_test; recovery_component_test
Change-Id: I904b5689ac3e64504088bf0544c9fb5d45a52243
We used to CHECK and abort on parsing errors. While it works fine for
the updater use case (because recovery starts updater in a forked
process and collects the process exit code), it's difficult for other
clients to use RangeSet as a library (e.g. update_verifier).
This CL switches the aborts to returning empty RangeSet instead. Callers
need to check the parsing results explicitly.
The CL also separates RangeSet::PushBack() into a function, and moves
SortedRangeSet::Clear() into RangeSet.
Test: recovery_unit_test
Test: Sideload an OTA package with the new updater on angler.
Test: Sideload an OTA package with injected range string errors. The
updater aborts from the explicit checks.
Change-Id: If2b7f6f41dc93af917a21c7877a83e98dc3fd016
The thread to receive new data may still be alive after we exit
PerformBlockImageUpdate() upon failures. This caused memory corruption
when we run the unittest repeatedly. Set the receiver_available flag
to false and make sure the receiver exits when the update fails.
Bug: 65430057
Test: unittests passed with tsan
Change-Id: Icb232d13fb96c78262249ffbd29cdbe5b77f1fce
Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from
applypatch modules.
Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
This reverts commit 26436d6d60 to re-land
"Move error_code.h into otautil.".
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".
This CL needs to land with device-specific module changes (e.g. adding
the dependency on libotautil).
Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: If193241801af2dae73eccd31ce57cd2b81c9fd96
Use forward declartion to avoid pull in the module that contains
error_code.h (trying to move it into libotautil). Otherwise all the
modules that include "edify/expr.h" need to depend on the module that
exports error_code.h.
.cpp sources should include "error_code.h" explicitly to use the enums.
Test: lunch aosp_{angler,bullhead,dragon,fugu,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: Ic82db2746c7deb866e8cdfb3c57e0b1ecc71c4dc
This way it stops requiring relative path ".." in LOCAL_C_INCLUDES
(uncrypt and edify). Soong doesn't accept non-local ".." in
"local_include_dirs".
Test: mmma bootable/recovery
Change-Id: Ia4649789cef2aaeb2785483660e9ea5a8b389c62
Turn on -Wall for all modules. Also remove the obsolete file_cmp() in
apply_patch test and now() in wear_ui.
The only exception is lib_edify due to the unused functions in the
intermediate cpp files generated from the lex files. It will be handled
in a seperate CL.
Bug: 64939312
Test: mma, unit tests pass
Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
1. Move the declaration of the Image classes to the header file to make
testing easier.
2. Also move rangeset.h to bootable/recovery to allow access in imgdiff.
Test: recovery component test
Change-Id: I68a863e60a3f2e7ae46ee48f48eb15391f5f4330
This is useful in imgdiff to maintain the block ranges of
splitted source image.
Bug: 34220646
Test: mma && unit tests pass
Change-Id: I6427f2ea50f0e3b0aa3dd01880ec0206679b7429
Its former callers in RenameFn() and SymlinkFn() have been removed in
commit 63d786cf22.
Test: mmma -j bootable/recovery
Change-Id: I26ed126202554fc5840811ec7ae162da70593213
This file no longer exists:
- /file_contexts has been split into plat_file_contexts and
nonplat_file_contexts since commit
b236eb6ca204cefcb926e19bd5682f9dcad4021d (system/sepolicy).
- It was named /file_contexts.bin prior to the split.
'-S file_contexts' is also no longer required by e2fsdroid, since commit
2fff6fb036cbbb6dedd7da3d208b312a9038a5ce (external/e2fsprogs). It will
load the file contexts via libselinux.
Test: Trigger the path by performing a data wipe for converting to FBE.
Change-Id: I179939da409e5c0415ae0ea0bf5ddb23f9e6331e
(cherry picked from commit 7af933b6a6)
receive_new_data may exit too early if the zip processor has sent all
the raw data. As a result, the last few 'new' commands will fail even
though the brotli decoder has more output in its buffer.
Restruct the code so that 'NewThreadInfo' owns the decoder state solely;
and receive_brotli_new_data is responsible for the decompression.
Also reduce the test data size to 100 blocks to avoid the test timeout.
Bug: 63802629
Test: recovery_component_test. on bullhead, apply full updates with and
w/o brotli compressed entries, apply an incremental update.
Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
Execute mke2fs to create empty ext4 filesystem.
Execute e2fsdroid to add files to filesystem.
Test: enter recovery mode and wipe data
Bug: 35219933
Change-Id: I10a9f4c1f4754ad864b2df45b1f879180ab33876
(cherry picked from commit ac31808cd3)
Add a new writer that can decode the brotli-compressed system/vendor
new data stored in the OTA zip.
Brotli generally gives better compression rate at the cost of slightly
increased time consumption. The patch.dat is already compressed
by BZ; so there's no point to further compress it.
For the given 1.9G bullhead system image:
Size: 875M -> 787M; ~10% reduction of package size.
Time: 147s -> 153s; ~4% increase of the block_image_update execution time.
(I guess I/O takes much longer time than decompression.)
Also it takes 4 minutes to compress the system image on my local
machine, 3 more minutes than zip.
Test: recovery tests pass && apply a full OTA with brotli compressed
system/vendor.new.dat on bullhead
Change-Id: I232335ebf662a9c55579ca073ad45265700a621e