Commit graph

57 commits

Author SHA1 Message Date
Bowgo Tsai
480dc7c19d Support signing custom_images with AVB
Current AVB signing for custom images is enabled by either of the
following build variables:
  CUSTOM_IMAGE_AVB_HASH_ENABLE := true
  CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true

A previous change to support chain partition replaced avb_signing_args
with avb_key_path and avb_algorithm. This change updates the
corresponding change for custom_images.

To sign a custom_image as a chain partition, it needs:
  CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
  CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
  CUSTOM_IMAGE_AVB_ROLLBACK_INDEX := 1

Note that it doesn't support include metadata of custom images into
vbmeta.img. Because custom_images is designed to build multiple files
(e.g., custom1.img, custom2.img, custom3.img, etc) and a device can only
use/mount one of them. The vbmeta.img needs to be generated per each
combination.

Bug:36701014
Test: sign custom image with AVB HASH descriptor (non-chain)
Test: sign custom image with AVB HASH descriptor as chain partition
Test: sign custom image with AVB HASHTREE descriptor (non-chain)
Test: sign custom image with AVB HASHTREE descriptor as chain partition
Change-Id: I492e2ce768e7caec22228b776b2c13a2d37a5b89
2017-08-25 13:28:57 +08:00
Bowgo Tsai
bd91ac7740 Merge "custom_images: support verity fec (forward error correction)"
am: abf553c9d3

Change-Id: I4b6e678859538ac91fc2548fc7195677660af37c
2017-07-14 23:58:45 +00:00
Bowgo Tsai
8ec2a1cb08 custom_images: support verity fec (forward error correction)
Bug: 63691195
Test: `make custom_images` with CUSTOM_IMAGE_SUPPORT_VERITY_FEC := true
Test: boot device with the custom image built above

Change-Id: I198fa1e0697cb00712bbfb6f1a717ec623703ede
2017-07-14 21:47:13 +08:00
Howard Chen
1b0da968a0 Merge "Support kernel modules in the odm image"
am: 95a8c7e83f

Change-Id: Ib34b1eb969b5fffba4040f40143ea1f3679d4913
2017-07-11 02:10:24 +00:00
Howard Chen
0c5f1e575d Support kernel modules in the odm image
This patch reuses the build-image-kernel-modules macro to build the
odm/lib/modules directory according to the BOARD_ODM_KERNEL_MODULES
which contains list of kernel module files.

Bug: 36012197
Test: android master build on pixel
Change-Id: I2c004132a89e7f230690b4d26c98c3d5b2769f11
2017-07-10 10:44:58 +08:00
Dan Willemsen
b2f7189479 Merge "Support custom my_copy_pairs in package-modules.mk" am: 5b91bd4ccb
am: 616764b247

Change-Id: I288d04b2e69c7f231f25905edcff19b31c6cf499
2017-06-21 03:00:30 +00:00
Dan Willemsen
f354b178b1 Support custom my_copy_pairs in package-modules.mk
To support extra files in package-modules.mk, allow the user to set
my_copy_pairs to a list of src:dest pairs that will be copied into the
zip file.

Test: build-aosp_arm.ninja is identical before/after
Test: codesearch says that these variables aren't otherwise used
Test: set my_copy_pairs, ensure that they exist in the zip.
Change-Id: Ia80cd136db8ad37a71010baf0552621b281c8bc3
2017-06-20 16:00:48 -07:00
Bowgo Tsai
b4c268eb7b Merge "Support signing custom images with AVB HASH or AVB HASHTREE" am: fe7aeb1de7 am: 16b64cbb58
am: 3989b738b8

Change-Id: I11393e1833db97301ffdd31ec3db0968e87c1a24
2017-05-31 03:38:24 +00:00
Bowgo Tsai
7ea994b21c Support signing custom images with AVB HASH or AVB HASHTREE
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.

Sample signing configurations:
 * AVB HASH footer:
   - CUSTOM_IMAGE_AVB_HASH_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image

 * AVB HASHTREE footer:
   - CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8

 * Using custom signing key:
   - CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
   - CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem

Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE

Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
2017-05-24 14:21:03 +08:00
Sen Jiang
c5d5fdee22 Merge "Add support for avbtool in custom_images." am: 8a8ca3438b am: 7cdc14d8b0
am: c900a7cd48

Change-Id: I6612fc8c91ae83ff9da7fa7f78460f6d8249a687
2017-05-16 18:09:45 +00:00
Sen Jiang
5b0fe18feb Add support for avbtool in custom_images.
Set CUSTOM_IMAGE_AVB_ENABLE := true to enable avb, add_hashtree_footer
args can be added in CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS.

Bug: 38319818
Test: m custom_images

Change-Id: Ia452dc5ce8b55bcbd3abba9e965b72e78fd8c104
2017-05-15 17:34:42 -07:00
Dan Willemsen
4e9e5d526c Merge "Rewrite link type checking" am: e4d92ef568 am: d76aaed983
am: e834d5f059

Change-Id: I02342b80077a7e1e36e61d1f9384d3b104a982c1
2017-04-20 15:15:19 +00:00
Dan Willemsen
b47d4e9cf1 Rewrite link type checking
All the new features are turned off for now, since multiple branches and
products need to be verified before they can be turned on. So everything
should behave the same as today, except for no partition-based
warnings.

Instead of the current link type checks that happen during the build,
run as many as possible immediately after loading all the Android.mk
files. If we're allowing missing dependencies ('mm',
ALLOW_MISSING_DEPENDENCIES, tapas, etc), we'll defer the link type
checks to during the build. If we're not allowing missing dependencies,
we'll produce a better error message to the user about the missing
dependencies.

See core/main.mk for a description of the storage format.

This also remove the partition-based type checking. It hasn't worked all
that well, particularly with ASAN builds. The new VNDK checks will
handle the most pressing cases.

Test: Verify all link_type files and dependencies are the same:
  grep link_type: out/build-aosp_arm64.ninja | sed -E "s/ rule[0-9]+//" | sort
Change-Id: Id643658b9d9e84f99f5db0d526aad88c1f5d3417
2017-04-19 22:41:32 -07:00
Colin Cross
4b6bc2b427 Merge "package-modules: use && instead of ; between copy commands" am: e0e20079c2 am: 8843039368
am: d826201c69

Change-Id: Ib5529cd05e439878a1083756e3b73d4d08940809
2017-03-15 02:28:39 +00:00
Colin Cross
f075bcbc98 package-modules: use && instead of ; between copy commands
Using ; to join commands in a rule causes failures to be ignored by
make.  Use && instead, and add true at the end as the second operand
to the last && operator.

Also inline copy-test-in-batch, batching is no longer necessary as
kati will fall back to a shell script if the recipe is too long to
fit in a command line.

Test: builds
Change-Id: I4a2528bf2a15106cfabaae0336662c4a0464271d
2017-03-14 16:58:34 -07:00
Dan Willemsen
ff490b6763 Merge "Speed up *TS zip file creation" am: 6d0f949296 am: 83667a3821
am: d6f077092b

Change-Id: Icf328eb0c239b7bd0a0ba602490860cad02f56db
2017-03-13 20:07:18 +00:00
Dan Willemsen
c4cf49569f Speed up *TS zip file creation
This also makes the resulting zip files more repeatable -- the file list
is sorted and the entries have static timestamps.

On my machine, this saves ~30 seconds for android-cts.zip, it now takes
less than a second.

Test: m -j cts; compare output from without this change
Change-Id: Ia71e35878ff98ba9775115860530e87eee47739f
2017-03-10 13:39:26 -08:00
Dan Willemsen
aa7e67c871 Merge changes I5e684409,I4fa35540,I24015ef0 am: 93de77745c am: d1378dec05
am: ead8af8580

Change-Id: I0608060da7307b9bd9a5bd15e601b1787c510dd4
2017-02-28 21:41:33 +00:00
Dan Willemsen
e19ca033c6 Improve warnings for package-modules.mk
Include the calling makefile and package name instead of just a warning
pointing to package-modules.mk

Test: multiproduct_kati, grep logs
Change-Id: I4fa35540b9695b44eea6c23463e137ec37d1d2c9
2017-02-24 15:49:50 -08:00
Alex Deymo
df32f43f1e Merge "Include the LOCAL_REQUIRED_MODULES when packaging." am: 06f3258694 am: 2ee71f6946 am: af5554c699
am: 0f9093a31c

Change-Id: Ib02724ee1825334069e48af6b7342364b759fbe4
2017-02-13 16:15:10 +00:00
Alex Deymo
00dc66760e Include the LOCAL_REQUIRED_MODULES when packaging.
When building test modules, dependencies added by the test modules get
build but don't get included in the packaged tests .zip file.

When packaging modules into a .zip file, this patch includes the modules
explicitly listed as a dependency in LOCAL_REQUIRED_MODULES for the
requested modules to package.

If these LOCAL_REQUIRED_MODULES dependencies are not used in the base
system image, they were build as part of the "tests" target but weree
not included in the package nor in the system image. This patch includes
those modules, making it easier to define dependencies of a test
module in the Android.mk file that defined said module, instead of
requiring to re-list all the dependent modules when packaging test
modules.

Bug: 27348226

Change-Id: Ic6f60cf2916b3fae0fa39f84aee8a4f440af9539
2017-01-05 12:12:42 -08:00
Tao Bao
eac8bbcb81 Merge "HOST_OUT_EXECUTABLES path is not needed in misc_info file" am: 376c0146b3 am: 7def52bfe8 am: f2cffd6849
am: 70e1bacb1a

Change-Id: I4e484604f6a691f0cb48015192cbba120d3306cc
2016-12-21 18:15:06 +00:00
Joe Onorato
9aa0b89177 make protobuf available to CTS host tools
Test: make -j32 cts
Change-Id: I866aebd6313fe2b0b6d3a1876ac8e5ada473a7b0
2016-12-20 22:28:54 -08:00
Vikram Dattu
29e88b850e HOST_OUT_EXECUTABLES path is not needed in misc_info file
HOST_OUT_EXECUTABLES is already added to the PATH variable,
so it is not needed to add the path info for binaries in
misc_info.txt and <partition>_image_info.txt.

Earlier the mkuserimg item in the build_image dictionary is
hardcoded to "mkuserimg.sh", but now it is customized for
mkuserimg.sh and mkuserimg_mke2fs.sh, and maintained in
dictionary "ext_mkuserimg=$(MKEXTUSERIMG)" in misc_info.txt
and <partition>_image_info.txt, where it is used in the
build_image script while creating the images.

The problem here is the value for this key is set to build
path of the file mkuserimg file
$(HOST_OUT_EXECUTABLES)/mkuserimg.sh,
i.e. out/host/linux_x86/bin/mkuserimg.sh,
there by standalone signing the images using otatools is
not working as the executables are packed in bin folder.

Test: tools/releasetools/sign_target_files_apks
    -p <extracted ota-tools.zip folder>
    --extra_signapk_args=-f /etc/opt/cert_data.dat
    -v
    --replace_verity_private_key ~/build/target/product/security/verity
    --replace_verity_public_key ~/build/target/product/security/verity.x509.pem
    -k <key maping>
    <input target files zip>
    <output target files zip>

Change-Id: I57af1025ec38f3794f779c49faa0bf965afc6a5d
2016-12-20 13:55:06 +01:00
bowgotsai
6dd1058761 Merge "custom_image: fix build break" am: 52897d4ecb am: ab0ae8e728 am: 882fc2c96a
am: 5f58152b73

Change-Id: I0bf4729aa396a1566b555c6fe2e4dfeff31b0e72
2016-12-07 03:38:30 +00:00
bowgotsai
0f72bca96b custom_image: fix build break
Fix build break caused by
https://android-review.googlesource.com/#/c/305575/.

Bug: 33358681
Test: make custom_images

Change-Id: I1ba7cf61491c8593b20bdac58e984f1928697b8c
2016-12-06 17:36:31 +08:00
Stuart Scott
270faa62e1 Remove tradefed prebuilt dependancy
Test: make cts
Change-Id: I6d75e9e8ca0f4327c0e6e1203d9009359d3819b8
2016-11-22 15:12:35 -08:00
Julien Desprez
63d377c56b Build CTS out of TF source
Export the TF jar build from source to the cts zip.

Test: build cts
Bug: 32819381
Change-Id: I4e1ccbd3a7ea27998a95986c1dd0348e01da60b6
2016-11-11 12:12:06 +00:00
Julien Desprez
7b10950b8a Export the cts tests jar required to run unit tests
Bug: 31393228
Change-Id: Id5ce5beccd70c67be6d4bfed01f7206a48498fc2
2016-09-12 11:19:48 +01:00
Aaron Holden
aee6f602f9 Move suite-level dynamic config to testcases
Enable client-side dynamic config code to access the suite-level dynamic
config files by placing them in the testcases directory. Also update
cts_v2.mk to define the location of its corresponding dynamic config file.

bug:23625592
Change-Id: Id11dea4b6acbe8ea7e5e9579e369a2be5873a224
2015-12-16 12:32:57 -08:00
Ying Wang
16a27b40eb Merge "Don\'t run ziptime on host zip files." am: 7f50cf7f50 am: 3a5c02e295
am: 3932de119a

* commit '3932de119a79ec3ddf5972722a9cb6fb8e4526b1':
  Don't run ziptime on host zip files.
2015-11-04 18:45:19 +00:00
Ying Wang
5d88770f26 Don't run ziptime on host zip files.
ziptime fails on zip file larger than 2GB.
These zip files won't installed on device and we don't care that much
about their reprodudcibility across builds.

Change-Id: I47062928d075a59eda92dd5333e59502f490d1cb
2015-11-04 10:06:25 -08:00
Dan Willemsen
641e8888fa Merge "Remove changing uids/timestamps from zip/jar files" am: a0975edc16
am: c789be850c

* commit 'c789be850ca14b945e72412457991d7a5e13126e':
  Remove changing uids/timestamps from zip/jar files
2015-11-03 23:43:30 +00:00
Dan Willemsen
48a621c277 Remove changing uids/timestamps from zip/jar files
Pass -X to zip so that Unix UID/GID and extra timestamps aren't
saved into the zip files.

Add a new tool, ziptime, that uses a very stripped down copy of
zipalign. It no longer depends on libandroidfw, and now rewrites the
timestamps in place instead of making a copy of the zipfile. This should
improve speed and reduce disk requirements, especially with the large
packaging zip files.

Bug: 24201956
Change-Id: I50f68669f659da1b4393e964ad40b6aafb00c1e7
2015-11-02 14:51:54 -08:00
Dan Willemsen
bfaf0f7830 Merge "Revert "Remove changing uids/timestamps from zip/jar files"" am: 49d8c5196e am: d8d06da814
am: 5887bfbe20

* commit '5887bfbe203d47849993b3cdbe54d6f0a155a071':
  Revert "Remove changing uids/timestamps from zip/jar files"
2015-10-29 21:42:07 +00:00
Dan Willemsen
b589ae4e26 Revert "Remove changing uids/timestamps from zip/jar files"
This reverts commit 3c2c064c87.

zipalign depends on libandroidfw, and some setups don't include frameworks/base.

Bug: 24201956
Change-Id: I48ee95808924f6b2221f0a49ab205c2565096b1f
2015-10-29 21:26:18 +00:00
Dan Willemsen
81e5f37786 Merge "Remove changing uids/timestamps from zip/jar files" am: 9f25219371 am: a51b1d532e
am: aa851650bf

* commit 'aa851650bf73d8143da011013bd64cd49969be96':
  Remove changing uids/timestamps from zip/jar files
2015-10-29 19:20:55 +00:00
Dan Willemsen
3c2c064c87 Remove changing uids/timestamps from zip/jar files
Pass -X to zip so that Unix UID/GID and extra timestamps aren't
saved into the zip files.

Add a new option to zipalign, -t, to replace all timestamps with static
timestamps (2008 Jan 1 00:00:00). Use this for all non-APK zip files.
APK zip timestamps are set based on the certificate date in SignApk.

Bug: 24201956
Change-Id: Ifb619fc499ba9d99fc624f2acd5f8de36d78ef8e
2015-10-29 11:57:16 -07:00
Stuart Scott
6661a29e6d Compatibility build rule rather than library.
bug:21762834
Change-Id: I8be2a5d0669dd80c2b17d31b655ec424bc1d9f63
2015-09-01 14:27:52 -07:00
Stuart Scott
19324d1a06 Depend on compatibility-host-util
bug:21762834
Change-Id: I8a91361b1b0dcf0ab98e15049ababea153f0e36a
2015-07-23 12:56:51 -07:00
Thierry Strudel
312d1de1bf am b654458f: am 7f798c6c: am 8d7066c1: am 6b74f21a: oem_image/custom_image: fix missing new parameter to build_image.py
* commit 'b654458ff78a420ca0f5e277cc70737bfb851639':
  oem_image/custom_image: fix missing new parameter to build_image.py
2015-07-14 16:41:53 +00:00
Thierry Strudel
6b74f21a4d oem_image/custom_image: fix missing new parameter to build_image.py
Bug: 22441494
Change-Id: I0baa4db67ab7a17dc89193511702ed98e7515318
Signed-off-by: Thierry Strudel <tstrudel@google.com>
2015-07-13 14:46:49 -07:00
leozwang
c177d1cd97 am db95afe9: am 5c91af0d: Merge "Add BUILD NUMBER into oem image." into mnc-dev
* commit 'db95afe910f7fd60baee9c1bddf0f0502213d532':
  Add BUILD NUMBER into oem image.
2015-06-22 01:08:12 +00:00
leozwang
92eb5703e5 Add BUILD NUMBER into oem image.
Change-Id: If2e1903a44fc033eecb1564aa423cd60b3c86fcb
2015-06-20 21:05:19 -07:00
Stuart Scott
3a0374548a Remove repository directory.
We no longer have plans as xml files, so this extra directory level is
unnecessary.

Change-Id: Id513685d60c4abee2932a31bb89a2a518a285270
2015-06-10 15:28:08 -07:00
Stuart Scott
1dcff84ce6 Only copy tools, not test artifacts
Change-Id: I723f580a6cea783dc07d12883dfe36120e462784
2015-06-08 16:19:27 -07:00
Stuart Scott
1926e9b8bf Adds the compatibility build task and cts_v2 rules.
Change-Id: If7939dba38566f26cbc678da3fe7cb605c19745a
2015-06-04 15:09:47 -07:00
Ying Wang
b4b767a484 Fix Mac build.
Mac doesn't like "cp -r -L", but "cp -R -L".

Change-Id: I32bd8e5171db4ed811e158d91482671b14622825
2015-05-07 20:57:56 -07:00
Ying Wang
069f1f8942 Deference symlinks when copying LOCAL_PICKUP_FILES.
Change-Id: I2399529ee9168bb93a4cad5daa61cd2ea500df04
2015-04-30 19:46:00 -07:00
Ying Wang
7d51a40295 Add selinux and verity support to custom image generation.
New custom image configuration variables:
- CUSTOM_IMAGE_SELINUX, set to "true" if the image supports selinux.
- CUSTOM_IMAGE_SUPPORT_VERITY, set to "true" if the product supports verity.
- CUSTOM_IMAGE_VERITY_BLOCK_DEVICE

Also changed the staging directory name to the mount point, like we do
for other images built by the build system.

Bug: 19609718
Change-Id: I6bbf06b79eee63e4c77834f2e6f1d5a7f7e00a12
2015-03-23 10:04:56 -07:00