Commit graph

1082 commits

Author SHA1 Message Date
Narayan Kamath
a07bf049b9 releasetools: Add support for compressed APKs.
Compressed APKs can be identified by a "compressed=<ext>" entry in
the apkcerts.txt file. When we encounter such an entry, we need to
decompress the file to a temporary location before we process its
certs. When we're signing, we should also recompress the package
after it's signed.

Bug: 64531948
Test: ./build/tools/releasetools/check_target_files_signatures.py
Test: ./build/tools/releasetools/sign_target_files_apks.py
Test: compared signed output before / after this change, verify that
      it's bitwise identical when no compressed APKs are present.

Change-Id: Id32e52f9c11023955330c113117daaf6b73bd8c2
2017-08-21 13:21:20 +01:00
Tao Bao
7a0a560c15 Merge "Look for non-existent files listed in avb_vbmeta_args." into oc-dr1-dev
am: 9c77abd6f2

Change-Id: Id96d37fd4e4ca639d3ed15e8472f1f2b2953e1ff
2017-07-21 17:18:00 +00:00
Tao Bao
1dc5d47653 Look for non-existent files listed in avb_vbmeta_args.
In BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS, if we have defined
"--include_descriptors_from_image" with an image file whose path points
to source tree, add_img_to_target_files.py or sign_target_files_apks.py
may fail to find the file. Because these scripts may run without a
source tree, by taking target_files.zip as the only input.

This CL scans additional locations in the input target_files.zip to find
those missing files in avb_vbmeta_args. As long as the files are included
in the target_files.zip, they get a second chance to be found.

Bug: 63910867
Test: As follows:
 1. Setup BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS with a local file path;
 2. Remove the local file;
 3. sign_target_files_apks.py fails without this CL;
 4. sign_target_files_apks.py works.
Change-Id: I3c58f80a5535db02b74cfe40d0c0beff72587cf8
2017-07-21 01:20:14 -07:00
Tianjie Xu
a4caab580c Merge "Generate brotli compressed {}.new.dat for full OTA" am: 1b28eca1a1 am: a07a04c737
am: 4b53a17756

Change-Id: If03919b9012f4a693e895b02a0c148eeb0a4da5e
2017-07-14 23:34:39 +00:00
Tianjie Xu
4b53a17756 Merge "Generate brotli compressed {}.new.dat for full OTA" am: 1b28eca1a1
am: a07a04c737

Change-Id: I5f2b92791a759def118c6aa70a3e0777a9e8da85
2017-07-14 23:30:32 +00:00
Tianjie Xu
1b28eca1a1 Merge "Generate brotli compressed {}.new.dat for full OTA" 2017-07-14 23:21:54 +00:00
Tianjie Xu
b0a29ad8c2 Generate brotli compressed {}.new.dat for full OTA
Brotli has a better compression ratio than deflation. So for non-AB
full OTA, we can compress the new.dat with brotli first and store it
in the zip package.
This increase the OTA generation time by ~5 minutes for a full OTA
(measured based on 2.0G system.new.dat)

Bug: 34220646
Test: Generate a full OTA for bullhead
Change-Id: I9c0550af8eafcfa68711f74290c8e2d05a96648f
2017-07-14 10:53:21 -07:00
Tao Bao
f7f27b9002 Merge "Add the missing 'import stat' line." into oc-dr1-dev
am: d43ab80c75

Change-Id: I5d2712c53e9284b96a80ca66cc2b8361e27d3176
2017-07-12 22:21:55 +00:00
Tao Bao
9fdd00f682 Add the missing 'import stat' line.
Accidentally broken by the cherry-pick in commit
f829b40c48 - the original CL in oc-dev
doesn't require the 'import stat' line.

Bug: 63629728
Test: `pylint --rcfile=pylintrc sign_target_files_apks.py`
Test: Successfully sign a build with sign_target_files_apks.py.
Change-Id: I94be613fb2219597148c4339ac33fc93d0cdae47
2017-07-12 12:01:43 -07:00
Tao Bao
55625564c6 Merge "Track the AVB property name change." am: c45161536f
am: fcc2cf6c1e

Change-Id: I9bbed4c45961f2d3fa775b8b977ae58bbaae33ff
2017-07-07 23:35:43 +00:00
Tao Bao
48ae05ea77 Track the AVB property name change.
system_avb_hashtree_enable has been renamed to
avb_system_hashtree_enable in commit
3e599ead66. 'care_map.txt' is missing due
to the change.

Bug: 63142730
Test: `m dist` and check IMAGES/care_map.txt exists in target_files zip.
Change-Id: I60c269b41df844b50353d357bf67c20f15548642
(cherry picked from commit 3f72176da0)
2017-07-07 15:02:37 -07:00
Tao Bao
3f72176da0 Track the AVB property name change.
system_avb_hashtree_enable has been renamed to
avb_system_hashtree_enable in commit
3e599ead66. 'care_map.txt' is missing due
to the change.

Bug: 63142730
Test: `m dist` and check IMAGES/care_map.txt exists in target_files zip.
Change-Id: I60c269b41df844b50353d357bf67c20f15548642
2017-06-29 15:19:09 -07:00
Tao Bao
1612f02ff2 Merge "Allow packing custom radio images into target_files zip." am: 9ea6a8b817
am: ce10b6e2f3

Change-Id: I3b6f7ade42f58baa722e2ee3df81efac48a5b653
2017-06-29 03:19:02 +00:00
Tao Bao
9ea6a8b817 Merge "Allow packing custom radio images into target_files zip." 2017-06-28 22:03:19 +00:00
Tao Bao
118b3243f8 Merge "Support replacing AVB signing keys." am: 682849976d
am: b5363b2dbc

Change-Id: I8388e8c3c3bf801d7a9d50f111e91555b933a4d7
2017-06-28 19:44:54 +00:00
Tao Bao
c218a470fb Support replacing AVB signing keys.
sign_target_files_apks.py now supports signing targets using verified
boot 2.0 (aka AVB). It allows replacing AVB signing keys for both of
chained and non-chained partitions.

An example command line looks as follows.
 $ ./build/tools/releasetools/sign_target_files_apks.py \
     --avb_vbmeta_key external/avb/test/data/testkey_rsa2048.pem \
     --avb_vbmeta_algorithm SHA256_RSA2048 \
     --avb_vbmeta_extra_args \
         "--signing_helper_with_files ./signing-helper.sh" \
     --avb_system_key external/avb/test/data/testkey_rsa4096.pem \
     --avb_system_algorithm SHA256_RSA4096 \
     --avb_system_extra_args \
         "--signing_helper_with_files ./signing-helper.sh" \
     product-target_files.eng.zip signed-product-target_files.zip

To verify the signed images:
 $ unzip signed-product-target_files.zip IMAGES/\*
 $ avbtool verify_image --image IMAGES/vbmeta.img \
     --expected_chain_partition system:1:testkey_rsa4096_pub.pem \
     --key external/avb/test/data/testkey_rsa2048.pem

Bug: 38315721
Test: sign_target_files_apks.py on AVB-enabled target w/ and w/o chained
      partitions respectively. Check the signing command lines; validate
      the signed images with 'avbtool verify_image'.
Change-Id: Ia009555b16ddb6d8ba6a0858d5ca7d983bbab887
(cherry picked from commit 639118ff4d)
2017-06-28 12:38:32 -07:00
Tao Bao
7b8a7936dd Merge "Delay the write-back of misc_info in sign_target_files_apks.py." into oc-dr1-dev 2017-06-28 19:36:51 +00:00
Tao Bao
57ae9a2234 Delay the write-back of misc_info in sign_target_files_apks.py.
Currently we're writing META/misc_info.txt to the new TF.zip during
ReplaceVerityPrivateKey(). We should delay that until we have replaced
everything in need. Otherwise we won't be able to replace/overwrite
that zip entry (unless `zip -d` first).

This CL also cleans up the return value of ReplaceVerityPublicKey() and
ReplaceVerityKeyId(), since the caller no longer needs the values.

Test: sign_target_files_apks.py and check the generated signed TF.zip.
Change-Id: I9fbd7182247728281519e5e3971557f6b018ad65
(cherry picked from commit 46a5999a02)
2017-06-28 11:07:34 -07:00
TreeHugger Robot
3b7460eda9 Merge "Move /default.prop to /system/etc/prop.default" into oc-dr1-dev 2017-06-28 06:28:10 +00:00
Tao Bao
95a95c3a5e Allow packing custom radio images into target_files zip.
Radio images are added to INSTALLED_RADIOIMAGE_TARGET, which by default
will be packed under RADIO/ in a target_files zip. This CL introduces
BOARD_PACK_RADIOIMAGES that allows additionally copying them into
IMAGES/, which will then be included into <product>-img.zip.

Bug: 62195105
Test: Define BOARD_PACK_RADIOIMAGES and `m dist`. Check the generated
      target_files zip and <product>-img.zip.
Change-Id: I3deafd2dfecd1d4dbfdfc2d002fc40ef22fb60ea
2017-06-27 13:50:12 -07:00
Tao Bao
639118ff4d Support replacing AVB signing keys.
sign_target_files_apks.py now supports signing targets using verified
boot 2.0 (aka AVB). It allows replacing AVB signing keys for both of
chained and non-chained partitions.

An example command line looks as follows.
 $ ./build/tools/releasetools/sign_target_files_apks.py \
     --avb_vbmeta_key external/avb/test/data/testkey_rsa2048.pem \
     --avb_vbmeta_algorithm SHA256_RSA2048 \
     --avb_vbmeta_extra_args \
         "--signing_helper_with_files ./signing-helper.sh" \
     --avb_system_key external/avb/test/data/testkey_rsa4096.pem \
     --avb_system_algorithm SHA256_RSA4096 \
     --avb_system_extra_args \
         "--signing_helper_with_files ./signing-helper.sh" \
     product-target_files.eng.zip signed-product-target_files.zip

To verify the signed images:
 $ unzip signed-product-target_files.zip IMAGES/\*
 $ avbtool verify_image --image IMAGES/vbmeta.img \
     --expected_chain_partition system:1:testkey_rsa4096_pub.pem \
     --key external/avb/test/data/testkey_rsa2048.pem

Bug: 38315721
Test: sign_target_files_apks.py on AVB-enabled target w/ and w/o chained
      partitions respectively. Check the signing command lines; validate
      the signed images with 'avbtool verify_image'.
Change-Id: Ia009555b16ddb6d8ba6a0858d5ca7d983bbab887
2017-06-27 10:50:46 -07:00
Hung-ying Tyan
7eb6a926ad Move /default.prop to /system/etc/prop.default
This patch tries to fix the problem where the default properties need
to go with the system image especially on non-AB devices where
/default.prop is on the ramdisk image. A symlink is created at
/default.prop for backward compatibility.

Bug: 37815285
Test: Tested with ag/2416542. Booted pixel phones, checked the location
      of prop.default, verified the symlink, checked a few properties
      (via adb shell getprop) and manually tested a few apps (Camera,
      Maps etc).
      sign_target_files_apks.py was tested with:
      sign_target_files_apks -o -e DynamiteLoader.apk= -e DynamiteModulesA.apk= \
          -e DynamiteModulesB.apk= -e DynamiteModulesC.apk= -e DynamiteModulesD.apk= \
          -e GoogleCertificates.apk= out/dist/*-target_files-*.zip signed-target_files.zip
      Booted to recovery and ran 'adb sideload' successfully.
Change-Id: I1a9a2ba49c8252afc13ced3dea71253afbd3091e
Merged-In: I1a9a2ba49c8252afc13ced3dea71253afbd3091e
(cherry-picked from 4fbbe4578bb10d54292d9b243edf4999fddf1c93)
2017-06-27 15:10:32 +08:00
Hung-ying Tyan
f829b40c48 Move /default.prop to /system/etc/prop.default
This patch tries to fix the problem where the default properties need
to go with the system image especially on non-AB devices where
/default.prop is on the ramdisk image. A symlink is created at
/default.prop for backward compatibility.

Bug: 37815285
Test: Tested with ag/2416542. Booted pixel phones, checked the location
      of prop.default, verified the symlink, checked a few properties
      (via adb shell getprop) and manually tested a few apps (Camera,
      Maps etc).
      sign_target_files_apks.py was tested with:
      sign_target_files_apks -o -e DynamiteLoader.apk= -e DynamiteModulesA.apk= \
          -e DynamiteModulesB.apk= -e DynamiteModulesC.apk= -e DynamiteModulesD.apk= \
          -e GoogleCertificates.apk= out/dist/*-target_files-*.zip signed-target_files.zip
      Booted to recovery and ran 'adb sideload' successfully.
Change-Id: I1a9a2ba49c8252afc13ced3dea71253afbd3091e
2017-06-27 15:05:17 +08:00
Tianjie Xu
8fb65a5d63 Merge "Remove the obsolete location check for install-recovery.sh" 2017-06-22 18:12:44 +00:00
Tianjie Xu
924c1c0598 Merge "Verify the contents in install-recovery.sh" 2017-06-22 18:12:44 +00:00
Chih-hung Hsieh
d79ce64555 Merge "Add OWNERS in build/make" 2017-06-22 04:27:13 +00:00
Chih-Hung Hsieh
044fc0c4a4 Add OWNERS in build/make
* Owners are selected from top CL approvals or owners.
  They will be suggested to review/approve future CLs.
* OWNERS files are recognized by the new find-owners plugin, see .md files in
  https://gerrit.googlesource.com/plugins/find-owners/+/master/src/main/resources/Documentation/

Test: build/make/tools/checkowners.py -c -v OWNERS
Change-Id: Ibe6765e5448c471ca413413e3d052507ccee4ea6
2017-06-21 16:09:56 -07:00
Bowgo Tsai
f636a80888 AVB: support chain partition signing
Current build system will include AVB metadata from each partition and
store them into /vbmeta partiton when BOARD_AVB_ENABLE is set, which makes
each partition tightly-coupled.

Add the support for 'chain partition':
  - The vbmeta of each partition is stored on the same partition itself.
  - The public key used to verify each partition is stored in /vbmeta.

For example, the following build variables are required to enable chain
partition for system partition:
  - BOARD_AVB_SYSTEM_KEY_PATH := path/to/system_private_key
  - BOARD_AVB_SYSTEM_ALGORITHM := SHA512_RSA8192
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX := 1
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 2

The corresponding settings will be added into META/misc_info.txt for
build_image.py and/or add_img_to_target_files.py:
  - avb_system_key_path=path/to/system_private_key
  - avb_system_algorithm=SHA512_RSA8192
  - avb_system_add_hashtree_footer_args=--rollback_index 1
  - avb_system_rollback_index_location=2

To enable chain partition for other partitions, just replace SYSTEM with
BOOT, VENDOR and/or DTBO in the build variables.

Also switch from  `avbtool make_vbmeta_image --setup_rootfs_from_kernel system.img ...`
to `avbtool add_hashtree_footer --image system.img --setup_as_rootfs_from_kernel...`
when BOARD_BUILD_SYSTEM_ROOT_IMAGE is true. This works for both chained
and no-chained:
  - chained: `avbtool add_hashtree_footer --setup_as_rootfs_from_kernel` will
    add dm-verity kernel cmdline descriptor to system.img
  - no-chained: `avbtool make_vbmeta_image --include_descriptors_from_image
    system.img` will include the kernel cmdline descriptor from system.img into
    vbmeta.img

Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device without chain partitions
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device without chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device with chain partitions
Test: follow the same steps in
      https://android-review.googlesource.com/#/c/407572/

Change-Id: I344f79290743d7d47b5e7441b3a21df812a69099
Merged-In: I344f79290743d7d47b5e7441b3a21df812a69099
(cherry picked from commit 3e599ead66)
2017-06-21 10:22:38 +08:00
Tianjie Xu
9c384d2ca5 Verify the contents in install-recovery.sh
Check the SHA1 of recovery.img and boot.img embedded in the
install-recovery.sh.

Bug: 35411009
Test: validation script detects mismatch for both full recovery and
recovery-from-boot.
Change-Id: I5f07a869d9fa17fad26a22ef9ca3ecb06b1b28e3
2017-06-20 17:28:35 -07:00
Tianjie Xu
78de9f173d Remove the obsolete location check for install-recovery.sh
The script has been moved to /system/bin since L.

Bug: 35411009
Test: Generate a exact same OTA for bullhead.
Change-Id: Iaecb86e3dabc5b659605837bb06f16d20fa80334
2017-06-20 16:52:54 -07:00
Treehugger Robot
0effed4b94 Merge "AVB: support chain partition signing" 2017-06-20 06:57:34 +00:00
Treehugger Robot
9baf675285 Merge "Allow sign_target_files_apks.py to create zip64 signed TF.zip." 2017-06-14 05:36:51 +00:00
Tao Bao
2b8f489e30 Allow sign_target_files_apks.py to create zip64 signed TF.zip.
We should only disallow zip64 for the image and OTA zips (because we
don't have zip64 support in libziparchive yet). But target_files zips
are fine to use zip64 with host tools (and we already do that in
add_img_to_target_files.py).

This CL also sets the default compression method to DEFLATED when
creating the signed TF.zip.

Test: sign_target_files.apks.py signing a large TF.zip passes.
Change-Id: I8043739860604134fa1166e920c95c28797bbcc1
2017-06-13 13:01:23 -07:00
Tianjie Xu
9ac4cb0984 Fix duplicate 'META/care_map.txt' when calling add_img_to_target_files
In case the system/vendor image is updated for an A/B target file, we'll
delay the write of META/care_map.txt. Specifically, we'll run "zip -d"
to remove the old entry and then zip in the new one from tmp dir.

Bug: 62345693
Test: Run add_img_to_target_files.py on sailfish target files, and
care_map.txt is updated.

Change-Id: Id2f9997aac50c0740e6944d0d0d43d98f5fc6c29
2017-06-13 11:20:29 -07:00
Bowgo Tsai
3e599ead66 AVB: support chain partition signing
Current build system will include AVB metadata from each partition and
store them into /vbmeta partiton when BOARD_AVB_ENABLE is set, which makes
each partition tightly-coupled.

Add the support for 'chain partition':
  - The vbmeta of each partition is stored on the same partition itself.
  - The public key used to verify each partition is stored in /vbmeta.

For example, the following build variables are required to enable chain
partition for system partition:
  - BOARD_AVB_SYSTEM_KEY_PATH := path/to/system_private_key
  - BOARD_AVB_SYSTEM_ALGORITHM := SHA512_RSA8192
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX := 1
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 2

The corresponding settings will be added into META/misc_info.txt for
build_image.py and/or add_img_to_target_files.py:
  - avb_system_key_path=path/to/system_private_key
  - avb_system_algorithm=SHA512_RSA8192
  - avb_system_add_hashtree_footer_args=--rollback_index 1
  - avb_system_rollback_index_location=2

To enable chain partition for other partitions, just replace SYSTEM with
BOOT, VENDOR and/or DTBO in the build variables.

Also switch from  `avbtool make_vbmeta_image --setup_rootfs_from_kernel system.img ...`
to `avbtool add_hashtree_footer --image system.img --setup_as_rootfs_from_kernel...`
when BOARD_BUILD_SYSTEM_ROOT_IMAGE is true. This works for both chained
and no-chained:
  - chained: `avbtool add_hashtree_footer --setup_as_rootfs_from_kernel` will
    add dm-verity kernel cmdline descriptor to system.img
  - no-chained: `avbtool make_vbmeta_image --include_descriptors_from_image
    system.img` will include the kernel cmdline descriptor from system.img into
    vbmeta.img

Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device without chain partitions
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device without chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device with chain partitions
Test: follow the same steps in
      https://android-review.googlesource.com/#/c/407572/

Change-Id: I344f79290743d7d47b5e7441b3a21df812a69099
2017-06-13 17:45:10 +08:00
Treehugger Robot
d6e8002734 Merge "Delay the write-back of misc_info in sign_target_files_apks.py." 2017-06-08 22:24:53 +00:00
Tao Bao
46a5999a02 Delay the write-back of misc_info in sign_target_files_apks.py.
Currently we're writing META/misc_info.txt to the new TF.zip during
ReplaceVerityPrivateKey(). We should delay that until we have replaced
everything in need. Otherwise we won't be able to replace/overwrite
that zip entry (unless `zip -d` first).

This CL also cleans up the return value of ReplaceVerityPublicKey() and
ReplaceVerityKeyId(), since the caller no longer needs the values.

Test: sign_target_files_apks.py and check the generated signed TF.zip.
Change-Id: I9fbd7182247728281519e5e3971557f6b018ad65
2017-06-07 15:13:50 -07:00
Treehugger Robot
9718140570 Merge "Fix the broken script in AssertFingerprintOrThumbprint." 2017-06-05 22:33:05 +00:00
Tao Bao
d2d01e519e Fix the broken script in AssertFingerprintOrThumbprint.
Bug: 62252466
Test: Re-generate an incremental OTA that goes from the fingerprint to
      thumbprint, and check the updater-script.
Change-Id: I6e2cbf68cbd22fbcf0d200fc3fdc8a33da510a53
2017-06-05 12:27:52 -07:00
Tao Bao
3ebfddeabe Remove three board_avb_* args from META/misc_info.txt.
board_avb_algorithm and board_avb_key_path are overlapping with
avb_signing_args. In core/Makefile, only avb_signing_args (i.e.
INTERNAL_AVB_SIGNING_ARGS) will be used in the AVB-signing command. It
covers the contents in board_avb_{algorithm,key_path}. We should do the
same thing in tools/releasetools to avoid potential inconsistency.

This CL cleans up the logic in tools/releasetools, by always using
avb_signing_args. This also allows easier signing key replacement (so we
can replace the key/algorithm/signer in 'avb_signing_args').

board_avb_system_add_hashtree_footer_args is unused in releasetools
script, and the same information has been covered by
system_avb_add_hashtree_footer_args. This CL removes this arg as well.

Test: `m dist`. Then a) check the removed three args no longer exist in
      META/misc_info.txt; b) check that rebuilding images with
      add_img_to_target_files.py uses the same parameters.
Change-Id: I7db890b5c942de5b6868d8d1ebf937586d4729c0
2017-06-05 10:33:52 -07:00
Tao Bao
4536e45f66 Merge "Support re-generating DTBO image from add_img_to_target_files.py." 2017-06-02 22:13:36 +00:00
Tianjie Xu
65b98cd3b1 Merge "Generate care_map.txt when AVB is enabled" 2017-06-02 18:09:58 +00:00
Tianjie Xu
6b2e155ee6 Generate care_map.txt when AVB is enabled
When AVB is enabled, generate care_map.txt and add it to the target
files. Also copy it into the OTA package where it will later be used
by the update_verifier.

Bug: 62208947
Test: \
1. Run add_img_to_target_files on the TF of a new pixel device,
and care_map.txt generates successfully.

2. Make dist in oc-dr1-release and find care_map.txt in the OTA package.

3. update_verifier succeeds in reading all the blocks on the care_map,
and fails to read out-of-bound blocks.

Change-Id: I2881711e6f87789cb7de150dbeca18b756fed68a
2017-06-01 21:36:43 -07:00
Tao Bao
c633ed0230 Support re-generating DTBO image from add_img_to_target_files.py.
This is a step to enable signing a given target_files zip with release
keys.

When calling sign_target_files_apks.py, we will delete all the entries
under IMAGES/ in order to re-generate them (with the proper release
keys). In order to support that, we need to pack everything in need into
TF.zip.

Steps to test the CL.
a) Choose a target that has both AVB and DTBO enabled.
 $ m dist

b) Check IMAGES/dtbo.img and PREBUILT_IMAGES/dtbo.img both exist in the
   generated out/dist/TF.zip.

c) Remove the entries under IMAGES/ from the generated TF.zip.
 $ zip -d TF.zip IMAGES/\*

d) Re-generate the images with TF.zip.
 $ build/make/tools/releasetools/add_img_to_target_files.py TF.zip

e) Check that IMAGES/dtbo.img is re-generated, and it's identical to the
   image in b). Note that by default the re-generated image will carry a
   different footer, because of the random salt. This CL is verified by
   specifying the same salt.

Bug: 38315721
Test: see above.
Change-Id: I0bdc4e1cd4800962dc3902ca550dad6a8ca56c78
2017-06-01 20:07:33 -07:00
Treehugger Robot
db5fa05429 Merge "Pack avbtool into otatools.zip." 2017-06-01 07:19:17 +00:00
Tao Bao
2bb109709a Remove the obsolete logic in img_from_target_files.py.
img_from_target_files.py used to handle the case that a given TF.zip not
containing the image entries under IMAGES/. That is only the case for
pre-Lollipop releases.

Also unzip the needed files only since we know that for sure now.

Test: img_from_target_files.py with an existing bullhead-TF.zip gives
      the same bullhead-img.zip.
Change-Id: I892379ba388df80ae63be9d3ce647fbb77fd4753
2017-05-31 11:17:56 -07:00
Tao Bao
3cba374da2 Pack avbtool into otatools.zip.
Also pack the test keys for easier testing.

Bug: 38315721
Test: m otatools-package and avbtool is present in otatools.zip.
Change-Id: Ieb63bf3f4bc211ef1f48ab278cb01b70845d06da
2017-05-31 10:20:25 -07:00
Treehugger Robot
fe7aeb1de7 Merge "Support signing custom images with AVB HASH or AVB HASHTREE" 2017-05-31 03:24:25 +00:00
Tianjie Xu
f7a76f9a30 Merge "Remove the obsolete UnpackPackageDir() in edify generator" 2017-05-31 01:08:15 +00:00
Tianjie Xu
616fbeb144 Move recovery building from sign_target_files_apk to add_img_to_target_files
Currently we're building the boot/recovery image twice, which is
redundant. And b/38455129 shows a problematic case when the image
from two builds doesn't match. We should only build the recovery
image once in the add_img_to_target_files.

Bug: 62021378
Test: call sign_target_files_apk on an angler target file,
recovery-from-boot.p generates successfully; and SHA of recovery.img
matches the one in install-recovery.sh.

Change-Id: I01e033501d80c18a87cbb870300eee5c19a04441
2017-05-26 17:20:22 -07:00