While the system.img images currently built with AVB support verify
correctly, mounting the filesystem content fails. This is because
'avbtool add_hashtree_footer' used to claim some of the unused /
DONT_CARE space for stashing the verity tables and this resulting in the
mapped device ending up being smaller causing the mount failure.
Fix this by leaving enough room for AVB hashtree and metadata before
building the image. This is achieved by moving the AVB hashtree support
into build_image.py and using a just added '--calc_max_image_size'
option to 'avbtool add_hashtree_footer' to figure out how much space to
leave out.
This depends on https://android-review.googlesource.com/#/c/281821/
Bug: 31264226
Test: Mounting dm-verity set up from system.img now works.
Merged-In: I4c5de1004c1059f8c582e76b3b8517d427aa1a87
Change-Id: I945a5f1f6782791736cd319f216cfa6b448fb04d
For some partition sizes, we currently build an image that's 1-2
blocks smaller than the actual partition, which causes fs_mgr to
not find metadata. This change adds padding to FEC metadata that
correctly positions the metadata header at the end.
Bug: 28865197
Change-Id: Ie0e044715a9c5ae8ba395e7d2ff9fbd7cffc0b4c
For AB devices, support flashing two system partitions for factory use.
The normal system image on one partition, but without dex preopt. And a
system_other image that just contains the odex files. The dex files will
not be stripped out of the system image, in case the second system
partition is wiped.
Setting BOARD_USES_SYSTEM_OTHER_ODEX := true in the BoardConfig.mk
enables this behavior.
One can control which directories are placed in system_other by the
SYSTEM_OTHER_ODEX_FILTER configuration variable. Currently we default
to only copying only app and priv-app odexs.
Bug: 29278988
Change-Id: I7f4e87da919e7dc6a89fd8c668193cd4e98631bc
Needed to generate image.map and to optimize the OTA size
BUG: 22322817
Change-Id: I7802f4dbb9116a94ea99a00b68c3a7ff180ef08a
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
Allows passing the *.base_fs or *.map files for system and vendor in
INTERNAL_SYSTEM_BASE_FS_PATH and INTERNAL_VENDOR_BASE_FS_PATH variables
respectively.
Internal Design Doc: go/incremental-ext4
BUG: 26839493
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
Change-Id: Ie57ef6dbfa6084268b6535fe0a673a3b4aaa6e2f
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
Pad the sparse image with a zero fill chunk to correctly position
verity and FEC metadata at the end of the partition.
Bug: 27073791
Change-Id: I9f70d579a42e5007d50e9c02a98a608d2815f0ed
(cherry picked from commit 6a8781a251)
Pad the sparse image with a zero fill chunk to correctly position
verity and FEC metadata at the end of the partition.
Bug: 27073791
Change-Id: I9f70d579a42e5007d50e9c02a98a608d2815f0ed
append2simg can be slow, so generate error correction data before verity
data is appended, and append all metadata to the image at the same time.
Needs matching changes from
I09349368925e5e2f2a7961a712a1e933eb0b9ec8
Bug: 26251929
Change-Id: Iea8cee0aee353b4d029d9581e8fbd68ec7b7dd4b
append2simg on a large image is fairly slow, so append verity metadata to
the hash tree to avoid two calls.
Bug: 26251929
Change-Id: I5ec84dcd6e8500e990af13b1f9cef5e809b41605
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
[1] changed to use a fixed timestamp for all the generated images
(either the one under $ANDROID_PRODUCT_OUT/ or the one added into the
target_files zip). It makes 'adb sync' after 'fastboot flashall' to
resync all the files. This CL changes to use a fixed timestamp only when
packaging into the target_files zip.
[1]: commit 052ae3542b
Bug: 24377993
Bug: 24536411
Change-Id: I209318966109fd4902468dfe96caf777464f9fe1
A few properties are stored as links to the files in the out/
directory, which are no longer available when (re)packing from
target_files zip. Redirect those properties to the actual files in
the unzipped directory when repacking.
Change-Id: I18e930cbea224ab9c6db8d4e721b1c266a671db6
fs_config function from libcutils, in order to properly set the xattr FS
used to define device specific uid, gid, permissions and capabilities,
now needs TARGET_OUT make variable to be passed explicitly to all tools
using it:
fs_config
fs_get_stats used by mktarball.sh
make_ext4fs used by mkuserimg.sh
mksquashfs used by mksquashfsimage.sh
Bug: 21989305
Bug: 22048934
Change-Id: I6caf9cf870882fce2ead93027767092c29b75ded
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
It amends the last attemp in [1]. Now it computes the used blocks from the
make_ext4fs output, instead of altering its argument.
[1]: commit efbb5d2e69.
Bug: 21522719
Bug: 22023465
Bug: 22174684
Change-Id: Iaae6507f6de68a5892f2e3035d330039287b4492
(cherry picked from commit c7a6f1e4f8)
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
It amends the last attemp in [1]. Now it computes the used blocks from the
make_ext4fs output, instead of altering its argument.
[1]: commit efbb5d2e69.
Bug: 21522719
Bug: 22023465
Bug: 22174684
Change-Id: I9783a51abe6581ff5c75db81e78ac606d0f32c4c
We should not change the parameter to mkfs_ext4. Bug filed at
b/22174684. Will come up with a new CL.
This reverts commit efbb5d2e69.
Change-Id: I15f7a9a07a65a936ba186d2ce672ec4832ed3e17
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
Bug: 21522719
Bug: 22023465
Change-Id: I49f16adbf2dedc5279fbb8622bf99ef71dcc494f
Build additional images requested by the product makefile.
This script gives the ability to build multiple additional images and
you can configure what modules/files to include in each image.
1. Define PRODUCT_CUSTOM_IMAGE_MAKEFILES in your product makefile.
PRODUCT_CUSTOM_IMAGE_MAKEFILES is a list of makefiles.
Each makefile configures an image.
For image configuration makefile foo/bar/xyz.mk, the built image
file name
will be xyz.img. So make sure they won't conflict.
2. In each image's configuration makefile, you can define variables:
- CUSTOM_IMAGE_MOUNT_POINT, the mount point, such as "oem", "odm"
etc.
- CUSTOM_IMAGE_PARTITION_SIZE
- CUSTOM_IMAGE_FILE_SYSTEM_TYPE
- CUSTOM_IMAGE_DICT_FILE, a text file defining a dictionary
accepted by BuildImage() in tools/releasetools/build_image.py.
- CUSTOM_IMAGE_MODULES, a list of module names you want to include
in the image; Not only the module itself will be installed to proper
path in the image, you can also piggyback additional files/directories
with the module's LOCAL_PICKUP_FILES.
- CUSTOM_IMAGE_COPY_FILES, a list of "<src>:<dest>" to be copied to
the image. <dest> is relativ to the root of the image.
To build all those images, run "make custom_images".
Bug: 19609718
Change-Id: Ic73587e08503a251be27797c7b00329716051927
(cherry picked from commit 5fcf1094f9)
In order to work around the zip 2GiB limit, we need to wrap the related
functions in zipfile. Calls to those functions should always be replaced
with calls to the wrappers instead.
Bug: 18015246
Change-Id: I499574cee51ec4804bc10cbefe0b17940afed918
(cherry picked from commit 2ed665a033)
In order to work around the zip 2GiB limit, we need to wrap the related
functions in zipfile. Calls to those functions should always be replaced
with calls to the wrappers instead.
Bug: 18015246
Change-Id: Ice494371ca6654e88ded2ae0eb680f51082effcb
Added support to build system.img that combines contents of /system and
the ramdisk, and can be mounted at the root of the file system.
To enable this feature, define BoardConfig.mk variable:
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
Ideally we would just change TARGET_OUT (the path of the staging system
directory) to under TARGET_ROOT_OUT. But at this point many places in
the build system assume TARGET_OUT is independent of TARGET_ROOT_OUT and
we can't make it easily configurable.
Instead this implementation takes the least intrusive approach:
We don't change TARGET_OUT or TARGET_ROOT_OUT. We just assemble a
temporary staging directory that contains contents of both TARGET_OUT
and TARGET_ROOT_OUT, in build_image.BuildImage() of
tools/releasetools/build_image.py.
When build_image.py is directly called from the makefile, we pass in the
parameters from the global dictionary; when build_image.BuildImage() is
called from add_img_to_target_files.py, we need to override values to
point to files extracted from the target_files zip file.
We need to combine the fs_config files of both /system and ramdisk,
when fs_config is enabled.
Also this change refactored build_image.BuildImage() by moving the extra
parameters to the image property dictionary.
(cherry-picked from commit 0eabd4f2c5)
Bug:19868522
Change-Id: Iafc467a0e3427b0d6ad3b575abcc98ddcc9ea0f1
This caught a few bugs/syntax errors (a few character classes were not
escaped properly in regex patterns, some indentation was illegal,
etc).
Change-Id: I50637607524e68c4fb9cad7167f58a46b8d26b2c
Build additional images requested by the product makefile.
This script gives the ability to build multiple additional images and
you can configure what modules/files to include in each image.
1. Define PRODUCT_CUSTOM_IMAGE_MAKEFILES in your product makefile.
PRODUCT_CUSTOM_IMAGE_MAKEFILES is a list of makefiles.
Each makefile configures an image.
For image configuration makefile foo/bar/xyz.mk, the built image
file name
will be xyz.img. So make sure they won't conflict.
2. In each image's configuration makefile, you can define variables:
- CUSTOM_IMAGE_MOUNT_POINT, the mount point, such as "oem", "odm"
etc.
- CUSTOM_IMAGE_PARTITION_SIZE
- CUSTOM_IMAGE_FILE_SYSTEM_TYPE
- CUSTOM_IMAGE_DICT_FILE, a text file defining a dictionary
accepted by BuildImage() in tools/releasetools/build_image.py.
- CUSTOM_IMAGE_MODULES, a list of module names you want to include
in the image; Not only the module itself will be installed to proper
path in the image, you can also piggyback additional files/directories
with the module's LOCAL_PICKUP_FILES.
- CUSTOM_IMAGE_COPY_FILES, a list of "<src>:<dest>" to be copied to
the image. <dest> is relativ to the root of the image.
To build all those images, run "make custom_images".
Bug: 19609718
Change-Id: Ic73587e08503a251be27797c7b00329716051927
(cherry picked from commit 5fcf1094f9)
When building images set the mount point (data,cache,system) as the
filesystem label on the generated image. This is required for the
Android Emulator.
IMPORTANT: This depends on the following patch to system/extras/:
https://android-review.googlesource.com/#/c/120047/
which has already been submitted to AOSP and merged into the
internal tree.
Change-Id: Iaeb45462570c26d37980f1cc5d8a1b929e476c89
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
A device can set up BOARD_SYSTEMIMAGE_JOURNAL_SIZE (number of journal blocks)
in its BoardConfig.mk.
To disable journaling, set "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0".
BOARD_VENDORIMAGE_JOURNAL_SIZE and BOARD_OEMIMAGE_JOURNAL_SIZE work in
similar way.
Bug: 18430740
Change-Id: I0594814fe19ffc54dff41ec2464e2e3a802b9419
Replace the xdelta/xz-based block OTA generation with a new system
based on the existing bsdiff/imgdiff tools.
Bug: 16984795
Change-Id: Ia9732516ffdfc12be86260b2cc4b1dd2d210e886
make_ext4fs can now output a file listing the blocks used for each
file in the image. Request this file and save it in the target_files;
it will be used for future improvements to block OTAs.
Bug: 16984795
Change-Id: Id1e60465e3b5a9d126a7934b4d089cf34d8fec44
- Support TARGET_USERIMAGES_USE_F2FS.
- Support BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE.
- Support "userdata_fs_type" in the prop dict.
- Update build_image to recognize f2fs and call the correct command.
Change-Id: If31cc8bd235f93a4c7814fab36e6e2d13d3037ad
Signed-off-by: JP Abgrall <jpa@google.com>
When building images, we want to use the file_contexts and fs_config
data contained in the target_files zip, rather than whatever happens
to be in the current client.
Change-Id: I13df2405898039f5a9b4bb4837147e76b31b068a
Prior to this change salts were randomly generated, causing OTAs
to fail when they tried to check whether the system they were
installing on was binary identical to the source from which they
were generated.
Bug: 15018770
Change-Id: I86fffe2264a0c263aaf47112fb82fa71240e3403
Without this, system images will be built that do not contain the
necessary bits for verification.
Change-Id: I87c15282b26377d7a2a1540e3d0e30b0299622e3
The C++ version avoids the need to unsparse the image to generate
the verity image, and is much faster for images with large regions
of don't care (treated as zeroes).
Change-Id: I8396b08a5fdb93f27d8c71c9c1ac23cb75cf1f7f
To build oem.img:
- You must define BOARD_OEMIMAGE_PARTITION_SIZE in your BoardConfig.mk
- The file system type will be the same as system.img and userdata.img.
- To install a module to oem.img, use "LOCAL_OEM_MODULE := true"
- run "make -j48 showcommands oem_image dist". By default it's not
built.
Bug: 13367676
Change-Id: I1a26d4d0c61b72ecffe60279667b1b3de050780d
The system partitions has regions that we shouldn't write and can't
depend on the contents of. Adds a new script to generate a map of
these regions (using the sparse image as input), and include the map
in the package zip so it can be used when writing or patching the
system partition.
Also fixes a bug where the wrong SELinux file contexts are used when
generating incrementals.
Change-Id: Iaca5b967a3b7d1df843c7c21becc19b3f1633dad
This would cause an existing sparse image to be reused by a
subsequent build, leading to verity failures.
Change-Id: I2082df3dfba014515c9267e02189fe9987a56830
Pass the -T option to mkuserimg.sh to set all timestamps in the system
image (and any other ext4 image we build) to the value of
ro.build.date.utc for the build. This makes images produced from a
given target_files bit-identical.
Change-Id: Ibba5fa7a610f476209ef61708729cfd79dece0b6
With this change, e2fsck is run only when you build the update.zip file,
which is built when "dist" is among the make command.
Bug: 7591683
Change-Id: I446b71d5aa9295aff3af622f115175f769746615
Bug: 5153694
To build cache.img, set BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE (required,
ext4 only for now), BOARD_CACHEIMAGE_PARTITION_SIZE (optional) in
BoardConfig.mk.
Change-Id: I1d8b91646aa1dba88285e008ad3335768bcbddd2
Bug: 5398808
Before this change we have duplicate code in the Makefile and the
python-based releasetool. That's a real headache to maintain.
Change-Id: I8ddf04a79c6886540e89d990f723d8f77c9dd883
