And move simple cases of $(ACP) to cp. That does change OTA/bin/updater
from 0640 to 0700, but that's more consistent anyways.
Test: m -j target-files-package; ensure it's the same before/after.
Change-Id: I37b65eb9ddccd2f360aa007f929ece35c9e44f9b
/file_contexts.bin is needed only by devices which do not have
PRODUCT_FULL_TREBLE set to true. Adding this file to devices which
have PRODUCT_FULL_TREBLE set to true causes confusion and wastes
about 800 kB of space.
/file_contexts.bin was being added unconditionally to all devices due
to the build system needing the combined file_contexts file for
host-side labelling of filesystems in images and for inclusion into
target files ZIP (again, to be used for host-side labelling later).
This change switches these targets to depend on the same file, but
from intermediates directory. As a result, everything continues to
work just fine, but without pulling in /file_contexts.bin. On devices
which need /file_contexts.bin, it is pulled in by
system/core/init/Android.mk.
Test: /file_contexts.bin still there on bullhead, but not there on
sailfish with PRODUCT_FULL_TREBLE set to true.
Test: Clean build, device boots up with, no new denials.
Reboot to recovery, recovery boots up fine too, no denials.
This was tested on sailfish-eng and marlin-eng.
Bug: 36002414
Change-Id: I9bbbb08bbf7d874bba0bafcc19bcbf9eec564326
This makes recoveryimage/bootimage targets explicitly depend on SELinux
policy artifacts needed by recovery. Prior to this change, the
dependency was contrived: these targets would rely on copying these
files from "root" directory, and then overwriting sepolicy file with
sepolicy.recovery.
Test: Clean build, flash, device boots up just fine. No new denials.
Reboot into recovery, recovery boot up just fine, no denials.
This was tested on bullhead (non A/B device) and sailfish (A/B
device).
Bug: 33642277
Change-Id: Id2369253d0c7e02e079ae01ac7140b41880fd5ad
BBOTA v1 and v2 (introduced in L and L MR1 respectively) don't support
resumable OTA. We shouldn't generate packages using v1/v2 at the risk of
bricking devices.
BBOTA v3 (since M) and v4 (since N) both support resumable OTAs. BBOTA
v4 additionally supports using FEC to possibly recover a corrupted
image.
Bug: 33694730
Test: Generate full and incremental OTAs w/ and w/o the CL. They should
give identical packages (in v4).
Change-Id: Ib89d9cd63ba08e8e9aa4131bed18876b89d244c0
Remove the following functions that are needed for file-based OTAs only:
- SetPermissions()
- SetPermissionsRecursive()
- MakeSymlinks()
- DeleteFiles()
- DeleteFilesIfNotMatching()
- RenameFiles()
- SkipNextActionIfTargetExists()
Bug: 35853185
Test: Verified there's no reference to these functions.
Change-Id: Iff24a9d705476211effaef28eed2a147fa5fcbce
For aosp_marlin (on AOSP), this speeds up target files creation from
~57 seconds to ~15 seconds.
For marlin-userdebug (on internal master), this speeds up target files
creation from ~300 seconds to ~95 seconds.
This does make some minor changes to the resulting target_files zip:
* All of the META files are actually at the beginning of the zip now,
previously the ones created by add_img_to_target_files would be at
the end.
* The images are slightly larger. Go's zip implementation in soong_zip
isn't quite as good as the `zip` tool.
* vendor_filesystem_config.txt isn't present if we're not building a
vendor image.
Test: aosp_marlin target_files zip changes look reasonable
Test: marlin target_files zip changes look reasonable
Test: bullhead target_files zip changes look reasonable
Change-Id: Ia5ce6870b85559d65107c3b94332391b4b43a0ea
Support BOARD_VENDOR_KERNEL_MODULES which accepts a list of the
kernel module binaries. Binaries listed there are copied to
$(TARGET_OUT_VENDOR)/lib/modules and 'depmod' is executed to generate
the dependencies. BOARD_RECOVERY_KERNEL_MODULES is similarly
implemented to provide a way to specify kernel modules to be copied
to the recovery image.
Bug: 33305644
Test: android master build on marlin and load dummy modules
Merged-In: I0a58a270dbb0d2d38fd089f4abff66e62e14fac1
Change-Id: Ia5f429508ca3d7c77448358e42af6efa98fa8624
These files are used by the update console to determine the product
associated with a given target_files.zip.
Bug: 35804180
Bug: 33211225
Test: `make dist` generates a target_files.zip with these files.
Change-Id: I6066da07d76749ae64c26d5f661c7a6d06f3fb3d
Statically link libwinpthread.a, so that we don't have to ship a
libwinpthread dll with all of our windows exectuables.
Bug: http://b/31665213
Test: wine adb.exe
Test: wine fastboot.exe
Change-Id: I96414e980d8894f8f6a58c1c7bbd9dc5e0f5169c
Otherwise it may fail the targets that don't have
external/vboot_reference in the manifest.
Bug: 35467608
Test: lunch aosp_dragon-userdebug; m otatools-package
Test: lunch aosp_bullhead-userdebug; m otatools-package
Change-Id: I35700a4d7d0723992badcfb4a03be85d07a4b9a9
ifeq with quotes is technically correct make syntax, but rarely used.
Replace it with the simpler ifndef when comparing against empty, or
with parenthesis for consistency.
Test: builds
Change-Id: Idcbe0586c4626c67d560694596b0bd9f5f93484a
Also pack the tool, vboot_signer.sh script and the test keys into
otatools.zip. This allows signing ryu target without a source repo.
Bug: 35467608
Test: m otatools-package and check the newly included files.
Test: Use otatools.zip to sign a ryu target.
Change-Id: I70f7b359f21a579463d5c7251daac81a97e338cc
To prevent abuse of PRODUCT_*PROPERTY_OVERRIDES and
ADDITIONAL*PROPERTIES, the following rules should be applied.
- Mark PRODUCT_*PROPERTY_OVERRIDES readonly after reading product
specs.
- Disallow any changes on ADDITIONAL*PROPERTIES from product specs
and BoardConfig.mk.
- Mark ADDITIONAL*PROPERTIES readonly before reading Android.mk
files.
Test: building succeeded on marlin-userdebug.
Bug: 34116668
Change-Id: I93d8de086ec85ba787165a156bdcc7df04310be1
(cherry picked from commit 294286d95c)
This information can be used to tune ext4 stripe and stride in the
userdata partition for better performance
Test: Build & flash userdata, confirm correct stripe & stride values
Bug: 33243520
Merged-In: Ia97cdd2d0239c3484b895fce49299f692ef911d8
Change-Id: Ia97cdd2d0239c3484b895fce49299f692ef911d8
Signed-off-by: Connor O'Brien <connoro@google.com>
e2fsdroid is needed to create ext4 images with mke2fs. Also pack both
sets of mke2fs and make_ext4fs tools into otatools.zip. Because we use
the latest otatools.zip to create OTAs, which needs to handle
target_files.zip using either of them.
Bug: 34126605
Test: `m otatools-package` and check it has e2fsdroid and make_ext4fs.
Test: Use otatools.zip to sign a TF.zip that defines
TARGET_USES_MKE2FS={true,false}.
Change-Id: I9967e4f078cbe912914c6c511681cba82356ae8e
HOST_OUT_EXECUTABLES is already added to the PATH variable,
so it is not needed to add the path info for binaries in
misc_info.txt and <partition>_image_info.txt.
Earlier the mkuserimg item in the build_image dictionary is
hardcoded to "mkuserimg.sh", but now it is customized for
mkuserimg.sh and mkuserimg_mke2fs.sh, and maintained in
dictionary "ext_mkuserimg=$(MKEXTUSERIMG)" in misc_info.txt
and <partition>_image_info.txt, where it is used in the
build_image script while creating the images.
The problem here is the value for this key is set to build
path of the file mkuserimg file
$(HOST_OUT_EXECUTABLES)/mkuserimg.sh,
i.e. out/host/linux_x86/bin/mkuserimg.sh,
there by standalone signing the images using otatools is
not working as the executables are packed in bin folder.
Test: tools/releasetools/sign_target_files_apks
-p <extracted ota-tools.zip folder>
--extra_signapk_args=-f /etc/opt/cert_data.dat
-v
--replace_verity_private_key ~/build/target/product/security/verity
--replace_verity_public_key ~/build/target/product/security/verity.x509.pem
-k <key maping>
<input target files zip>
<output target files zip>
Change-Id: I57af1025ec38f3794f779c49faa0bf965afc6a5d
Added the missing shared library libpcre2.so for make_ext4fs
in the otatools.zip.
Standalone signing the images with otatools zip is not working
due to missing library for make_ext4fs.
Test: tools/releasetools/sign_target_files_apks
-p <extracted ota-tools.zip folder>
--extra_signapk_args=-f /etc/opt/cert_data.dat
-v
--replace_verity_private_key ~/build/target/product/security/verity
--replace_verity_public_key ~/build/target/product/security/verity.x509.pem
-k <key maping>
<input target files zip>
<output target files zip>
Change-Id: I4fc71a1c710f3075bb3bdb90d915538526004ee6
Add build targets for split sepolicy files so they'll appear in the root dir for
on-device compilation. nonplat_sepolicy will eventually be removed as it should
be provided by a different partition. Also replace sepolicy.recovery with the
appropriate split components.
Bug: 31363362
Test: Policy builds on-device and boots.
Change-Id: I017dabe6940c3cd20de6c00bb5253274d5a9269b
Add support for specifying number of inodes when creating
system, vendor, oem partitions. These are all read-only
and have no use for extra inodes. Removing extra inodes
saves a lot of space.
Bug: 32246383
Change-Id: I13f1d4614b64a4abc752c42a1c65d3d151481c21
(cherry picked from commit b59eca3586)
We are investigating replacing make_ext4fs with the upstream tool mke2fs.
To mitigate the trouble that may arise if the new tool behave differently
compared to the old one, there will be a transition period.
Devices that want to use the new way of creating ext4 images can set the
variable "TARGET_USES_MKE2FS" to true in their BoardConfig.mk
By default, the build system will choose the old tool 'make_ext4fs'.
Test: m otapackage with TARGET_USES_MKE2FS={,false,true}
Change-Id: I282bcb9efe335a86c53986283090ca947d65c7f8
Adds installed-files.json in addition to installed-files.txt
Further sorts the file list to be ordered within the same size bucket.
Test: manual, cross-checked checksums with sha256sum utility
checked build outputs.
Bug: 19988819
Merged-in: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Change-Id: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Signed-off-by: Sasha Levitskiy <sanek@google.com>
Often BOARD_USES_RECOVERY_AS_BOOT is used together with
BOARD_BUILD_SYSTEM_ROOT_IMAGE, but with this combination we're currently
not adding a hash footer to boot.img. Fix this.
Bug: 31119415
Test: Built with BOARD_USES_RECOVERY_AS_BOOT set to true and inspected images.
Merged-In: If033e5c93f5b71fd17405af7d970dc3f0540a1d2
Change-Id: I2f10bbffb0ba2467d53e3e62d5379c3ab7236063
Instead of using rot13 / rot26, use the Kati extension to mark these
variables as readonly.
Move $(strip) for a few variables to before they're marked readonly. Use
a different variable for modifications to BOARD_KERNEL_CMDLINE in
build/core/Makefile.
Test: build/tools/kati_all_products.mk on AOSP and internal master
Test: build-aosp_bullhead.ninja the same before / after
Change-Id: If98b24af763831a9c5c2de38037a69ab1bf9e023
While the system.img images currently built with AVB support verify
correctly, mounting the filesystem content fails. This is because
'avbtool add_hashtree_footer' used to claim some of the unused /
DONT_CARE space for stashing the verity tables and this resulting in the
mapped device ending up being smaller causing the mount failure.
Fix this by leaving enough room for AVB hashtree and metadata before
building the image. This is achieved by moving the AVB hashtree support
into build_image.py and using a just added '--calc_max_image_size'
option to 'avbtool add_hashtree_footer' to figure out how much space to
leave out.
This depends on https://android-review.googlesource.com/#/c/281821/
Bug: 31264226
Test: Mounting dm-verity set up from system.img now works.
Merged-In: I4c5de1004c1059f8c582e76b3b8517d427aa1a87
Change-Id: I945a5f1f6782791736cd319f216cfa6b448fb04d
