When /boot partition is chained in AVB signing, libavb will try to
read AVB footer from the end of /boot partition, even if the device is
unlocked. However, this makes device unbootable when the unsigned
boot-debug.img is flashed on /boot partition. This CL uses a test key
from external/avb to sign the boot-debug.img if /boot partition is
chained.
Bug: 126493225
Bug: 129508966
Test: Enables chain partition for boot.img, `make bootimage_debug` then
checks `avbtool info_image --image $OUT/boot-debug.img`
Test: `make bootimage_debug-nodeps`
Test: boot a device with a chained boot-debug.img
Change-Id: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
They've been warnings for two weeks, with no reports of problems,
and no warnings in the logs that I can search.
Fixes: 130723115
Fixes: 130734993
Test: treehugger
Change-Id: I61b8b5f35905d45fa7cab9914580ae6c005e83dc
Note: libtombstoned_client.so was moved from the Runtime APEX to system with
http://r.android.com/941388.
Test: m systemimage
Bug: 124293228
Bug: 131587358
Change-Id: I9e517d3c2344b39cf2743a34723572e646675677
common.GetCareMap() may return an empty list on unavailable care_map
since the change in commit 8bdfb990ea.
Caller needs to handle such a case accordingly. This CL fixes the caller
in add_img_to_target_files.py, and changes the return value to None to
break legacy callers loudly.
Fixes: 131794385
Test: `atest releasetools_test`
Change-Id: I7c94f456064199237e84ef75732bdd10ebe31736
Preinstalled overlays needn't be signed with the same cert
as the package it overlays, simply being preinstalled is
enough. Sign with the default cert instead for now, which
provides fewer special privileges.
Bug: 129373833
Test: internal overlay test
Change-Id: Ie18f7ff749e3f079600f74203664bcb6d11f9d6a
These were added as part of http://r.android.com/731514, but
most of these properties make no sense for the bootimage. Revert
to only defining date, date.utc and fingerprint.
Bug: 131066061
Test: inspect vendor/build.prop
Test: boot, no SELinux warnings for removed props
Change-Id: Ibbeff9870a5b71e83c2cceeb1327b12600077b23
For enabling per product configuration of resolving startup
const strings.
Bug: 130217075
Bug: 131310042
Test: make
(cherry picked from commit b37c79c3a2)
Merged-In: I51cb8931b915a710ab584f954b7a99c7a651d914
Change-Id: I0ecc7823620bca9f252b3d91b82982db91dd248d
When set, product-img-tag.zip contains super.img instead of individual
user images from target files. For virtual devices, super.img is needed
to boot the device, but individual user images aren't needed.
Test: on A/B DAP, with flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor / system_other
Test: on non-A/B DAP, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor
Test: on A/B retrofit, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super_*.img and system_other.img, but not system / vendor
Bug: 113175337
Change-Id: I94e33091d0c837cae40776176b4dcfdd338aba90
build_mixed script can't merge system and product VINTF
data yet.
Fixes: 131418170
Bug: 131425279
Test: build 'target_files_package' for 'mainline_system_google_arm64',
see META/system_manifest.xml
Change-Id: I366d9bc802ee0e6bdf8fe480303f3fee827c579d
They only contain prebuilts from older releases.
Test: m systemimage on affected internal lunch targets
Bug: 124293228
Change-Id: I059c9d0edb78e52838a25cef0472807847d77417
If set to true,
- super.img is built from images in $PRODUCT_OUT
- super.img is built to $PRODUCT_OUT
- super.img is built when 'make'.
'make dist' still builds super image from images in target files to
intermediates directory.
This flag is useful for virtual devices, but isn't intended to be set for
actual devices. For actual devices, userspace fastboot should flash
super_empty.img and individual user images separately.
Test: on cuttlefish (flag is set),
make # generates $OUT/super.img
make superimage # generates $OUT/super.img
Test: on real non-retrofit DAP device (flag is not set)
make # no super.img is generated
make superimage # generates $OUT/obj/PACKAGING/.../super.img
make dist # generates out/dist/super.img
Bug: 113175337
Change-Id: Ieb81e4fbb663bb4b69e9962c3fa9f16b03aeb907
When odm is changed, device manifest/matrices should be included.
When product is changed, framework manifest/matrices should be included.
Bug: 130714844
Bug: 126770403
Test: build with odm and product VINTF metadata
Change-Id: I49c8083e0e7185ae7b96047d68f1f624b1113dfc
- Rename framework_manifest.xml to system_manifest.xml since that's more accurate.
- Add product_manifest.xml to base_product.mk
- Add product_manifest.xml to verified_assembled_framework_manifest.xml to check
it at build time.
Bug: 126770403
Bug: 130714844
Bug: 80547152
Test: build and inspect output
Test: lshal
Change-Id: I1b447d8c36f72768e28e9bcaa4d06afdeba08c2a
Test: `atest --host releasetools_test`
Test: `m dist` with a target that uses non-sparse images.
Test: Run UpdateVerifierTest on blueline.
Change-Id: I8fdebee42fcaac78c2d1be2a84ddb69f46ec701d
For an PRESIGNED APEX, it has the following format, which should be
considered as a valid input.
name="foo.apex" public_key="PRESIGNED" private_key="PRESIGNED" container_certificate="PRESIGNED" container_private_key="PRESIGNED"
Bug: 131153746
Test: Run sign_target_files_apks.py on a target_files.zip with PRESIGNED
APEXes.
Test: python -m unittest sign_target_files_apks
Change-Id: I51076b0c6eddfb75637d37659a08009f0a88e931
By sorting the content of the final output merged target files package, the
merged target files package is more like the target files packages generated by
a build.
Test: Generate merged target files package, verify that content is sorted.
Change-Id: Ic0c198630ebd7692a3f3f9663d85e4b45229175c
We used to require explicitly setting both (e.g. `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=` to skip signing `foo.apex`).
This CL allows specifying `-e` alone to achieve the same result.
However, if a conflicting `--extra_apex_payload_key` is also specified,
that would be considered as a config error.
Bug: 131153746
Test: Run sign_target_files_apks.py with `-e foo.apex=` alone to skip
signing foo.apex.
Test: Run sign_target_files_apks.py with `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=key` and expect assertion error.
Change-Id: Ia747f59ee726b60bdb1445024e749320171064c2
This is used by merge_target_files to prevent an unnecessary unzip and
copy.
Test: Ran merge_target_files.py and booted using the img.zip.
Change-Id: I6fe0dd025b30b3f4965c9b22fb6943019bf5899b
In some build targets, e.g., aosp_arm64_ab, $OUT/ramdisk is an empty
dir, and leads to rsync $OUT/ramdisk/* failure. Removing the trailing
asterisk to avoid throwing an error if it's empty. Note that the
trailing slash still needs to be kept to avoid creating an additional
directory level at the destination.
Bug: 126493225
Test: `make ramdisk_debug` on aosp_arm64_ab
Test: flash boot-debug.img on crosshatch still can adb root
Change-Id: I44937324379fa78fc26a4471ba94eb7694911c2d
Merged-In: I44937324379fa78fc26a4471ba94eb7694911c2d
Some targets have ramdisk.img but no boot.img, howerver,
ramdisk-debug.img only depends on boot.img. Fix this by making
ramdisk-debug.img depends on ramdisk.img.
Bug: 126493225
Test: make ramdisk_debug
Change-Id: I65120a3b3372712fafc26442354ee031eede0bd3