This follows the same steps as OpenSplitPolicy() in
system/core/init/selinux.cpp on the device.
Bug: 178864050
Test: merge_target_files for R+S and S+S devices
Test: test_merge_target_files
Change-Id: Ia41a436bfda8e2cb65706122f0ff3805b99d16e1
Gather all BOARD_BOOTCONFIG parameters.
Create vendor-bootconfig.img with parameters seperated by newlines. Pass
that file to mkbootimg as --vendor_bootconfig to add it to the
vendor_boot.img.
Test: Add BOARD_BOOTCONFIG parameters in cuttlefish .mk file
Check vendor-bootconfig.img for expected output
Verify expected vendor_boot.img format with:
unpack_bootimg --boot_image vendor_boot.img
Test: Update Cuttlefish bootloader to handle the new vendor_boot.img and
check /proc/bootconfig for the expexted parameters.
Bug: 173815685
Change-Id: Iaa9b71b4bc64375777a5353396e83bb2beb25c47
The pvmfw is included in an `m` build but not in the distribution files.
Apply the same treatment as the dtbo partition to copy the pvmfw
partition to dist/ since, similar to the dtbo image, the pvmfw image is
generally provided as a prebuilt image.
Test: make dist
Bug: 174457787
Change-Id: I6f42517ba42db92e90048d1236d7255ccbd73f73
Bug:180682930
Test: erofs image can be set to input timestamp and UUID
Change-Id: I71e455350db51096e18ab5a03123500d56ebe252
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
Bundle APEXes may exist on other partitions than system, e.g. vendor,
system_ext. And leaving them unsigned may cause security problems.
Bug: 180675334
Test: run sign_target_files_apks
Change-Id: Ib912a026f4010d818161a89b11f818180208843f
This is needed for partial builds that do not have the apex directory in
their target files package.
Test: build target files for a partial vendor-only build.
Change-Id: I076bfbd1a81cccddcef795f5edeaf2b51538cdec
Rewrite build.prop of all partitions
Test: sign an target_file, check build prop of partitions
Bug: 179186447
Bug: 180025432
Change-Id: I01249532dc2df1b6d9ec8d0be58424a76814b53e
At the end of OTA generation, we will use some private key to sign the
OTA payload. Since signing happens after the payload is being generated,
if caller passes an incorrect key path, caller won't notice it until 1
hour later when delta_generator finishes. At which point caller has to
staart from scratch, pass in another key path, and wait for an hour.
Let's detect incorrect key path before calling delta_generator, so
caller will get an error message right at beginning.
Test: th
Change-Id: Iefb1e0a9ed86f82664be1675afb84c020ec28fe7
Previously we allow all spl downgrade OTA to generate. But applying such
OTA often causes device to hang and rollback, because keymaster refuses
to attach if it detects spl downgrade. When such error happens, it's
really hard to debug. So instead of debugging a mysterious boot failure,
let''s prevent such OTA from generating in the first place.
Test: th
Bug: 178584781
Change-Id: I8e271862d804e86b16aea70424b4d3e289d43cc9
This is needed due to output artifacts in the zip that confuse globbing,
such as [.
(Also changes this call to RunAndCheckOutput, which prints the stderror
by default instead of RunAndWait which does not. Removes RunAndWait
which is now unused)
Bug: 179799226
Test: Run merge_target_files to merge two partial builds
Change-Id: Ibf8a5b0c013c9cd8b1e61195d97583f247d97c6f
If an OTA contains compressed APEX inside it, then the device will need
to allocate space on /data partition for their decompression. In order
to calculate how much space the OTA process needs to allocate, the
process needs more information about the APEX contained inside the OTA.
In this CL, we are adding functionality to the OTA generation script
that allows us to gather information about the APEX stored inside the
target-file zip. However, we did not integrate the new functionality
with the ota_from_target_files.py scrip yet. That will be done on follow
up CL.
Bug: 172911822
Test: atest releasetools_py3_test
Change-Id: I2ac42018f628c2c21527b3e086be1f4e7e7247ad
Logic for signing compressed apex will be added in the follow-up cl.
Test: python -m unittest test_sign_apex
Bug: 172912232
Change-Id: I8dc1d334c17e11f9eed8fe0a575b6dfcf337ab5d
We should skip lines that don't contain '=', e.g. empty lines.
Also, pop a warning instead of an error if a prop is defined
multiple times with the same value
Bug: 177240467
Test: unittest, run validate_target_files
Change-Id: Ifc9eadb91e5dda7170a19d875016e5a47e8fc592
When GetBootImageBuildProp is moved to common, its dependencies
(toybox, lz4 and unpack_bootimg) aren't moved accordingly.
Copy the dependencies over.
Test: pass
Change-Id: Iaa8f41ae0109e8eb1c058ecd7dd854bb7de9391a
If system/etc/ramdisk/build.prop does not exist in the ramdisk,
GetBootImageBuildProp should return None instead of a path
to a non-existant file.
Test: pass
Bug: 177171706
Change-Id: I34e447bc315d203e136e8c0d59d00961f81301e3
Add boot to PARTITION_WITH_BUILD_PROP. Let PartitionBuildProps handle
boot partitions by extracting build.prop file.
Test: generate OTA and call
`payload_info.py payload.bin`, check that boot image timestamp is
set
Bug: 162623577
Change-Id: I71955e4ee494ffbb5d111c3d02a129c0f879b6d1
Right now they are the same content. In the future, boot will be added
to PARTITIONS_WITH_BUILD_PROP, but it is not added to
PARTITIONS_WITH_CARE_MAP. Boot partition has a cpio filesystem in the
ramdisk, so it contains a build.prop file, but it doesn't make sense to
create care map from it.
Test: TH
Bug: 162623577
Change-Id: I9b5a20fe2d774b52cf7d5eae9deecbc75122a3dd
All unit_tests:true are run in presubmit which avoids
the explicit definition of TEST_MAPPING.
Test: presubmit runs all those tests
Bug: 175408655
Change-Id: Ibfad3fe2dd8d2fa1ebc6f6bcbd8ab34c2a0069dc
Add support for partitioning the vendor_boot kernel modules into
multiple vendor ramdisk fragments. The partition granularity is kernel
module directory. This mechanism builds upon the existing
BOARD_KERNEL_MODULE_DIRS mechanism. For example, say we have three
kernel module directories:
BOARD_KERNEL_MODULE_DIRS := foo bar baz
We can then define a vendor ramdisk fragment:
BOARD_MKBOOTIMG_ARGS += --header_version 4
BOARD_VENDOR_RAMDISK_FRAGMENTS := dlkm_foobar
And let said ramdisk to contain the DLKM directories "foo" and "bar":
BOARD_VENDOR_RAMDISK_FRAGMENT.dlkm_foobar.KERNEL_MODULE_DIRS := foo bar
BOARD_VENDOR_RAMDISK_FRAGMENT.dlkm_foobar.MKBOOTIMG_ARGS := <mkbootimg args>
The built vendor_boot image would contain two ramdisks.
The first one being the "default" ramdisk, which contains DLKM directory
"baz" and the rest of the files that get's installed to
$(TARGET_VENDOR_RAMDISK_OUT).
The second one is the "dlkm_foobar" ramdisk, which contains the two DLKM
directories.
Design doc: go/vendor-boot-v4
Bug: 162864255
Test: Modify BoardConfig.mk to have a product build v4 vendor_boot
Test: Use unpack_bootimg to verify the vendor_boot image
Test: Teach a bootloader how to handle v4 boot image, flash boot &
vendor_boot and boot device
Change-Id: Ibb1bbd7ebe36430c55ec6c4818c1d3888a319089
* Prerequisites: external/f2fs-tools: sload compression support
* Must work with corresponding changes in system/extras repository
* If Board config does not change, it falls back to old behavior,
i.e. no compression for the system partition
* Kernel f2fs compression support is a prerequisite if the Board config
enables the compression (see below)
* Necessary board config change
(e.g. device/<vendor>/<product>/BoardConfig-common.mk)
BOARD_SYSTEMIMAGE_FILE_SYSTEM_TYPE := f2fs
BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 200000000
BOARD_SYSTEMIMAGE_FILE_SYSTEM_COMPRESS := true
BOARD_SYSTEMIMAGE_F2FS_SLOAD_COMPRESS_FLAGS := <sload compress sub-options>
Setting BOARD_SYSTEMIMAGE_FILE_SYSTEM_COMPRESS to true enables both the
compression support when the initial empty file system be made (mkfs.f2fs)
and the compression flag (-c) when the system image files be side-loaded
by sload.
Sload compress sub-options (i.e. options other than -c) will be provided
by BOARD_SYSTEMIMAGE_F2FS_SLOAD_COMPRESS_FLAGS. If it is not given, or
is empty, the default sub-options will be used
Please refer to the sload.f2fs manual page.
Setting BOARD_SYSTEMIMAGE_FILE_SYSTEM_TYPE to f2fs is trivially necessary.
* File system table (fstab), notably the file 'fstab.hardware', should
also changed:
- The file type must be changed to f2fs
- Perhaps also other f2fs-specific options
Bug: 170918499
Test: Pixel4a userdebug build (from build id 6918751)
Signed-off-by: Robin Hsu <robinhsu@google.com>
Change-Id: Id9d67b5cb35dc806e06ff1320e89114abc996a28
If dynamic partitioning is enabled and the partition size is not set,
du will be used to calculate the partition size.
For compressed file systems, it's better to use the compressed size
to avoid wasting space.
Bug:174816929
Test: erofs image size is smaller than the original file
Change-Id: I1deda85d312c19620680531223fffcfb815e5fd4
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
This verifies the init rc files in the merged result.
Bug: 163089173
Test: test_common.py
Test: Run merge_target_files.py to merge two target-files packages where
one has init_rc errors. Observe script failure.
Test: Run merge_target_files.py on two good target-files packages,
observe no failure.
Change-Id: I86c8e5a2bc07c2c1896ac40afd32bc1d055447ee
Test: treehugger, generate an OTA with --disable_verity_computation, serve it to
VABC device. Make sure it works
Change-Id: I0a5f3c018727cb3eed3edd004d60d09d13e34039
common.py is used by many python-based host tools. When a host tool
invokes another host tool, it's usually done with the name of the tool,
not the absolute path of the tool. For example, ["cmd", "arg"] instead
of ["out/soong/host/linux-x86/bin/cmd", "arg"].
Previously, the caller of the tool has to teach all the locations of the
sub-tools that the tool will internally use. But this isn't ideal;
1) It's against the abstraction. The existence of the sub tools and their
names are implementation detail of the containing tool. It's also
subject to change.
2) This isn't scalable. Sometimes a host tool invokes a large number of
host tools. Furthermore, the sub tools might invoke other sub-sub tools.
Then the location of the sub-sub-tools had to be known to the top-level
tool.
The idea here is to make use of the fact that
a) dependencies to the sub (and sub-sub) tools are already described in
the Android.bp and
b) the dependencies are guaranteed to be up-to-date and installed to the
host tool directory (out/soong/host/linux-x86/bin) by Soong.
Then by the time a host tool is invoked, all of its sub tools should
be found in the host tool directory. So, when "cmd" is about to be
invoked, common.py first tries to find it from the user-given paths. If
not found there, it falls back to search the directory where the current
tool is located at. Then finally falls back to the original name "cmd"
and expects it to be found under PATH.
Bug: 172414391
Test: m
Change-Id: Id7b44f9021be3bbf0631ddafe382ea3990f7ea74
Needed after commit 8218225794
which skips regenerating vbmeta.img if avb_building_vbmeta_image!=true.
Partial builds that disable vbmeta generation do not set this field.
Bug: 169892879
Test: Run merge_target_files.py on builds that have avb_enable=true but
PRODUCT_BUILD_VBMETA_IMAGE=false. Observe vbmeta.img generation.
Change-Id: Id498dbd28c909e19cd35178b95a0b5dc22a1ac70
check_vintf now accept a path to a file that contains the kernel
version string. Use it.
Test: m check-vintf-all and manual inspect
Bug: 161317193
Change-Id: I4812c93f352686d73c5832d59e43a297d93e67a2
Currently we support skip building vbmeta.img when
PRODUCT_BUILD_VBMETA_IMAGE is set to false, which is used
when generating a system-only or vendor-only build artifacts.
However, when using `make dist` to build target files,
vbmeta.img is still generated. This change fixes this by
passing the related info to misc_info.txt for the release
tool to skip building vbmeta.img when necessary.
To make this happen, a device config should:
1. Set PRODUCT_BUILD_VBMETA_IMAGE := false
2. Remove 'vbmeta' from AB_OTA_PARTITIONS:
AB_OTA_PARTITIONS += \
boot \
system \
- vbmeta \
dtbo \
product \
system_ext \
vbmeta_system
Bug: 161659370
Test: `make dist` and checks the target file does not include vbmeta.img
Change-Id: Iddca9fe0b171a50a80e5a88aa462e118f18a7e6f
When generating a incremental partial OTA, we need to filter out
partitions in ab_partitions which are not in partial list
Test: Generate a partial incremental OTA
Change-Id: Iff7748ce6181a9a231557de0539004211587232c
Cuttlefish doesn't support updatin vendor partition. So in testing we
need to exclude vendor and generate a downgrade partial package.
Test: generate a partial downgrade OTA
Bug: 171999375
Change-Id: I97e450d4063320cf55003a7a5c5ef913c321e067
This check is used when merging target files to ensure that a merged
build does not contain any APKs that share UID across builds.
Bug: 171431774
Test: test_common
Test: Use merge_target_files.py to merge two partial builds,
observe no failures for inputs without colliding APKs.
Test: Use merge_target_files.py to merge two partial builds,
observe failure for inputs that have an APK that shares a
UID across input partition groups.
Change-Id: I9dc57216882741ae46a99cfd7847f34702c75582
When generating secondary payload, we exclude many partitions. These
partitions should be excluded from partition timestamps as well.
Bug: 172022126
Test: ota_from_target_files --include_secondary
Change-Id: Ia3121919154181dc882c4694ad2591dcb81e719f
This involved moving the find-shareduid-violation.py script to
releasetools to simplify the cross-tool usage. This new location aligns
this script with other similar python host tools.
In a future change this violation file will be used to check for
shared UID violations across the input build partition boundary.
Bug: 171431774
Test: test_merge_target_files
Test: Use merge_target_files.py to merge two partial builds,
observe shared UID violations file contents in the result.
Test: m dist out/dist/shareduid_violation_modules.json
(Checking that existing behavior in core/tasks is presereved)
Change-Id: I7deecbe019379c71bfdbedce56edac55e7b27b41
Also adds a new validation that IMAGES/<partition>.img must come from
the same build that provides <PARTITION>/*.
Bug: 171431774
Test: python3 -m unittest test_merge_target_files
Test: Use merge_target_files to merge a build.
Change-Id: Ia1f3f2e65a0ca90962216fb0c5cdd24c4c150cae
Add a new custom_image option to configure which custom images to use to
update custom partitions in A/B update.
This change also moves oem_settings to common option as A/B update will
use it to set oem properties too.
BUG: 171225290
Test: unittest pass, generate OTAs, flash to devices and check results
Change-Id: I279477d6b2954fb3705d7efede0a8bcd330c108b
In aosp/1459042, init has updated it's logic to use
ro.build.version.release_or_codename for fingerprint calculation.
The ota script needs the same update for ota targeting to work
correctly.
As a best effort to support pre-S dev stage builds, use
ro.build.version.release for sdk version < 30.
Bug: 170968068
Bug: 158483506
Test: unit tests, generate an OTA for S build
Change-Id: I01ca8a3b7b8b58f94b10f90ed0d27e688a72b866
Allow the ota generation script to take a list of partitions;
and thus generating a partial ota update package. This allow the
testing of partial update functionality, e.g. system-only updates.
Bug: 170921953
Test: unit tests, generate and apply a partial update on coral with system, system_ext, vbmeta_system
Change-Id: I0d8f93806dfbf7b781ea911117b02fc5c0971434
BOARD_EXCLUDE_KERNEL_FROM_RECOVERY_IMAGE removes kernel from the
recovery image.
Test: build recovery image and unpack_bootimg
Test: build target files and unpack_bootimg IMAGES/recovery.img
on device with GKI and dedicated recovery partition.
Bug: 156098440
Change-Id: I5f37d74ed954b26fe3dd778708b6ab9cfdc51f1e
These changes were necessary to begin merging a new cross-release target
whose vendor half is frozen.
- MergeDynamicPartitionInfoDicts
- Filters combined fields to remove duplicates
- Merges `super_block_devices` as well as other keys that were not
previously used by other targets consuming this tool.
- Introduces --allow-duplicate-apkapex-keys. This gives a warning rather
than fatal error on duplicate apk/apex keys. This flag is needed for
targets that cannot update a frozen half.
- (Formats merge_target_files.py)
Bug: 170683837
Test: Use merge_target_files to merge an S+R build, and boot.
Change-Id: Id5f787e730de8f8ef697e1f2f29ac6514221e58d
When opening an zip file through zipfile.ZipFile(), python2 by default
disables zip64 support. To support update files >4GB, we manually add
allowZip64 to override the setting.
Test: generate && serve an OTA
Change-Id: I9645e963ced830cc2d3a4b72bc63b9369a1cefe8
- Remove vendor_dlkm and odm_dlkm from the default list of items that
need to be merged
- Allow a prebuilt system.img to be used when adding images to the
target files archive
Test: Built Pixel 3a and inspected the output
Change-Id: If5291fff559ed9517133f6b476d8dee2500c5b4c
Modules partition is a dynamic read-write partition.
- AVB is not enabled on the partition
- OTA is file-based; see follow up CL for details
- No build prop files; in particular, no build fingerprint
- No fs_config
- No notice files; notice files are included in individual APEXes
Test: build on CF
Bug: 163543381
Change-Id: Ie397b9ec61dfd1c158450d050196024604854d4d
Sometimes tests are being run by executing python -m unittest *.py. In
that case, invocation will fail due to missing ota_metadata_pb2, which
is auto generated from ota_metadata.proto(added in recent change).
Bug: 166718341
Test: unzip otatools.zip and python releasetools/test_utils.py
Change-Id: I597c7ef6dbd8e46ccde020b3122cc38a8df28dc9
As part of the ota metadata work to support partial update, we should
add the per-partition device name, fingerprint, and version to the ota
metadata.
Bug: 151088567
Bug: 166154730
Test: unit tests pass, generate a package
Change-Id: I7a71a4860aad651daf9e62df39c60d72727c14ff
We'd better have a default type for enums. It's safe to change the
proto definition now since no one is parsing the new meta.
Also add the brick type for manually generated brick pkgs.
Bug: 166154730
Test: unit tests pass
Change-Id: Ie6d4e695c298313276b559601509c9a7a7ee91b1
We already moved to aapt2 in Android.bp, no aapt binary in otatools.zip.
So tests should be updated accordingly.
Test: unittest
Change-Id: I29776d75e108e16bcceda49b8be47a338ee8bc1c
Revert submission 1411608-revert-1402265-cf-x86-bootloader-XGKLNEQAPF
Reason for revert: Breakage originally caused by change was fixed. Refer to tracking bug for details.
Reverted Changes:
I89e95d4a6:Revert "Add prebuilt bootloader var and add bootlo...
I8fe199351:Revert "Added bootloader binary to cf x86 based ta...
Bug: 166380489
Bug: 164917252
Test: local build and Treehugger build
Change-Id: Ia895aedd77f2ec825aefecaf74c6dfc1ce631c93
Background in http://go/android-partial-updates. For partial update
(e.g. system-only) or devices with mixed build, the current
fingerprint & device name no longer suffice as the precondition to
install the package.
Therefore, we need to additionally include the per-partition build
props into the ota metadata. We also define a protobuf for the metadata
so it can be extended later. The metadata of the legacy format is also
kept for backward compatibility.
Bug: 151088567
Test: unittest pass, generate an OTA and check the result
Change-Id: I716f7da54a393cd340280dbddc3c92b3460f8ef8
Needed to enable a prebuilt bootloader to make it to the dist and img
directories.
Added a flag to ensure only devices that request will have the update
package populated with a bootloader
Bug: 164917252
Test: local build and Treehugger build
Change-Id: Id67b7bddda14b51a523f794976591c6de04d71ca
Pylint reports lot of error on ota_utils.py, because some members of
OPTIONS object aren't defined. This CL moves some definition from
ota_from_target_files.py to ota_utils.py to fix these lint errors.
Test: Make an OTA package
Change-Id: I1e9f255d5919712b13329046c72650dfac184701
When signing APks on build server, there might not be an android repo.
Usually deapexer.py will be run from otatools.zip after exctration. So
we should look for debugfs_static in search path
Bug: 165347497
Test: Use sign_apk_from_target_files without android repo
Change-Id: Ifaf91764ca0dc08d010f43a24bfe975a07a71e7f
When signing APks on build server, there might not be an android repo.
Usually deapexer.py will be run from otatools.zip after exctration. So
we should look for debugfs_static in search path
Bug: 165347497
Test: Sign using self-service
Change-Id: I608870b0184bd8f5f07afa53355b39de47a97e1c
We recently modify the logic in install-recovery.sh to support
non-A/B updates on VAB launched devices. And the position of the
$(getprop ro.boot.slot_suffix) is misplaced for the recovery image.
For example:
"if ! applypatch --check EMMC$(getprop ro.boot.slot_suffix):/dev/block/recovery:SHA1"
should be:
"if ! applypatch --check EMMC:/dev/block/recovery$(getprop ro.boot.slot_suffix):SHA1"
Bug: 156979431
Test: rerun add_image_to_target_file, then validate_target_files
Change-Id: Id2d45e281151a46d66b37ea8fdb7b5cb4ae72e81
(cherry picked from commit e55f62c971)
Revert "conscrypt: Disable host module on darwin"
Revert submission 1385032-mac-required-fix
Reason for revert: breaks the build on aosp-master
Reverted Changes:
I13335299c:releasetools: Disable host module on darwin
I728a4677a:conscrypt: Disable host module on darwin
I8f3435ff1🎨 Remove dependencies on platform unavailable m...
Ibb9248ef4🎨 Disable host module on darwin
I7db68a629:libcore: Disable host module on darwin
Bug: 163030797
Change-Id: I3b3991b91652c426d8f22d60c59c44d640059619
Disable releasetools components that depend on disabled
modules on darwin host.
Bug: 162102724
Bug: 7456955
Test: TH build mac host target
Change-Id: I13335299ca0872cfa956ed756650a966f269080e
Add common.SetHostToolLocation so that, when calling
various common.Run* functions, replace the first
argument with previously set paths. This is needed
when the script is executed in a Soong sandbox.
Bug: 161563386
Test: pass
Change-Id: If3b40b518fc7fe068677d39d604e3f6578a12ea3
Some apk files, e.g. Chrome.apk has switched to use v2+ scheme.
And the apk file no longer has a META-INF/CERT.RSA. So, the
signature parsing script should use apksigner to dump the cert
info.
Leave the parsing of META-INF/CERT.RSA as a fallback, as some apks
fail the `apksigner verify`. The script also switches to store the
digest of the cert instead of the raw bytes.
Bug: 157735036
Test: run check_target_files_signatures on aosp|signed target-files
(cherry picked from commit a9a50cf6e3)
Change-Id: I910cd1aa91d1e446bef7097871af4171c285685d
Some apk files, e.g. Chrome.apk has switched to use v2+ scheme.
And the apk file no longer has a META-INF/CERT.RSA. So, the
signature parsing script should use apksigner to dump the cert
info.
Leave the parsing of META-INF/CERT.RSA as a fallback, as some apks
fail the `apksigner verify`. The script also switches to store the
digest of the cert instead of the raw bytes.
Bug: 157735036
Test: run check_target_files_signatures on aosp|signed target-files
Change-Id: I910cd1aa91d1e446bef7097871af4171c285685d
Incremental OTA generation was failing since the
function _CheckSecondTokenNotSlotSuffixed was in
broken state, this change fixes the same.
Bug: 160215626
Test: Incremental OTA now gets generated and applied
successfully a non-ab device.
Change-Id: Ifb3886396fe65dcdaeba16c568419b9fa084193d
Merged-In: Ifb3886396fe65dcdaeba16c568419b9fa084193d
Incremental OTA generation was failing since the
function _CheckSecondTokenNotSlotSuffixed was in
broken state, this change fixes the same.
Bug: 160215626
Test: Incremental OTA now gets generated and applied
successfully a non-ab device.
Change-Id: Ifb3886396fe65dcdaeba16c568419b9fa084193d
(cherry picked from commit 52defe48d52a770c326f489357ab8877b211541e)
Merged-In: Ifb3886396fe65dcdaeba16c568419b9fa084193d
add_img_to_target_files.py
See bug description:
"When resigning images, the validate_target_files.py can be used to
verify the images using avbtool. The script will use the vbmeta.img to
achieve this, and all relevant images need to be in the IMAGES folder.
However, due to changes on add_img_to_target_files.py and specifically
the commit 5277d1015, some images (e.g. acpio.img and tos.img) are no
longer copied from RADIO to the IMAGES folder. This causes an error on
validate_target_files.py indicating that it cannot find image such as
IMAGES/acpio.img."
This CL fixes this by symlink images under RADIO directory to IMAGES
directory before invoking avbtool.
Bug: 159299583
Test: python3 -m unittest test_validate_target_files
Change-Id: I5769ee2ab5230d2a3a7cef10706dcc5788e654f8
Starting from http://go/aog/1328118, we chained the 1st GKI
boot image into vbmeta. However, this fails avb validation;
because the avbtool constructs the image path based by using
"partition name + ext".
This cl works around the issue by renaming boot-5.4.img to
boot.img, so avbtool can find the image correctly.
Bug: 159656873
Test: run validate target file
Change-Id: I577226596e139e5b5f3e6ca3c28ced02431ca392
Merged-Id: I577226596e139e5b5f3e6ca3c28ced02431ca392
(cherry picked from commit 5ec1a7a66a)
Starting from http://go/aog/1328118, we chained the 1st GKI
boot image into vbmeta. However, this fails avb validation;
because the avbtool constructs the image path based by using
"partition name + ext".
This cl works around the issue by renaming boot-5.4.img to
boot.img, so avbtool can find the image correctly.
Bug: 159656873
Test: run validate target file
Change-Id: I577226596e139e5b5f3e6ca3c28ced02431ca392
Multiple boot images can be generated based on BOARD_KERNEL_BINARIES
but vbmeta would capture the image descriptor of only the first boot
image specified in BUILT_BOOTIMAGE_TARGET.
Bug : 158213759
Test: Compile multiple boot images and check if vbmeta.img
includes image descriptor of only the first boot image
specified in BUILT_BOOTIMAGE_TARGET
Change-Id: Ib70f65d98546a436da82656bc5c911d437618bb5
Merged-In: Ib70f65d98546a436da82656bc5c911d437618bb5
When calculating the dynamic fingerprints, we need to reopen the
input file if it's a ZipFile. Because the original object has been
closed, as its scope ends after the with statement.
Bug: 152167826
Test: generate an OTA package with zip input and overrides
Change-Id: I623da3cc5fcc91c6230fb5a6e86517ed995913b7
(cherry picked from commit eb06afb602)
When calculating the dynamic fingerprints, we need to reopen the
input file if it's a ZipFile. Because the original object has been
closed.
Bug: 152167826
Test: generate an OTA package with zip input and overrides
Change-Id: I623da3cc5fcc91c6230fb5a6e86517ed995913b7
The core android build platform has changed to add support for LZ4
compression for ramdisks, but the release tools were not. Fix this.
Bug: 156129966
Merged-In: I39680b91930d2d3cbd0cd565beb78e1ee699397e
Change-Id: I39680b91930d2d3cbd0cd565beb78e1ee699397e
The core android build platform has changed to add support for LZ4
compression for ramdisks, but the release tools were not. Fix this.
Bug: 156129966
Change-Id: I39680b91930d2d3cbd0cd565beb78e1ee699397e
Multiple boot images can be generated based on BOARD_KERNEL_BINARIES
but vbmeta would capture the image descriptor of only the first boot
image specified in BUILT_BOOTIMAGE_TARGET.
Bug : 158213759
Test: Compile multiple boot images and check if vbmeta.img
includes image descriptor of only the first boot image
specified in BUILT_BOOTIMAGE_TARGET
Change-Id: Ib70f65d98546a436da82656bc5c911d437618bb5
Modify add_img_to_target_files.py to use the BUILDING_*_IMAGE flags when
deciding whether to create and add a given image to a target files
archive.
To do this, the BUILDING_*_IMAGE flags are now dumped to misc_info.txt.
The origin of this change was to use the BUILDING_USERDATA_IMAGE and
BUILDING_CACHE_IMAGE flags in add_img_to_target_files.py so that we
could reliably turn off the generation of the userdata and cache images.
The other image flags were added for symmetry.
Bug: 130307439
Test: m -j out/target/product/bonito/misc_info.txt
Test: m -j droid dist
Change-Id: I32d5a8d6c9ebb5f329d856030084d698ee8d271d
With this change the name of the signed and unsigned APK will be something like 'tmpadrbpp9f/tmpvl0lf2kr/tmpknja6mca_MyApk.apk' instead of 'tmpadrbpp9f/tmpvl0lf2kr/tmpknja6mca'.
The motivation for this change is a better logging and transparency what is being signed in the underlying client.
Change-Id: I32b0e93d5859ca3fb712e426705f16d329d71f0e
The oem partition allows system build.prop to import properties from it
by "import /oem/oem.prop xxxx". An _ImportParser() error was raised on
this case.
BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
2) On a device who has oem partition, "make dist" and sign its
target zip file.
Change-Id: I47875bf7a698390e11690150e6516a3064550ca0
Merged-In: I47875bf7a698390e11690150e6516a3064550ca0
The values of the ro.boot* variables are not part of the image files
and are provided (e.g. by bootloaders) at runtime. Meanwhile, their
values may affect some of the device build properties, as a different
build.prop file can be imported by init during runtime.
This cl adds an option to accepts a list of possible values for some
boot variables. The OTA generation script later use these values to
calculate the alternative runtime fingerprints of the device; and
list the device names and fingerprints in the OTA package's metadata.
The OTA metadata is verified by the OTA server or recovery to ensure
the correct OTA package is used for update. We haven't made any
restrictions on what ro.boot* variables can be used for fingerprint
override. One possible candidate can be the skus listed in
ODM_MANIFEST_SKUS.
Bug: 152167826
Test: unittests pass, generate an OTA file with the new option
Change-Id: I637dea3472354236d2fd1ef0a3306712b3283c29
Merged-In: I637dea3472354236d2fd1ef0a3306712b3283c29
This reverts commit b21e48b499.
In practice, some partners use the 'import' statement to override
the device fingerprint at runtime. The runtime fingerprint will
later add to the metadata of OTA package, so that the OTA server
can deliver the package to corresponding devices correctly.
This CL supports parsing a subset of import statement that the init
process recognizes. And we loose the restriction based on how the
dynamic fingerprint is used in practice. Right now, we only searches
for the override of brand, name and device. And the placeholder
format should be ${placeholder}, with its value supplied by the
script caller.
As part of the implementation, we generate all the possible
combinations of the input boot variables. And recalculate the
fingerprint for each of the combination. Though we load the
build.prop multiple times, the logic is easier to follow. Also,
it's more convenient to enhance the logic if we only want to
allow some of the boot variables combination later.
Bug: 152167826
Change-Id: I4a9fa35c7ac037ff1cf4f9a4bdff602beac3894b
Merged-In: I4a9fa35c7ac037ff1cf4f9a4bdff602beac3894b
Test: unittests pass
This reverts commit 6022545272.
The build prop for a partition used to be a simple key:value
dictionary. But we need more fields to hold the alternative build
props overriden by the 'import' statement. Therefore, add a new
class as a wrapper for these props first.
Bug: 152167826
Change-Id: I5c952cd2a976ba1a09ddc66d56c2b8b55a61986b
Merged-In: I5c952cd2a976ba1a09ddc66d56c2b8b55a61986b
Test: unittests pass
avb_extra_custom_image_extra_args can be set to
'oem=--signing_helper_with_files=/tmp/avbsigner.sh' on signing server.
The second '=' shouldn't be splitted in this case.
BUG: 154171021
Test: Manually sign target zip files which has custom images.
sign_target_files_apks -d certs --avb_extra_custom_image_key \
oem=oem_rsa4096.pem --avb_extra_custom_image_algorithm \
oem=SHA256_RSA4096 --avb_extra_custom_image_extra_args \
oem="--signing_helper_with_files=/tmp/avbsigner.sh" \
xxxx-target_files.zip signed.zip
Change-Id: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
Merged-In: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
avb_extra_custom_image_extra_args can be set to
'oem=--signing_helper_with_files=/tmp/avbsigner.sh' on signing server.
The second '=' shouldn't be splitted in this case.
BUG: 154171021
Test: Manually sign target zip files which has custom images.
sign_target_files_apks -d certs --avb_extra_custom_image_key \
oem=oem_rsa4096.pem --avb_extra_custom_image_algorithm \
oem=SHA256_RSA4096 --avb_extra_custom_image_extra_args \
oem="--signing_helper_with_files=/tmp/avbsigner.sh" \
xxxx-target_files.zip signed.zip
Change-Id: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
The custom images are any images owned by OEMs and SoCs, oem images
mounted on /oem is an example. The oem images can be used to customize
devices for different carriers, like wallpaper, ringtones, and
carrier-specific apks. OEMs can generate multiple oem images, like
oem.img, oem-carrier1.img and oem-carrier2.img and flash different oem
images for different carriers. The oem images are only one case, OEMs
and SoCs can add more custom images and mount them to custom partitions.
This change enables custom images to be vbmeta.img chained partitions.
The following configuration in BoardConfig.mk is an exmaple. It has two
custom partitions: oem and test. They will be signed by different keys.
And they will be chained by vbmeta.img. The custom images here are
prebuilts, which can be built by `make custom_images` separately.
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST should include all custom images
to apply AVB signing. And to every custom partition, one image whose
name is partition name must be added in its
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST.
BOARD_CUSTOMIMAGES_PARTITION_LIST := oem test
BOARD_AVB_OEM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_OEM_ALGORITHM := SHA256_RSA4096
BOARD_AVB_OEM_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_OEM_ROLLBACK_INDEX_LOCATION := 1
BOARD_AVB_OEM_PARTITION_SIZE := 5242880
BOARD_AVB_OEM_IMAGE_LIST := \
device/xxxx/yyyy/oem/oem.img \
device/xxxx/yyyy/oem/oem1.img
BOARD_AVB_TEST_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_TEST_ALGORITHM := SHA256_RSA2048
BOARD_AVB_TEST_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_TEST_ROLLBACK_INDEX_LOCATION := 2
BOARD_AVB_TEST_PARTITION_SIZE := 10485760
BOARD_AVB_TEST_IMAGE_LIST := \
device/xxxx/yyyy/test/test.img \
device/xxxx/yyyy/test/test1.img
To resign the custom images in the target zip file, the
avb_extra_custom_image_key, avb_extra_custom_image_algorithms and
avb_extra_custom_image_extra_args options are added to the
sign_target_files_apks tool too. The following test cases list some
examples about how to use them.
BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
2) Build images by 'make dist', sign and validate target files.
a) Test on dist w/ chained vbmeta_system and ome custom images
sign_target_files_apks -d certs \
--avb_extra_custom_image_key oem=oem_rsa4096.pem \
--avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Flash image and boot up.
Verify the oem images and vbmeta images in OUT and target zips by
avbtool.
b) Test on dist w/ chained vbmeta_system and oem and test custom images
sign_target_files_apks -d certs \
--avb_extra_custom_image_key oem=oem_rsa4096.pem \
--avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
--avb_extra_custom_image_extra_args oem=--do_not_generate_fec \
--avb_extra_custom_image_key test=test_rsa4096.pem \
--avb_extra_custom_image_algorithm test=SHA256_RSA4096 \
xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Verify the oem, test images and vbmeta images in OUT and target zips
by avbtool.
c) Test on dist w/o chained partition.
sign_target_files_apks -d certs xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Flash image and boot up.
Verify the vbmeta images in OUT and target zips by avbtool.
Change-Id: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
Merged-In: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
The values of the ro.boot* variables are not part of the image files
and are provided (e.g. by bootloaders) at runtime. Meanwhile, their
values may affect some of the device build properties, as a different
build.prop file can be imported by init during runtime.
This cl adds an option to accepts a list of possible values for some
boot variables. The OTA generation script later use these values to
calculate the alternative runtime fingerprints of the device; and
list the device names and fingerprints in the OTA package's metadata.
The OTA metadata is verified by the OTA server or recovery to ensure
the correct OTA package is used for update. We haven't made any
restrictions on what ro.boot* variables can be used for fingerprint
override. One possible candidate can be the skus listed in
ODM_MANIFEST_SKUS.
Bug: 152167826
Test: unittests pass, generate an OTA file with the new option
Change-Id: I637dea3472354236d2fd1ef0a3306712b3283c29
When sign_apex.py re-signs an apex, the hash algorithm is extracted and
it is used when re-packaging the file.
Bug: 155771970
Test: releasetools_py3_test doesn't regress
(some tests were failed, but they failed even without this change:
test_ApexApkSigner_apkKeyNotPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noApkPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noAssetDir (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_signApk (test_apex_utils.ApexUtilsTest) ... ERROR)
Merged-In: I996a33e0208d3dd3a04a31b8dafb27ef995297f2
Change-Id: I996a33e0208d3dd3a04a31b8dafb27ef995297f2
(cherry picked from commit a1887f326c)
The custom images are any images owned by OEMs and SoCs, oem images
mounted on /oem is an example. The oem images can be used to customize
devices for different carriers, like wallpaper, ringtones, and
carrier-specific apks. OEMs can generate multiple oem images, like
oem.img, oem-carrier1.img and oem-carrier2.img and flash different oem
images for different carriers. The oem images are only one case, OEMs
and SoCs can add more custom images and mount them to custom partitions.
This change enables custom images to be vbmeta.img chained partitions.
The following configuration in BoardConfig.mk is an exmaple. It has two
custom partitions: oem and test. They will be signed by different keys.
And they will be chained by vbmeta.img. The custom images here are
prebuilts, which can be built by `make custom_images` separately.
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST should include all custom images
to apply AVB signing. And to every custom partition, one image whose
name is partition name must be added in its
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST.
BOARD_CUSTOMIMAGES_PARTITION_LIST := oem test
BOARD_AVB_OEM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_OEM_ALGORITHM := SHA256_RSA4096
BOARD_AVB_OEM_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_OEM_ROLLBACK_INDEX_LOCATION := 1
BOARD_AVB_OEM_PARTITION_SIZE := 5242880
BOARD_AVB_OEM_IMAGE_LIST := \
device/xxxx/yyyy/oem/oem.img \
device/xxxx/yyyy/oem/oem1.img
BOARD_AVB_TEST_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_TEST_ALGORITHM := SHA256_RSA2048
BOARD_AVB_TEST_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_TEST_ROLLBACK_INDEX_LOCATION := 2
BOARD_AVB_TEST_PARTITION_SIZE := 10485760
BOARD_AVB_TEST_IMAGE_LIST := \
device/xxxx/yyyy/test/test.img \
device/xxxx/yyyy/test/test1.img
To resign the custom images in the target zip file, the
avb_extra_custom_image_key, avb_extra_custom_image_algorithms and
avb_extra_custom_image_extra_args options are added to the
sign_target_files_apks tool too. The following test cases list some
examples about how to use them.
BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
2) Build images by 'make dist', sign and validate target files.
a) Test on dist w/ chained vbmeta_system and ome custom images
sign_target_files_apks -d certs \
--avb_extra_custom_image_key oem=oem_rsa4096.pem \
--avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Flash image and boot up.
Verify the oem images and vbmeta images in OUT and target zips by
avbtool.
b) Test on dist w/ chained vbmeta_system and oem and test custom images
sign_target_files_apks -d certs \
--avb_extra_custom_image_key oem=oem_rsa4096.pem \
--avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
--avb_extra_custom_image_extra_args oem=--do_not_generate_fec \
--avb_extra_custom_image_key test=test_rsa4096.pem \
--avb_extra_custom_image_algorithm test=SHA256_RSA4096 \
xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Verify the oem, test images and vbmeta images in OUT and target zips
by avbtool.
c) Test on dist w/o chained partition.
sign_target_files_apks -d certs xxx-target_xxx.zip signed.zip
validate_target_files.py signed.zip
Flash image and boot up.
Verify the vbmeta images in OUT and target zips by avbtool.
Change-Id: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
Whenever a device is retrieved from fstab, wrap it with
add_slot_suffix() if it has slotselect option.
Test: change fstab (changes boot image, which is a static partition),
change system partition (a dynamic partition),
generate incremental OTA with --force_non_ab and apply it on
cuttlefish
Bug: 153581609
Change-Id: Id3f8e4425b65176baf1b0ff1ee07ab3d820a3a7f
(cherry picked from commit ae6e0d5d28)
Merged-In: Id3f8e4425b65176baf1b0ff1ee07ab3d820a3a7f
Force generate a non-A/B update package when requested.
Bug: 154344887
Test: ota_from_target_files.py --force_non_ab ...
Test: apply it as well
Change-Id: I5e81eb161722e07ef50081b6a16685cbc9963ae2
(cherry picked from commit 7169f754cc)
Merged-In: I5e81eb161722e07ef50081b6a16685cbc9963ae2
The different boot images in aosp_arm64 have different partition size
requirements. Add support for defining a partition size associated with
each boot image variant.
This support is limited to aosp_arm64 currently, which is built with
recovery-as-boot.
A previous version of this change did not update the boot-debug image
AVB logic with the required macro for multiple boot partition size
support. This is now required because the aosp-arm64 boot.img is
configured as a chained AVB partition.
Bug: 156036850
Bug: 155049180
Change-Id: I66b57de91042bfd56ba54a3659843d8cf7873955
Merged-In: I66b57de91042bfd56ba54a3659843d8cf7873955
We recently modify the logic in install-recovery.sh to support
non-A/B updates on VAB launched devices. And the position of the
$(getprop ro.boot.slot_suffix) is misplaced for the recovery image.
For example:
"if ! applypatch --check EMMC$(getprop ro.boot.slot_suffix):/dev/block/recovery:SHA1"
should be:
"if ! applypatch --check EMMC:/dev/block/recovery$(getprop ro.boot.slot_suffix):SHA1"
Bug: 156979431
Test: rerun add_image_to_target_file, then validate_target_files
Change-Id: Id2d45e281151a46d66b37ea8fdb7b5cb4ae72e81
When sign_apex.py re-signs an apex, the hash algorithm is extracted and
it is used when re-packaging the file.
Bug: 155771970
Test: releasetools_py3_test doesn't regress
(some tests were failed, but they failed even without this change:
test_ApexApkSigner_apkKeyNotPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noApkPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noAssetDir (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_signApk (test_apex_utils.ApexUtilsTest) ... ERROR)
Change-Id: I996a33e0208d3dd3a04a31b8dafb27ef995297f2
The secondary payload is used by factory OTA to speed up the first
boot of the device. The payload should only contain bootloaders
images and the precompiled apps in system_other. Remove vendor_boot
to reduce the secondary payload size.
Bug: 156782745
Test: build a package with secondary payload
Change-Id: I3a9f6dda00a5aac038438065e2bc6483d71b5e95
(cherry picked from commit c385064d94)
The different boot images in aosp_arm64 have different partition size
requirements. Add support for defining a partition size associated with
each boot image variant.
This support is limited to aosp_arm64 currently, which is built with
recovery-as-boot.
A previous version of this change did not update the boot-debug image
AVB logic with the required macro for multiple boot partition size
support. This is now required because the aosp-arm64 boot.img is
configured as a chained AVB partition.
Bug: 156036850
Bug: 155049180
Change-Id: I66b57de91042bfd56ba54a3659843d8cf7873955
The oem partition allows system build.prop to import properties from it
by "import /oem/oem.prop xxxx". An _ImportParser() error was raised on
this case.
BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
2) On a device who has oem partition, "make dist" and sign its
target zip file.
Change-Id: I47875bf7a698390e11690150e6516a3064550ca0
The secondary payload is used by factory OTA to speed up the first
boot of the device. The payload should only contain bootloaders
images and the precompiled apps in system_other. Remove vendor_boot
to reduce the secondary payload size.
Test: build a package with secondary payload
Change-Id: I3a9f6dda00a5aac038438065e2bc6483d71b5e95
The different boot images in aosp_arm64 have different partition size
requirements. Add support for defining a partition size associated with
each boot image variant.
This support is limited to aosp_arm64 currently, which is built with
recovery-as-boot.
Bug: 156036850
Bug: 155049180
Change-Id: I73b70a4d52c2662c3015899632bb8a2b424108d5
* common.py requires the signapk jar
Bug: 156149605
Test: m otapackage ( before it was broken )
Change-Id: Ic0cff0a21258cb1e7d1ced5553a940dcf5cd6d04
Merged-In: Ic0cff0a21258cb1e7d1ced5553a940dcf5cd6d04
