These were found when trying to run remotely on RBE with only the
sources depended upon available for each rule.
Bug: 130111713
Test: treehugger
Change-Id: Id763f8fc7dfbe60445f98604db3422147165f537
BOARD_SUPER_PARTITION_WARN_LIMIT can be set by OEMs to print
a warning when the sum of sizes of logical partitions exceed the same.
It is set to 95% of BOARD_SUPER_PARTITION_SIZE by default.
Bug: 133329143
Test: mmm -j32
Change-Id: I7d3bedd970a92be60991898e436f63d914359301
Include misc_info.txt (of CF's super.img) in *-img-*.zip.
This is needed if we want to rebuild super.img by replacing
some partitions in it.
Other tools, lpunpack and lpmake, are included in CF's
host package in another CL.
Bug: 134461288
Test: $ lunch aosp_cf_x86-userdebug
$ m dist
$ unzip -l $OUT/*-img-*.zip | grep misc_info
619 2019-05-27 17:42 misc_info.txt
Change-Id: Idf6146c2a7f9f32c9c4e5ddd2f6b9e65fc6bf55b
When using Verified Boot 2.0, releasetools specifies a salt value based
on build fingerprint, so that to give idempotent images.
However, the change that removed static `ro.build.fingerprint` [1] broke
the behavior, as common.LoadInfoDict still relies on fingerprints.
Without a fixed salt, the first call to make_recovery_patch.py and the
second one (which writes IMAGES/{boot,recovery}.img) will see different
images, which leads to install-recovery.sh failure.
Note that currently there's a dependency that requires getting bootable
images through two separate calls. make_recovery_patch.py has to happen
first to get (placeholder) files in the system image. We then generate
canned fs_config files, and finally use add_img_to_target_files.py to
write the images.
This CL adds a quick workaround to force rebuilding the
recovery-from-boot patch while calling add_img_to_target_files.py.
[1] https://android-review.googlesource.com/c/platform/build/+/892933
Bug: 134123803
Bug: 134525174
Test: TreeHugger
Test: Build a non-A/B target that uses AVB. Run validate_target_files.py
on the generated target_files.zip.
Change-Id: I5859e30be63bfd54398cf41fd2d907f15285f560
$(BUILD_NATIVE_TEST) will install a test binary into /testcases
regardless of is proprietary or not.
For now, since NOTICE.xml for a system partition depends on all modules in
/testcases, "m systemimage" may trigger "installing a proprietary test".
Modules in /testcase are not actually installed, so we can ignore them
when we make a notice file.
Bug: 133454731
Test: (internal) m systemimage, and see /vendor/lib if there are
unexpected files installed.
Change-Id: I54ee51a761049b8a5ce9e3369b30b7ade6344146
This enables mixed builds to use the file_contexts.bin from the system
build when regenerating images that come from system target files, and
similarly for file_contexts.bin from the other build when regenerating
images from other target files.
In monolithic (non-mixed) builds all image-specific selinux_fc props
point to the same file_contexts.
Bug: 132108151
Test: Built and booted mixed build devices.
Change-Id: Id51ed6d96ea6337879f1ab21d47c93c67bc25312
Since aosp/887473 removed ro.expect.recovery_id,
There is no usage of "RECOVERYIMAGE_ID_FILE" which points
$(PRODUCT_OUT)/recovery.id.
Test: m && boot
Change-Id: I704af874b7e4141d2e006595242f7b681aa47f05
In device root directory, we have the following symlinks:
- /odm/app -> /vendor/odm/app
- /odm/bin -> /vendor/odm/bin
- /odm/etc -> /vendor/odm/etc
...
This allows the Generic System Image (GSI) to be used on both devices:
1) Has a physical odm partition, where those symlink will be hidden
when /odm is used as the mount point
2) Has no physical odm partition and fallback to /vendor/odm/.
We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.
The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink:
- /odm/build.prop -> /vendor/odm/build.prop.
Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).
Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Test: make dist with an odm.img, checks $OUT/odm/etc/build.prop is loaded
Change-Id: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
Merged-In: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
(cherry picked from commit 6c62884000)
The current solution expects BOARD_PREBUILT_DTBIMAGE_DIR to
contain prebuilt DTB files that are concatenated by the build system
to create $OUT/dtb.img. In order to accommodate devices that build
the dtb image locally, make boot.img creation depend on $OUT/dtb.img
only when BOARD_PREBUILT_DTBIMAGE_DIR is undefined.
Bug: 133161451
Test: Build with BOARD_PREBUILT_DTBIMAGE_DIR undefined and verify
using unpack_bootimg.py that $OUT/dtb.img was included in boot.img.
Change-Id: Iae2c634ccdc1d83589b26d382882f75fb8565a31
Bug: 131437873
Test: Built system-only and vendor builds for merge. Compared
resulting apkcertx and apexkeys text files to that of a monolithic
build,
Test: Created colliding entries in both apexkeys and apkcerts text
files and ensure the script exited with an appropriate error message.
Test: Created unit tests to cover both non-colliding and colliding
entries
Change-Id: I6e42ce682ffa9059344e8cd63ba3a720c1f93452
Phony rules with recipes run on every build, move the recipe for
check-all-partition-sizes to a rule with an output.
Fixes: 132900128
Test: m && m
Change-Id: I9b4d335bf269cd09a01094e895fc15053b410415
os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
Bug: 132197773
Test: property present in vendor/build.prop
Currently, the property resides in product partition which gets
overwritten by the GSI image. Moving it to vendor will ensure
that the property is set even when a GSI image is flashed on the device.
Change-Id: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
symbols.zip is created while files that are not part of the platform
build but were requested on the Make command line (for example by
passing "tests") are still being installed. Installation often
involves removing and then recreating the file. If the file
exists when the list of files to be zipped is created, but is
removed when soong_zip is zipping, it fails with an error. Pass
--ignore_missing_files to silence the error and keep zipping.
Fixes: 79503862
Test: m checkbuild
Change-Id: I1fbbf1f1396948288ee133c319b2e19dee97983b
Bug: 123428770
Test: Built system-only image and checked that no boot.img or
recovery.img files where created. Booted the resulting merged build on
device.
Change-Id: I760476502775e68125907c39e66b8665e789a798
This keeps the packed shared libs in sync with their executables.
This CL also changes the packing location of mke2fs.conf, from
system/extras/ext4_utils/mke2fs.conf to bin/mke2fs.conf.
Bug: 34738751
Test: `m -j otatools-package`. Compare the packed files against the ones
prior to this CL.
Change-Id: Icae88e3cd898460f5ba7dc11ab8a57350630c432
libcurl-host.so was added for delta_generator (commit f8e6fbe2f5).
libext2_misc.so and libext2_profile-host.so were added for e2fsck and
build_verity_tree (commit d0ec665727). None of them is actively used by
otatools.
Bug: 34738751
Test: `m -j otatools-package`. Unzip and check that there's no missing
shared libs reported by ldd.
Change-Id: Id229e450f5f2eaa03a6c6cf568a1912add06754c
When /boot partition is chained in AVB signing, libavb will try to
read AVB footer from the end of /boot partition, even if the device is
unlocked. However, this makes device unbootable when the unsigned
boot-debug.img is flashed on /boot partition. This CL uses a test key
from external/avb to sign the boot-debug.img if /boot partition is
chained.
Bug: 126493225
Bug: 129508966
Test: Enables chain partition for boot.img, `make bootimage_debug` then
checks `avbtool info_image --image $OUT/boot-debug.img`
Test: `make bootimage_debug-nodeps`
Test: boot a device with a chained boot-debug.img
Change-Id: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
Primarily for use with build_test during presubmit.
Moved the check to main.mk to avoid nonobvious dependency on
product_target_FILES from main.mk to Makefile.
Test: m systemimage
Test: build/soong/build_test.bash
Test: m out/target/product/taimen/system/lib/libdexfile.so; m systemimage;
check that "find"-based check fails
Test: Add a system library to APEX_MODULE_LIBS; m systemimage;
check that "product_target_FILES"-based check fails;
env DISABLE_APEX_LIBS_ABSENCE_CHECK=true m systemimage;
check that it works
Bug: 124293228
Change-Id: I7a93cc0ac4480404a3d56c75eb43ae499e8a3a05
Note: libtombstoned_client.so was moved from the Runtime APEX to system with
http://r.android.com/941388.
Test: m systemimage
Bug: 124293228
Bug: 131587358
Change-Id: I9e517d3c2344b39cf2743a34723572e646675677
These were added as part of http://r.android.com/731514, but
most of these properties make no sense for the bootimage. Revert
to only defining date, date.utc and fingerprint.
Bug: 131066061
Test: inspect vendor/build.prop
Test: boot, no SELinux warnings for removed props
Change-Id: Ibbeff9870a5b71e83c2cceeb1327b12600077b23
When set, product-img-tag.zip contains super.img instead of individual
user images from target files. For virtual devices, super.img is needed
to boot the device, but individual user images aren't needed.
Test: on A/B DAP, with flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor / system_other
Test: on non-A/B DAP, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor
Test: on A/B retrofit, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super_*.img and system_other.img, but not system / vendor
Bug: 113175337
Change-Id: I94e33091d0c837cae40776176b4dcfdd338aba90
build_mixed script can't merge system and product VINTF
data yet.
Fixes: 131418170
Bug: 131425279
Test: build 'target_files_package' for 'mainline_system_google_arm64',
see META/system_manifest.xml
Change-Id: I366d9bc802ee0e6bdf8fe480303f3fee827c579d
They only contain prebuilts from older releases.
Test: m systemimage on affected internal lunch targets
Bug: 124293228
Change-Id: I059c9d0edb78e52838a25cef0472807847d77417
If set to true,
- super.img is built from images in $PRODUCT_OUT
- super.img is built to $PRODUCT_OUT
- super.img is built when 'make'.
'make dist' still builds super image from images in target files to
intermediates directory.
This flag is useful for virtual devices, but isn't intended to be set for
actual devices. For actual devices, userspace fastboot should flash
super_empty.img and individual user images separately.
Test: on cuttlefish (flag is set),
make # generates $OUT/super.img
make superimage # generates $OUT/super.img
Test: on real non-retrofit DAP device (flag is not set)
make # no super.img is generated
make superimage # generates $OUT/obj/PACKAGING/.../super.img
make dist # generates out/dist/super.img
Bug: 113175337
Change-Id: Ieb81e4fbb663bb4b69e9962c3fa9f16b03aeb907
