Bug: 139957269
Test: Sign a target_files.zip. Extract a re-signed APEX and check the
hashtree size (being zero).
Test: Use sign_apex to sign an APEX file. Check the hashtree size (not
being zero).
Test: python -m unittest test_apex_utils
Test: python -m unittest test_sign_apex
Change-Id: I927b7681d66920d7732b700ec3a8f7a65b4cb351
Directory support for img_from_target_files was dropped in aosp/1095755.
Test: Create & boot a merged build.
Change-Id: Ib976ea60a24c2f172c597130d6bcce25199a93b3
This CL additionally removes boot/dtbo/modem/vbmeta_* images out of
secondary payload. We essentially only keep system_other.img and
bootloader images there.
For Pixel devices, this additionally saves ~80MiB (mostly because of
the removal of boot and radio images).
Bug: 140771390
Test: ota_from_target_files \
--include_secondary --skip_postinstall \
-i input-target_files-1.zip \
input-target_files-2.zip \
output-ota.zip
Test: python -m unittest test_ota_from_target_files
Change-Id: If47b27c52b3547a4cc86223a988c53960bc6af40
The commit in d14b895665
(https://android-review.googlesource.com/c/platform/build/+/728287)
changed partition layout, to always build the root dir into system.img,
even for devices not using system-as-root (i.e. the ones with separate
boot ramdisk).
With the new layout, there will be two root dirs for non-system-as-root
targets during the boot. If such a device uses Verified Boot 1.0,
/verity_key needs to be available in both roots, to establish the chain
of trust.
- bootloader uses the baked-in key to verify boot.img; it then loads
the ramdisk from the verified boot.img
- First stage init uses /verity_key (in ramdisk) to verify and mount
system.img at /system, then chroot's to it
- Second stage init uses /verity_key (in system.img) to verify and
mount other partitions
This CL adds rules to additionally install verity_key into ramdisk for
such targets.
Bug: 139770257
Test: Set up a target to use non-system-as-root
(BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`.
Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist
in the built target_files.zip.
Test: Run validate_target_files to validate the above target_files.zip.
$ validate_target_files \
--verity_key_mincrypt /path/to/verity_key \
target_files.zip
Test: Run sign_target_files_apks to sign the above target. Re-run
validate_target_files on the signed target_files.zip.
Test: python -m unittest test_validate_target_files
Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
We used to carry the full OTA for vendor and product partitions when
generating the secondary payload. Since they are not actually used, we
can remove them to reduce the size of factory OTA packages. For example,
the size for a sargo package reduces from 454M to 283M after the change.
Bug: 140771390
Test: generate and apply a second payload on Pixel
Change-Id: I091dc07db8c345b182d9f5dd8d48f5c209245641
'required' only works on python_binary_host.
Test: modify checkvintf source code, build ota_from_target_files
Change-Id: Ieac68b39b1ccabae679a1679f184cb3aeaaeefb6
We have added the flag to disable on device fec computation in
brillo_update_payload. Exposed it in ota_from_target_files as well.
Bug: 139723500
Test: generate an incremental package with the new flag
Change-Id: I683e3ec7791963a3c7e141ecb4e5a3fb53fe2108
Test: Build the following targets and check the built image archive.
bonito-userdebug (contains flashable images);
cf_x86_phone-userdebug (contains super.img);
aosp_arm64-eng (contains VerifiedBootParams.textproto)
Test: m -j otatools-package; Check that zip2zip is included; Use
bin/img_from_target_files to generate image archive.
Change-Id: I9f28765bd702849f0df309faebd6aa3072920536
* changes:
merge_target_files: Checks VINTF metadata of resulting target files
Check VINTF compatibility at OTA generation time.
releasetools: add tests for check_target_files_vintf
Add a script to check VINTF compat of target files package.
Instead of relying on META/{system,vendor}_{manifest,matrix}.xml
and blindly copy compatibility.zip from target files package to
OTA package, do a static check on the input target files package
before generating the OTA package.
META/{system,vendor}_{manifest,matrix} does not contain ODM manifest
fragments, which is incorrect.
Also, the on-device check of compatibility.zip uses a old libvintf
binary on the device, which may not understand the incoming VINTF
metadata. This change removes the on-device check. Hence, it removes
the requirement of forwards compatibility of libvintf.
This behavior can be skipped with --skip-compatibility-check.
Test: build OTA package
Bug: 139300422
Bug: 131425279
Change-Id: I7fb93be9eb73f578fc05a182c6c9d1f073db2800
Instead of checking META/{system,vendor}_{manifest,matrix}.xml (which
is error-prone because ODM SKU-specific manifests are not checked),
this script read the target files package, remaps its directory
structure so that checkvintf understands it, and check VINTF
compatibility.
Also, put it in otatools.zip.
Test: run it on an extracted target files package
Bug: 131425279
Change-Id: I06036f9a8d7242d4bc11524028be40e780c508e8
avb_*_key_path are usually relative file paths. If these files cannot be
located from the current directory, try prepending OPTIONS.search_path.
Bug: 139836256
Test: python -m unittest test_common
Test: python -m unittest test_add_img_to_target_files
Change-Id: I020b257f458a1f5762691d0499feaf4027e37126
The avb_pubkey may not be present, if the apex was initially
unsigned or generated from a bundle. In this case, running
sign_apex to generate a signed apex binary would result in an error.
This fix checks for presense of avbpubkey before attempting the
deletion
BUG: 139994107
Change-Id: I3cb2e88a11ad8797e38ba5fb98c96a4ec4135fc8
Currently only the system and vendor partitions are updated in the
generic block based OTA generation script. Since the product partition
is quite large and consist most of APK files, it would be beneficial to
update it similar to system. Handle the odm and system_ext partitions in
the same way as well.
Bug: 132683080
Test: Run unit tests, generate full and incremental OTA with product partitions.
Change-Id: I13478cf9bd32137c6729b8c9cb102080147093f2
This is needed when including prebuilt images that do not need to be
regenerated. Otherwise the script will exit upon detecting an existing
IMAGES/ directory.
Test: test_merge_target_files
Bug: 139111475
Change-Id: I55d82bd7dc4fa5f27bc01e481362e79fecc200ff
This CL adds the building rules for the following tools:
- add_img_to_target_files
- check_ota_package_signature
- check_target_files_signatures
- img_from_target_files
- merge_target_files
- ota_package_parser
- sign_apex
- sign_target_files_apks
- validate_target_files
Bug: 63866463
Test: mmma -j build/make/tools/releasetools
Test: Run each tool above to ensure there's no missing dependency (in
the exercised code path).
Change-Id: Ide5b9775939ed02c822109cbcf4224000d5472df
This CL refactors the non-A/B OTA generation code into a function,
so it allows adding common post-generation code for both flows.
It moves the code for target files diffing to common path, and fixes the
diffing functionality (broken due to the use of unzip pattern).
Test: Run ota_from_target_files with `--log_diff` flag to generate
non-A/B and A/B OTAs respectively.
Change-Id: I92e5549a58344fc56a151a709c06534913d265d5
The dependency was overlooked as the module was conditionally imported.
Bug: 63866463
Test: `m -j ota_from_target_files`; Run ota_from_target_files with
`--log_diff` flag (on a non-A/B target).
Change-Id: I71eff2e55cc28fd649f0ca1b38da53907dac6597
These two tools are only used within build system, so not adding them
to otatools.zip.
Bug: 63866463
Test: TreeHugger
Test: Build a non-A/B target that calls make_recovery_patch.
Change-Id: Iaeddc98a2c4a27c6b49d91047500029e460db9e3
The flag would otherwise be turned on unconditionally even when
importing merge_target_files as a module. As a result, `atest
releasetools_test` was broken / flaky prior to this change, as
PythonUnitTestResultParser doesn't like unexpected outputs in stderr.
Test: `atest releasetools_test releasetools_py3_test`
Change-Id: Ifd614c797d2cee3b33e4c2a7ad8e598850e9d60c
