(Re-land of Ie882fccd864920289e48366e99a4ebd67e784d0d)
We no longer build GKIs from the platform tree.
These build commands were neither used nor maintained anymore, so clean
them up to reduce maintenance effort.
Keep the command line options as no-op, so existing scripts that still
specifies the deprecated options don't break.
Bug: 229701033
Test: presubmit
Change-Id: I0f7d05562dbc3eed29e902d6dc9a0f2e4083aaa6
We no longer build GKIs from the platform tree.
These build commands were neither used nor maintained anymore, so clean
them up to reduce maintenance effort.
Bug: 229701033
Fix: 229701033
Test: presubmit
Change-Id: Ie882fccd864920289e48366e99a4ebd67e784d0d
We are removing VB support from release tools. This change aims to
remove the args related to replace verity key.
Bug: 242672222
Test: atest under build/make
Change-Id: I446a0b16e482c43542a1c0e41b24e80eb9fbc8e6
This new init_boot.img contains the ramdisk that used to reside in the
boot.img file.
Test: set BOARD_PREBUILT_INIT_BOOT_IMAGE to an external init_boot.img
- Check that "m" pulls in the init_boot.img to
out/target/product/vsoc_x86_64/
- Check that "m dist" adds the init_boot.img to
aosp_cf_x86_64_phone-img-eng.devinmoore.zip
Test: atest --host releasetools_test
Bug: 203698939
Change-Id: If7ef2cf093e5e525529c7c44333c0f40f6ba0764
When an APEX specifies its custom signing tool (custom_sign_tool:),
apexkeys.txt contains the info and sign_target_files_apks pass the value
to apex_util.
For now the Virt APEX has its own custom signing tool (sign_virt_apex),
which is added to OTATOOLS.
Bug: 193504286
Test: sign_target_files_apks invokes sign_virt_apex
Change-Id: Iba845723fe3e18f542963324b9c58cd00914c5ba
Commit I8bd8ad3acf324931b47d45fd30bc590206b1927e adds a default
value of "gki_signing_signature_args" in the misc_info.txt for
release signing to work. However, it's better to replace the default
value entirely (e.g., --prop foo:bar) as there is no need to include
them in the final release-signed image.
Bug: 178559811
Bug: 177862434
Test: atest releasetools_test
Test: atest releasetools_py3_test
Change-Id: I060b5a7076ff3e5d883abeb7d72f3db887c9fd69
Commit I9967d06bde0e18a12b84b5b0b568db09765fe305 supports adding a
generic boot_signature into boot.img v4. This change allows replacing
the boot_signture signing key with a release key during the release
process.
The default GKI signing key can be specified in a BoardConfig.mk via:
BOARD_GKI_SIGNING_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar
The release signing key/algorithm can be specified by the following options
when invoking sign_target_files_apks:
--gki_signing_key=external/avb/test/data/testkey_rsa4096.pem
--gki_signing_algorithm=SHA256_RSA4096
Additional arguments for generating the GKI signature can be
specified as below:
--gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2"
Bug: 177862434
Test: make dist
Test: sign_target_files_apks \
--gki_signing_key=external/avb/test/data/testkey_rsa4096.pem \
--gki_signing_algorithm=SHA256_RSA4096 \
--gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2" \
./out/dist/*-target_files-eng.*.zip signed.zip
Test: Checks GKI boot_signature is expected after signing:
`unzip signed.zip IMAGES/boot.img`
`unpack_bootimg --boot_img IMAGES/boot.img --out unpack`
`avbtool info_image --image unpack/boot_signature`
Test: unit test: releasetools_test and releasetools_py3_test
Change-Id: I61dadbc242360e4cab3dc70295931b4a5b9422a9
When opening an zip file through zipfile.ZipFile(), python2 by default
disables zip64 support. To support update files >4GB, we manually add
allowZip64 to override the setting.
Test: generate && serve an OTA
Change-Id: I9645e963ced830cc2d3a4b72bc63b9369a1cefe8
Since we might use ToT release tools to sign a package
generated by an older build, we make the new
`partition=` tag optional. This also means we need to be
careful to use non-greedy regex matching.
Bug: 153133823
Test: python3 -m unittest
Test: input with and without the new `partition=` tag
Test: new test_ReadApkCerts_WithWithoutOptionalFields
Change-Id: Ic57efd34e745ad302ae17150c6f2318f0b4524cb
Propagate partition tag data to apexkeys.txt and
apkcerts.txt so that merge_target_files.py can build
merged versions of these files by filtering the
framework files for framework partitions and filtering
the vendor files for vendor partitions.
Bug: 138942268
Change-Id: Ic3226728e97dae84d38ec230ccc86d1b124bea94
This allows querying per-partition fingerprint via libavb (in
particular, avb_property_lookup).
Bug: 80097573
Test: `m dist`; `avbtool info_image --image /path/to/image` to check the
written prop.
Test: `atest --host releasetools_test releasetools_py3_test`
Test: Run sign_target_files_apks to sign a target_files.zip that's built
with the change. Check the AVB prop in the signed images.
Change-Id: Id4f06df82c29e77aca128439c8c11f0367fe587e
Based on the actual semantics, it actually wants an in-memory _bytes_
buffer (io.BytesIO), especially when running with Python 3. This CL
fixes the issue and adds a unittest.
Bug: 131631303
Test: python -m unittest test_sign_target_files_apks
Test: python3 -m unittest test_sign_target_files_apks
Change-Id: I3fb067acc26713f1842e831225607779fd0d1b7e
Some properties had 'test-keys' still set
after signing the target files zip for release.
These properties are now added to the RewriteProps
method.
Bug: 131810966
Test: manual
Test: `atest releasetools_test`
Change-Id: Ifb352ed28f5100f1e9f686d77e935723f7f6d3ae
For an PRESIGNED APEX, it has the following format, which should be
considered as a valid input.
name="foo.apex" public_key="PRESIGNED" private_key="PRESIGNED" container_certificate="PRESIGNED" container_private_key="PRESIGNED"
Bug: 131153746
Test: Run sign_target_files_apks.py on a target_files.zip with PRESIGNED
APEXes.
Test: python -m unittest sign_target_files_apks
Change-Id: I51076b0c6eddfb75637d37659a08009f0a88e931
(cherry picked from commit f454c3a0b4)
For an PRESIGNED APEX, it has the following format, which should be
considered as a valid input.
name="foo.apex" public_key="PRESIGNED" private_key="PRESIGNED" container_certificate="PRESIGNED" container_private_key="PRESIGNED"
Bug: 131153746
Test: Run sign_target_files_apks.py on a target_files.zip with PRESIGNED
APEXes.
Test: python -m unittest sign_target_files_apks
Change-Id: I51076b0c6eddfb75637d37659a08009f0a88e931
This CL adds support that allows treating an APEX as pre-signed. We can
skip signing an APEX with `-e <apex-name>=` and
`--extra_apex_payload_key <apex-name>=`. Note that the payload_key and
container_key must be in consistent state - either they're both
PRESIGNED or none of them is. CheckApkAndApexKeysAvailable() has been
updated to perform the sanity check.
Bug: 123716522
Test: Run sign_target_files_apks.py with the above flags.
Test: python -m unittest test_sign_target_files_apks
Change-Id: Id1e2f3f2facd4a97a385983cc9b78c028f7e7e73
Bug: 123716522
Test: Run sign_target_files_apks.py to sign a target_files with APEXes.
Test: Run check_target_files_signatures.py on signed artifact.
Test: python -m unittest test_sign_target_files_apks
Change-Id: I3fa13e3d9461cf5e0838e0572d436e218164fe41
All the releasetools unittests extend the common base class of
test_utils.ReleaseToolsTestCase. Define tearDown() in the base class to
do the clean-up works.
Test: `pylint --rcfile=pylintrc test_*.py`
Test: `python -m unittest discover .`
Change-Id: I51775d964ef032dcdf3bb89c55e1a31371cde708
We may pack prebuilts that end with ".apk" into target_files zip, via
PRODUCT_COPY_FILES. META/apkcerts.txt won't contain the cert info for
such files, and we want to keep them as is while signing, despite of the
".apk" extension.
This CL adds "--skip_apks_with_path_prefix" option to
sign_target_files_apks.py. APKs with matching prefixes will be copied
verbatim into the signed images. The prefix should match the entry names
in the target_files (e.g. "SYSTEM_OTHER/preloads/"). The option may be
repeated to specify multiple prefixes.
Note that although we may skip signing an APK file with "-e ApkName=".
This would skip *all* the APK files with the matching basename.
"--skip_apks_with_path_prefix" allows matching the exact prefix.
For example:
$ ./build/make/tools/releasetools/sign_target_files_apks.py \
--skip_apks_with_path_prefix SYSTEM_OTHER/preloads/ \
--skip_apks_with_path_prefix PRODUCT/prebuilts/PrebuiltApp1 \
--skip_apks_with_path_prefix VENDOR/app/PrebuiltApp2.apk \
target_files.zip \
signed-target_files.zip
Bug: 110201128
Test: Run the command above and check the logs.
Test: `python -m unittest test_sign_target_files_apks`
Change-Id: I7bd80b360917cef137cf1e7e8cfa796968831f47
Test: Run sign_target_files.py to sign a target_files.zip.
Test: `python -m unittest test_sign_target_files_apks`
Change-Id: Ie795d1bce7bae6af427832283e3d10bfecad80c5
Since we have been carrying test certificates in testdata/ for other
tests, do the same for test_sign_target_files_apks.py. Copy
verity.x509.pem from build/target/product/security/ to testdata/ for
that purpose.
Also capture the stderr output in ReplaceVerityKeyId().
Test: python -m unittest test_sign_target_files_apks
Change-Id: Ie11e042086952e8a4a5a63950cb0b16cc436b7e6
For devices using derived fingerprint (i.e. /system/build.prop doesn't
contain ro.build.fingerprint, but has ro.build.thumbprint instead), the
current code (in android.os.Build) doesn't have a matching logic to do
the same for ro.vendor.build.fingerprint. This means we will see
ro.build.thumbprint in /system/build.prop, while there's no matching
ro.vendor.build.thumbprint in /vendor/build.prop.
From signing script point of view, it should just apply the tag
replacement (e.g. test-keys -> release-keys) for whatever it sees when
signing a target_files.zip.
This CL also adds unit tests for EditTags() and RewriteProps().
Fixes: 27950003
Test: Use 'sign_target_files_apks.py' to sign a target that uses derived
fingerprint and vendor partition. Check VENDOR/build.prop.
Test: python -m unittest test_sign_target_files_apks
Change-Id: I09019da970840cd82f54b68a32b4e94984bc1d8d
