build_mixed script can't merge system and product VINTF
data yet.
Fixes: 131418170
Bug: 131425279
Test: build 'target_files_package' for 'mainline_system_google_arm64',
see META/system_manifest.xml
Change-Id: I366d9bc802ee0e6bdf8fe480303f3fee827c579d
They only contain prebuilts from older releases.
Test: m systemimage on affected internal lunch targets
Bug: 124293228
Change-Id: I059c9d0edb78e52838a25cef0472807847d77417
When odm is changed, device manifest/matrices should be included.
When product is changed, framework manifest/matrices should be included.
Bug: 130714844
Bug: 126770403
Test: build with odm and product VINTF metadata
Change-Id: I49c8083e0e7185ae7b96047d68f1f624b1113dfc
- Rename framework_manifest.xml to system_manifest.xml since that's more accurate.
- Add product_manifest.xml to base_product.mk
- Add product_manifest.xml to verified_assembled_framework_manifest.xml to check
it at build time.
Bug: 126770403
Bug: 130714844
Bug: 80547152
Test: build and inspect output
Test: lshal
Change-Id: I1b447d8c36f72768e28e9bcaa4d06afdeba08c2a
For an PRESIGNED APEX, it has the following format, which should be
considered as a valid input.
name="foo.apex" public_key="PRESIGNED" private_key="PRESIGNED" container_certificate="PRESIGNED" container_private_key="PRESIGNED"
Bug: 131153746
Test: Run sign_target_files_apks.py on a target_files.zip with PRESIGNED
APEXes.
Test: python -m unittest sign_target_files_apks
Change-Id: I51076b0c6eddfb75637d37659a08009f0a88e931
By sorting the content of the final output merged target files package, the
merged target files package is more like the target files packages generated by
a build.
Test: Generate merged target files package, verify that content is sorted.
Change-Id: Ic0c198630ebd7692a3f3f9663d85e4b45229175c
We used to require explicitly setting both (e.g. `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=` to skip signing `foo.apex`).
This CL allows specifying `-e` alone to achieve the same result.
However, if a conflicting `--extra_apex_payload_key` is also specified,
that would be considered as a config error.
Bug: 131153746
Test: Run sign_target_files_apks.py with `-e foo.apex=` alone to skip
signing foo.apex.
Test: Run sign_target_files_apks.py with `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=key` and expect assertion error.
Change-Id: Ia747f59ee726b60bdb1445024e749320171064c2
This is used by merge_target_files to prevent an unnecessary unzip and
copy.
Test: Ran merge_target_files.py and booted using the img.zip.
Change-Id: I6fe0dd025b30b3f4965c9b22fb6943019bf5899b
In some build targets, e.g., aosp_arm64_ab, $OUT/ramdisk is an empty
dir, and leads to rsync $OUT/ramdisk/* failure. Removing the trailing
asterisk to avoid throwing an error if it's empty. Note that the
trailing slash still needs to be kept to avoid creating an additional
directory level at the destination.
Bug: 126493225
Test: `make ramdisk_debug` on aosp_arm64_ab
Test: flash boot-debug.img on crosshatch still can adb root
Change-Id: I44937324379fa78fc26a4471ba94eb7694911c2d
Merged-In: I44937324379fa78fc26a4471ba94eb7694911c2d
Some targets have ramdisk.img but no boot.img, howerver,
ramdisk-debug.img only depends on boot.img. Fix this by making
ramdisk-debug.img depends on ramdisk.img.
Bug: 126493225
Test: make ramdisk_debug
Change-Id: I65120a3b3372712fafc26442354ee031eede0bd3
Allow setting it for host modules, it is necessary for
RoboLectric.
Remove some unused PRIVATE_DONT_DELETE_JAR_META_INF variables.
Remove unzip-jar-files, it is obsolete since merge_zips was
introduced.
Test: m checkbuild
Change-Id: I3f2fc466321904eace31525cbac99ad524f39188
The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.
See the following for more details about boot-debug.img:
https://android-review.googlesource.com/c/platform/build/+/947857
Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
command fails:
./build/tools/releasetools/sign_target_files_apks \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
It's a vendor-specific property, which was historically included into
/system/build.prop prior to this change.
Whether a target uses A/B OTA shouldn't affect anything on the system
image, including the `ro.build_ab_update` property. Moving it to vendor
partition will also make it consistent with other A/B specific configs,
such as the `slotselect` flag in device fstab
(/vendor/etc/fstab.$(PRODUCT_PLATFORM)).
Bug: 130516531
Test: Build and flash crosshatch-userdebug. Check /system/build.prop,
/vendor/build.prop and the runtime property.
Change-Id: I927625fbcc02c4a875a1f39850b51576f5ff6c66
This is to migrate sepolicy Makefiles into Soong. For the first part,
file_contexts, hwservice_contexts, property_contexts, and
service_contexts are migrated. Build-time tests for contexts files are
still in Makefile; they will also be done with Soong after porting the
module sepolicy.
The motivation of migrating is based on generating property_contexts
dynamically: if we were to amend contexts files at build time in the
future, it would be nicer to manage them in Soong. To do that, building
contexts files with Soong can be very helpful.
Bug: 127949646
Bug: 129377144
Test: 1) Build blueline-userdebug, flash, and boot.
Test: 2) Build blueline-userdebug with TARGET_FLATTEN_APEX=true, flash,
and boot.
Test: 3) Build aosp_arm-userdebug.
Change-Id: I486f7065207468697320776f726b732077656c6c
Non-installable, non-library modules can still have notice files
attached if they are bundled in an apex module, in which case the
current make setting would generate an error. This change makes it just
ignore them silently if the module is ETC. Other classes will still
trigger an error.
Test: manual build + TreeHugger
Change-Id: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
The two new debugging images adds additional files based on
boot.img and ramdisk.img/ramdisk-recovery.img, respectively.
File /force_debuggable is to trigger special logic in /init to load an
userdebug version of sepolicy and an additional property file from this
ramdisk to allow adb root, if the device is unlocked.
It's intentional to skip signing for boot-debug.img, as it can
only be used if the device is unlocked, where verification error
is allowed.
Those debugging images allows adb root on user build
system.img, vendor.img, product.img, etc. This can facilitate more
automated testings on user builds and is helpful to narrow down the
delta between what's being tested v.s. what's being shipped.
Bug: 126493225
Test: `make dist`, checks both boot-debug.img and ramdisk-debug.img
are in $OUT/ and out/dist.
Test: `make dist`, checks installed-files-ramdisk-debug.{json,txt} are
in out/dist.
Test: `system/core/mkbootimg/unpack_bootimg.py --boot_img $OUT/boot-debug.img`,
checks the extracted out/ramdisk is as expected
Test: Run `gunzip -c ramdisk | cpio -idm` for the ramdisk extracted from
$OUT/boot-debug.img and $OUT/boot.img, respectively.
Then compare the root dirs of both, e.g.,
`diff -rq --no-dereference ./ramdisk ./ramdisk-debug`
Test: `make ramdisk_debug-nodeps` and `make bootimage_debug-nodeps`
Change-Id: I30137c3caef91805d9143d404e5e4d06c0fccc30
This reverts commit a280a66b5a.
/init now switched to read adb_debug.prop from debug ramdisk instead
of GSI or other system.img. No need to keep the file in GSI.
See the following for more details:
https://android-review.googlesource.com/c/platform/system/core/+/946517
Bug: 126493225
Test: tree hugger
Change-Id: I981db8e13216fbe0f066f4d3684ee149b1177d22
The extensions is for OEM. To avoid AOSP code using OEM
extensions mistakenly. GSI denys product to use the extensions
by enabling the following property:
ro.nnapi.extensions.deny_on_product=true
Bug: 129900377
Test: make gsi_arm64-userdebug, check /system/build.prop
Change-Id: Ia679f1f9c108bd5a164c8cdeb1d73f57da755608
This allows update_engine listing the file as a required module,
regardless of the value in AB_OTA_UPDATER.
Bug: 130516531
Test: Build aosp_arm64-userdebug w/o setting AB_OTA_UPDATER. Check that
/system/etc/update_engine/update-payload-key.pub.pem is available.
Change-Id: Ied041aca750e7260402ae8dbf65ff740d0b87205
Bug: 30414428
Test: `m -j dist` with aosp_taimen-userdebug. Check
/system/etc/security/otacerts.zip available under system and
recovery images.
Change-Id: I5abeb2da441fb3e3231e094063c2383eb3807852
Merged-In: I5abeb2da441fb3e3231e094063c2383eb3807852
