- Adds makefile and which files are installed to the SOONG_CONV CSV file
- Updates soong_to_convert.py to be able to parse that
- Adds new script that is more detailed.
- Outputs that file as part of the droidcore build to
$(OUT_DIR)/target/product/$(TARGET_DEVICE)/mk2bp_remaining.html
Test: m out/target/product/$(get_build_var TARGET_DEVICE)/mk2bp_remaining.html
Change-Id: I7c380b6070754f4329bf3965595751e4dac794a0
Some apk files, e.g. Chrome.apk has switched to use v2+ scheme.
And the apk file no longer has a META-INF/CERT.RSA. So, the
signature parsing script should use apksigner to dump the cert
info.
Leave the parsing of META-INF/CERT.RSA as a fallback, as some apks
fail the `apksigner verify`. The script also switches to store the
digest of the cert instead of the raw bytes.
Bug: 157735036
Test: run check_target_files_signatures on aosp|signed target-files
Change-Id: I910cd1aa91d1e446bef7097871af4171c285685d
Incremental OTA generation was failing since the
function _CheckSecondTokenNotSlotSuffixed was in
broken state, this change fixes the same.
Bug: 160215626
Test: Incremental OTA now gets generated and applied
successfully a non-ab device.
Change-Id: Ifb3886396fe65dcdaeba16c568419b9fa084193d
Merged-In: Ifb3886396fe65dcdaeba16c568419b9fa084193d
foo=true
foo=true
foo?=false
Consider the above case: Then the duplication of foo is allowed because
they have the same value (true). However, there was a bug that the
optional assirgnment foo?=false is left unmodified.
This fixes the bug by commenting such optional assignments.
Exempt-From-Owner-Approval: fixes a broken build
Bug: 117892318
Bug: 158735147
Test: atest test_post_process_props
Test: m out/target/product/vsoc_x86/vendor/build.prop for cf_x86_auto
Exempt-From-Owner-Approval: cherry-pick from master
Merged-In: Iba9b61d9779d93e86d9bead2286f945f8d51ab1d
(cherry picked from commit 9a32636759)
Change-Id: Iba9b61d9779d93e86d9bead2286f945f8d51ab1d
As the final step for the refactoring of sysprop configuration, this
change adds BUILD_BROKEN_DUP_SYSPROP which is the escape hatch for
the new restriction. When it is turned on, the new syntax `a ?= b`
collapses to the old syntax `a = b`, duplicated assignments are allowed,
and the dups are resolved following the legacy rule of preferring the
first.
This change also summarizes all the user-facing changes to the Change.md
file.
Lastly, post_process_prop.py is refactored to accept new argument
'--allow-dup' which when turned on allowes duplicated sysprops.
Bug: 117892318
Bug: 158735147
Test: atest --host post_process_prop_unittest
Exempt-From-Owner-Approval: cherry-pick from master
Merged-In: I7bdfffd47d50aad66a78e28a30c3dad7ebac080c
(cherry picked from commit b302cdf6a4)
Change-Id: I7bdfffd47d50aad66a78e28a30c3dad7ebac080c
This CL adds a number of changes to make the assignment of system
properties to be less confusing.
1. Added `a ?= b` syntax, which is called optional prop assignments. The
prop `a` gets the value `b` only when there is no non-optional prop
assignment for `a` such as `a = c`. This is useful for props that
provide some reasonable default values as fallback.
2. With the introduction of the optional prop assignment syntax,
duplicated non-optional assignments is prohibited; e.g., the follwing
now triggers a build-time error:
a = b
a = c
, but the following doesn't:
a ?= b
a = c
Note that the textual order between the optional and non-optional
assignments doesn't matter. The non-optional assignment eclipses the
optional assignment even when the former appears 'before' the latter.
a = c
a ?= b
In the above, `a` gets the value `c`
When there are multiple optional assignments without a non-optional
assignments as shown below, the last one wins:
a ?= b
a ?= c
`a` becomes `c`. Specifically, the former assignment is commented out
and the latter is converted to a non-optional assignment.
3. post_process_props.py is modified so that when a prop assignment is
deleted, changed, or added, the changes are recorded as comments. This
is to aid debugging. Previously, it was often difficult to find out why
a certain sysprop assignment is missing or is added.
4. post_process_prop.py now has a unittest
Bug: 117892318
Bug: 158735147
Test: atest --host post_process_prop_unittest
Exempt-From-Owner-Approval: cherry-pick from master
Merged-In: I9c073a21c8257987cf2378012cadaeeeb698a4fb
(cherry picked from commit 7aeb8de74e)
Change-Id: I9c073a21c8257987cf2378012cadaeeeb698a4fb
add_img_to_target_files.py
See bug description:
"When resigning images, the validate_target_files.py can be used to
verify the images using avbtool. The script will use the vbmeta.img to
achieve this, and all relevant images need to be in the IMAGES folder.
However, due to changes on add_img_to_target_files.py and specifically
the commit 5277d1015, some images (e.g. acpio.img and tos.img) are no
longer copied from RADIO to the IMAGES folder. This causes an error on
validate_target_files.py indicating that it cannot find image such as
IMAGES/acpio.img."
This CL fixes this by symlink images under RADIO directory to IMAGES
directory before invoking avbtool.
Bug: 159299583
Test: python3 -m unittest test_validate_target_files
Change-Id: I5769ee2ab5230d2a3a7cef10706dcc5788e654f8
Starting from http://go/aog/1328118, we chained the 1st GKI
boot image into vbmeta. However, this fails avb validation;
because the avbtool constructs the image path based by using
"partition name + ext".
This cl works around the issue by renaming boot-5.4.img to
boot.img, so avbtool can find the image correctly.
Bug: 159656873
Test: run validate target file
Change-Id: I577226596e139e5b5f3e6ca3c28ced02431ca392
When calculating the dynamic fingerprints, we need to reopen the
input file if it's a ZipFile. Because the original object has been
closed.
Bug: 152167826
Test: generate an OTA package with zip input and overrides
Change-Id: I623da3cc5fcc91c6230fb5a6e86517ed995913b7
The core android build platform has changed to add support for LZ4
compression for ramdisks, but the release tools were not. Fix this.
Bug: 156129966
Change-Id: I39680b91930d2d3cbd0cd565beb78e1ee699397e
Multiple boot images can be generated based on BOARD_KERNEL_BINARIES
but vbmeta would capture the image descriptor of only the first boot
image specified in BUILT_BOOTIMAGE_TARGET.
Bug : 158213759
Test: Compile multiple boot images and check if vbmeta.img
includes image descriptor of only the first boot image
specified in BUILT_BOOTIMAGE_TARGET
Change-Id: Ib70f65d98546a436da82656bc5c911d437618bb5
post_process_prop.py doesn't simply drop a line when deleting a prop.
Instead, it makes the line as comment and leave a comment to clearly
mark that the prop was force removed. This is to aid the debugging.
Bug: 117892318
Test: m
Change-Id: I53c05800ff71d431a56dc370bcfe8bfc95c03bfc
The shell script was responsible for appending some system properties
that are common to <partition>/build.prop files. The values of the
system properties were given via environment variables whose names were
slightly different from their corresponding make var names.
This change removes the script and instead write the system properties
directly in Make, thus eliminating the need to keep track of the mapping
across sysprop names, environment variable names, and make var names.
Bug: 117892318
Test: m
Change-Id: I4d88733c1afa30ea0c0c4fcfc2b349f07f7fc090
This change is a partial cherry-pick of ag/10260813
(Iaeefb35137de01c6ea57115d8830dd9bc30eccba) to prevent downstream merge
conflict when buildinfo_common.sh is removed by the upcoming changes.
Bug: 117892318
Test: m
Change-Id: I6194347668fd57dfb29ce1bfda16b90088483591
Merged-In: Iaeefb35137de01c6ea57115d8830dd9bc30eccba
The macro `build-properties' is defined to generate build rules to
create <partition>/build.prop.
build.prop files in all partitions except for the system partition are
now build using the macro.
system partition will use the macro in the following changes.
Bug: 117892318
Test: m
Change-Id: Ibed9c96dac4366251ec59a0b1317aa92f501c9a3
Modify add_img_to_target_files.py to use the BUILDING_*_IMAGE flags when
deciding whether to create and add a given image to a target files
archive.
To do this, the BUILDING_*_IMAGE flags are now dumped to misc_info.txt.
The origin of this change was to use the BUILDING_USERDATA_IMAGE and
BUILDING_CACHE_IMAGE flags in add_img_to_target_files.py so that we
could reliably turn off the generation of the userdata and cache images.
The other image flags were added for symmetry.
Bug: 130307439
Test: m -j out/target/product/bonito/misc_info.txt
Test: m -j droid dist
Change-Id: I32d5a8d6c9ebb5f329d856030084d698ee8d271d
With this change the name of the signed and unsigned APK will be something like 'tmpadrbpp9f/tmpvl0lf2kr/tmpknja6mca_MyApk.apk' instead of 'tmpadrbpp9f/tmpvl0lf2kr/tmpknja6mca'.
The motivation for this change is a better logging and transparency what is being signed in the underlying client.
Change-Id: I32b0e93d5859ca3fb712e426705f16d329d71f0e
The script is refactored to not parse lines everytime a prop is looked
up or updated.
Also it is now built using python_binary_host.
Bug: 117892318
Test: m
Change-Id: I1677ca5aa919c54b7b0740fdc52e1399009f9a12
default.prop files are gone. Remove the code in post_process_prop.py
that handles the file.
Bug: 1313599
Test: m
Change-Id: I3b4ff4adac57a406b70300d34ece7028cb52eb2d
avb_extra_custom_image_extra_args can be set to
'oem=--signing_helper_with_files=/tmp/avbsigner.sh' on signing server.
The second '=' shouldn't be splitted in this case.
BUG: 154171021
Test: Manually sign target zip files which has custom images.
sign_target_files_apks -d certs --avb_extra_custom_image_key \
oem=oem_rsa4096.pem --avb_extra_custom_image_algorithm \
oem=SHA256_RSA4096 --avb_extra_custom_image_extra_args \
oem="--signing_helper_with_files=/tmp/avbsigner.sh" \
xxxx-target_files.zip signed.zip
Change-Id: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
The values of the ro.boot* variables are not part of the image files
and are provided (e.g. by bootloaders) at runtime. Meanwhile, their
values may affect some of the device build properties, as a different
build.prop file can be imported by init during runtime.
This cl adds an option to accepts a list of possible values for some
boot variables. The OTA generation script later use these values to
calculate the alternative runtime fingerprints of the device; and
list the device names and fingerprints in the OTA package's metadata.
The OTA metadata is verified by the OTA server or recovery to ensure
the correct OTA package is used for update. We haven't made any
restrictions on what ro.boot* variables can be used for fingerprint
override. One possible candidate can be the skus listed in
ODM_MANIFEST_SKUS.
Bug: 152167826
Test: unittests pass, generate an OTA file with the new option
Change-Id: I637dea3472354236d2fd1ef0a3306712b3283c29
The custom images are any images owned by OEMs and SoCs, oem images
mounted on /oem is an example. The oem images can be used to customize
devices for different carriers, like wallpaper, ringtones, and
carrier-specific apks. OEMs can generate multiple oem images, like
oem.img, oem-carrier1.img and oem-carrier2.img and flash different oem
images for different carriers. The oem images are only one case, OEMs
and SoCs can add more custom images and mount them to custom partitions.
This change enables custom images to be vbmeta.img chained partitions.
The following configuration in BoardConfig.mk is an exmaple. It has two
custom partitions: oem and test. They will be signed by different keys.
And they will be chained by vbmeta.img. The custom images here are
prebuilts, which can be built by `make custom_images` separately.
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST should include all custom images
to apply AVB signing. And to every custom partition, one image whose
name is partition name must be added in its
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST.
BOARD_CUSTOMIMAGES_PARTITION_LIST := oem test
BOARD_AVB_OEM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_OEM_ALGORITHM := SHA256_RSA4096
BOARD_AVB_OEM_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_OEM_ROLLBACK_INDEX_LOCATION := 1
BOARD_AVB_OEM_PARTITION_SIZE := 5242880
BOARD_AVB_OEM_IMAGE_LIST := \
device/xxxx/yyyy/oem/oem.img \
device/xxxx/yyyy/oem/oem1.img
BOARD_AVB_TEST_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_TEST_ALGORITHM := SHA256_RSA2048
BOARD_AVB_TEST_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_TEST_ROLLBACK_INDEX_LOCATION := 2
BOARD_AVB_TEST_PARTITION_SIZE := 10485760
BOARD_AVB_TEST_IMAGE_LIST := \
device/xxxx/yyyy/test/test.img \
device/xxxx/yyyy/test/test1.img
To resign the custom images in the target zip file, the
avb_extra_custom_image_key, avb_extra_custom_image_algorithms and
avb_extra_custom_image_extra_args options are added to the
sign_target_files_apks tool too. The following test cases list some
examples about how to use them.
BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
2) Build images by 'make dist', sign and validate target files.
a) Test on dist w/ chained vbmeta_system and ome custom images
sign_target_files_apks -d certs \
--avb_extra_custom_image_key oem=oem_rsa4096.pem \
--avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Flash image and boot up.
Verify the oem images and vbmeta images in OUT and target zips by
avbtool.
b) Test on dist w/ chained vbmeta_system and oem and test custom images
sign_target_files_apks -d certs \
--avb_extra_custom_image_key oem=oem_rsa4096.pem \
--avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
--avb_extra_custom_image_extra_args oem=--do_not_generate_fec \
--avb_extra_custom_image_key test=test_rsa4096.pem \
--avb_extra_custom_image_algorithm test=SHA256_RSA4096 \
xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Verify the oem, test images and vbmeta images in OUT and target zips
by avbtool.
c) Test on dist w/o chained partition.
sign_target_files_apks -d certs xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Flash image and boot up.
Verify the vbmeta images in OUT and target zips by avbtool.
Change-Id: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
Whenever a device is retrieved from fstab, wrap it with
add_slot_suffix() if it has slotselect option.
Test: change fstab (changes boot image, which is a static partition),
change system partition (a dynamic partition),
generate incremental OTA with --force_non_ab and apply it on
cuttlefish
Bug: 153581609
Change-Id: Id3f8e4425b65176baf1b0ff1ee07ab3d820a3a7f
(cherry picked from commit ae6e0d5d28)
Merged-In: Id3f8e4425b65176baf1b0ff1ee07ab3d820a3a7f
Force generate a non-A/B update package when requested.
Bug: 154344887
Test: ota_from_target_files.py --force_non_ab ...
Test: apply it as well
Change-Id: I5e81eb161722e07ef50081b6a16685cbc9963ae2
(cherry picked from commit 7169f754cc)
Merged-In: I5e81eb161722e07ef50081b6a16685cbc9963ae2
When sign_apex.py re-signs an apex, the hash algorithm is extracted and
it is used when re-packaging the file.
Bug: 155771970
Test: releasetools_py3_test doesn't regress
(some tests were failed, but they failed even without this change:
test_ApexApkSigner_apkKeyNotPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noApkPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noAssetDir (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_signApk (test_apex_utils.ApexUtilsTest) ... ERROR)
Change-Id: I996a33e0208d3dd3a04a31b8dafb27ef995297f2
The different boot images in aosp_arm64 have different partition size
requirements. Add support for defining a partition size associated with
each boot image variant.
This support is limited to aosp_arm64 currently, which is built with
recovery-as-boot.
A previous version of this change did not update the boot-debug image
AVB logic with the required macro for multiple boot partition size
support. This is now required because the aosp-arm64 boot.img is
configured as a chained AVB partition.
Bug: 156036850
Bug: 155049180
Change-Id: I66b57de91042bfd56ba54a3659843d8cf7873955
placeholder
Bug: 134509111
Test: add "test_mainline_modules: [some.apk]" to TetheringTests,
and build the modules, confirm the parameterized option is added
in the test config.
Change-Id: I0f4f837412075520153d21c9ca12cf5c3f555de7
The oem partition allows system build.prop to import properties from it
by "import /oem/oem.prop xxxx". An _ImportParser() error was raised on
this case.
BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
2) On a device who has oem partition, "make dist" and sign its
target zip file.
Change-Id: I47875bf7a698390e11690150e6516a3064550ca0
