Commit graph

16 commits

Author SHA1 Message Date
Kelvin Zhang
928c2341a6 Allow zip64 support when opening zip files
When opening an zip file through zipfile.ZipFile(), python2 by default
disables zip64 support. To support update files >4GB, we manually add
allowZip64 to override the setting.

Test: generate && serve an OTA

Change-Id: I9645e963ced830cc2d3a4b72bc63b9369a1cefe8
2020-09-22 16:53:39 -04:00
Kelvin Zhang
f2e846fb91 Check for duplicate entries in build.prop in validation script
Test: Added Unit test
Bug: 143013566
Change-Id: Ida14507a4a6034990bc81d5263ef1cea34f589c1
2020-07-06 15:13:11 -04:00
Tao Bao
22632cc82c releasetools: Support verifying files with non-monotonic ranges.
Fixes: 79951650
Test: Run validate_target_files on target_files.zip with files in
      non-monotonic ranges.
Test: python -m unittest test_validate_target_files
Test: python3 -m unittest test_validate_target_files
Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-03 23:21:22 -07:00
Tao Bao
c99819311c Also install verity_key to ramdisk for non-system-as-root target.
The commit in d14b895665
(https://android-review.googlesource.com/c/platform/build/+/728287)
changed partition layout, to always build the root dir into system.img,
even for devices not using system-as-root (i.e. the ones with separate
boot ramdisk).

With the new layout, there will be two root dirs for non-system-as-root
targets during the boot. If such a device uses Verified Boot 1.0,
/verity_key needs to be available in both roots, to establish the chain
of trust.
 - bootloader uses the baked-in key to verify boot.img; it then loads
   the ramdisk from the verified boot.img
 - First stage init uses /verity_key (in ramdisk) to verify and mount
   system.img at /system, then chroot's to it
 - Second stage init uses /verity_key (in system.img) to verify and
   mount other partitions

This CL adds rules to additionally install verity_key into ramdisk for
such targets.

Bug: 139770257
Test: Set up a target to use non-system-as-root
      (BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`.
Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist
      in the built target_files.zip.
Test: Run validate_target_files to validate the above target_files.zip.
      $ validate_target_files \
          --verity_key_mincrypt /path/to/verity_key \
          target_files.zip
Test: Run sign_target_files_apks to sign the above target. Re-run
      validate_target_files on the signed target_files.zip.
Test: python -m unittest test_validate_target_files
Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
2019-09-17 08:53:16 -07:00
Tao Bao
a370545a2c releasetools: Make additional modules Python 3 compatible.
Bug: 131631303
Test: `python -m unittest test_sign_target_files_apks`
Test: `python3 -m unittest test_sign_target_files_apks`
Test: `python -m unittest test_add_img_to_target_files`
Test: `python3 -m unittest test_add_img_to_target_files`
Test: `python -m unittest test_ota_from_target_files`
Test: `python3 -m unittest test_ota_from_target_files`
Test: `python -m unittest test_validate_target_files`
Test: `python3 -m unittest test_validate_target_files`
Test: Run `python3 ota_from_target_files.py` to generate an OTA.
Test: Run `python3 sign_target_files_apks.py` to sign a target_files.
Change-Id: I56b45bbcbf7aa83e690785a9640c0212e45d12d8
2019-06-27 09:05:48 -07:00
Tao Bao
82490d3de1 relesetools: Enable releasetools_test in presubmit.
About half of the testcases rely on external tools (i.e. the ones in
`otatools.zip`, which are external to releasetools module, but still
built by Android). It's WAI as releasetools scripts are mostly for
gluing purpose.

However, the current support in Soong doesn't allow packing the helper
modules as part of the built releasetools_test. This CL adds a decorator
that allows declaring external dependencies in testcases, which will be
skipped while running in presubmit. It doesn't affect local invocation
of `atest releasetools_test`.

Fixes: 112080715
Test: `atest releasetools_test`
Test: TreeHugger; check that releasetools_test is invoked (and test
      passes).
Change-Id: I8fdeb6549023cf5ddeb79d610c7c37cf9f13d3cc
2019-04-12 15:26:35 -07:00
xunchang
c0f77ee489 Check the completeness of original blocks during target files validation
The validate_target_files.py checks the 'incomplete' field of the range
in file_map. And range has already considered the shared blocks and
could be smaller in size than the original file range. Therefore, the
'incomplete' flag was set on the original range in common.py; and we
should switch to use the original range also during validation.

I also checked another flag usage in CanUseImgdiff(), and it has
explicitly rejected cases of shared blocks.

Bug: 124868891
Test: unit tests pass
Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-20 15:47:30 -08:00
Tao Bao
7549e5e919 releasetools: Create VerityImageBuilder.
Test: `m dist` with aosp_marlin-userdebug (VB 1.0)
Test: `m dist` with aosp_taimen-userdebug (VB 2.0)
Test: `python -m unittest discover .`
Change-Id: I8c016b7621b73f220fb2a4586cc45a21eeee438d
2018-11-06 10:00:28 -08:00
Tao Bao
28f201b417 releasetools: Fix a broken test due to verity utils relocation.
Test: python -m unittest test_validate_target_files
Change-Id: I2267e18f63d4a36ecd5fff911848470a860ab6cf
2018-10-13 19:27:52 -07:00
Tao Bao
65b94e92be releasetools: Add a common base class for unittests.
All the releasetools unittests extend the common base class of
test_utils.ReleaseToolsTestCase. Define tearDown() in the base class to
do the clean-up works.

Test: `pylint --rcfile=pylintrc test_*.py`
Test: `python -m unittest discover .`
Change-Id: I51775d964ef032dcdf3bb89c55e1a31371cde708
2018-10-11 23:01:09 -07:00
Tao Bao
73dd4f45f3 releasetools: Set default stdout and stderr in common.Run().
stdout and stderr will default to subprocess.PIPE and subprocess.STDOUT
respectively (which is the expected behavior from most of the existing
callers), unless caller specifies any of them.

Test: `m dist`
Test: python -m unittest \
          test_common \
          test_add_img_to_target_files \
          test_ota_from_target_files \
          test_validate_target_files
Change-Id: I43b3f08edfa8a9bcfe54baf9848dc705c048e327
2018-10-04 17:05:09 -07:00
Tao Bao
c6bd70a5e6 releasetools: Raise on image building errors.
The image building functions in build_image.py have been returning
(success, result) or special values to indicate the validity of the
result. The same logic can be better expressed by raising exceptions
instead, because
 a) using a special value relies on caller to check for that magic
    value;
 b) exceptions can carry additional messages other than a boolean does,
    e.g. the output from the failing command;
 c) caller can have cleaner code flow without explicitly checking for
    the validity of the result.

This CL changes such functions to raise on errors. The majority of these
functions are internal to build_image.py only, except for BuildImage()
that has a few callers in add_img_to_target_files.py (which all die upon
error anyway).

Test: `m dist`
Test: python -m unittest test_build_image
Test: python -m unittest test_add_img_to_target_files
Test: python -m unittest test_validate_target_files
Test: Inject an error to the depended binaries (e.g. avbtool), and check
      that build_image.py exits with error messages.
Change-Id: Ibe4d51e267756bb1a00fa9238a213f9d55fd9b58
2018-10-03 11:31:44 -07:00
Tao Bao
35f4ebc957 releasetools: Clean up the use of partition_size.
Unless using dynamic partitions, `partition_size` should be a fixed
value that equals to the partition size in BoardConfig. It should stay
the same when building an image for that partition. Only the actual
image size that's used to hold the filesystem could be adjusted. This CL
cleans up the uses of `partition_size` and `image_size` to better
reflect such logic.

With dynamic partitions, the only thing that changes is the need to
compute `partition_size` upfront. Once that's done, `partition_size`
should remain unchanged.

Test: `m dist`
Test: `python -m unittest test_add_img_to_target_files`
Test: `python -m unittest test_validate_target_files`
Change-Id: Idedb3e018c95e8f63dc4d9c423be27f30ebb584f
2018-09-27 18:06:59 -07:00
Tianjie Xu
573322279a Use the new executable for mkuserimg_mke2fs
This is in line with the change of mkuserimg_mke2fs.sh to python binary.

Bug: 112555072
Bug: 63866463
Test: unittests pass
Change-Id: I82c0be1e5bbc685edc15120da73aa43fdc9f2f05
2018-09-05 20:52:47 +00:00
Tao Bao
b4ec6d752a Remove the hard-coded path of build_verity_metadata.py.
build_image.py used to invoke build_verity_metadata.py with a hard-coded
path of 'system/extras/verity/build_verity_metadata.py', which makes it
hard to run unittests from non-$(ANDROID_BUILD_TOP) directory.

This CL adds the dependency on the tool, so that it gets installed to
$(HOST_OUT_EXECUTABLES), then removes the hard-coded path.

Bug: 74544459
Bug: 76015688
Test: `m dist`
Test: python -m unittest test_validate_target_files
Change-Id: I0dcf4eb067a0db6f099cb589eb99a151a05c7f2b
2018-03-21 21:15:59 +00:00
Tao Bao
ba557707d8 releasetools: Support validating Verified Boot images.
For a given (signed) target-files.zip, this CLs allows verifying the
Verified Boot related images. It works with both of VB 1.0 and VB 2.0
images.

As part of the CL, it also moves validate_target_files.py to argparse,
which is more flexible than the traditional getopt module.

Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in
follow-up CL.

Example usage:

- Run the script on aosp_bullhead target-files.zip.

$ ./build/make/tools/releasetools/validate_target_files.py \
    --verity_key build/target/product/security/verity.x509.pem \
    --verity_key_mincrypt build/target/product/security/verity_key \
    aosp_bullhead-target_files-4522605.zip

- Run the script on aosp_walleye target-files.zip.

$ ./build/make/tools/releasetools/validate_target_files.py \
    --verity_key external/avb/test/data/testkey_rsa4096.pem \
    aosp_walleye-target_files-4627254.zip

Bug: 63706333
Bug: 65486807
Test: Run validate_target_files.py on target_files.zip files.
Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \
          test_validate_target_files
Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-12 00:17:09 -07:00