Update the OTA generation script to understand SELinux file
labels and file capabilities.
Make fs_config aware of SELinux labels and file capabilities, and
optionally output those elements whenever we output the
UID / GID / file perms. The information is emitted as a key=value pair
to allow for future extensibility.
Pass the SELinux file label and capabilities to the newly created
set_metadata() and set_metadata_recursive() calls. When the OTA
script fixes up filesystem permissions, it will also fix up the SELinux
labels and file capabilities.
If no SELinux label and capabilities are available for the file, use
the old set_perm and set_perm_recursive calls.
Bug: 8985290
Bug: 10183961
Bug: 10186213
Change-Id: I4fcfb2c234dbfb965cee9e62f060092a4274d22d
The existing logic in common.py breaks string arguments incorrectly:
e.g. --para1 val1 --para2 "val2 is a string" will be output as:
'--para', 'val1, '--para2', 'val2' 'is' 'a' 'string'
This will cause mkbootimg command fails due to the invalid arguments
generated from the wrong parsing.
The patch fixes this issue to get:
'--para', 'val1, '--para2', 'val2 is a string'
Change-Id: Ia34ec357550f11ae9d6adc719d86a0c6a9099fbc
Signed-off-by: Jianxun Zhang <jianxun.zhang@intel.com>
Support using custom mkbootimg to allow boards to specify custom
boot image formats. Also export this as the environment variable
MKBOOTIMG to the *_from_target_files releasetools scripts.
Change-Id: I2084273b1175de097fb7da5c4f2264ea8014d74f
Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Added support to perform a string replace of specified
dev keys with release keys when using the release tool
scripts.
Change-Id: Id0e945b0d62720c41f5ca9764a00de4bcdecaab4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Add "dev-keys" or "test-keys" to the value of ro.build.display.id for
user builds. (This is the property that is displayed under "Build
number" in the Settings UI.) Modify the signing script to remove the
keys tag from this value when signing.
Change-Id: I3d9d92056f8567d7f84b1be047619be7c6e4c419
Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
(cherry picked from commit a28acc6972)
Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
Replace OTA script constructs of the form:
assert(foo);
with
foo || abort("sensible message");
so that the log and the on-screen display is somewhat more accessible
to non-experts. (assert() displays the source code of the false
expression 'foo'.)
Change-Id: Ic99448e4466561d305b167cd4d5c1f0f2dbadcce
When not building locally and just using a target-files.zip from some
other build, it still tries to access the file_contexts from the out/
directory. This change instead looks at the unzipped target-files.zip
hierarchy to grab that information.
Bug: 9191141
Change-Id: I6ea12e82d6c6376fcada412314c5eefc97ff4853
With this change, e2fsck is run only when you build the update.zip file,
which is built when "dist" is among the make command.
Bug: 7591683
Change-Id: I446b71d5aa9295aff3af622f115175f769746615
At this point, userdata_size has been converted to partition_size in
build_image.ImagePropFromGlobalDict().
Change-Id: Ida6be1905ca3109c2660274a16359a9f3fbcd94d
When /system/etc/recovery-resource.dat is available, use it to
construct the recovery-from-boot patch.
Change-Id: I1575f7d284711323186ca6823842eb2a866fd890
Arrange to take $(BOARD_MKBOOTIMG_ARGS) and pass it to all invocations
of mkbootimg from within make, and to store it in the target_files so
it can be used by future invocations of img_from_target_files and
ota_from_target_files.
Bug: 6918260
Change-Id: I7130ac52e96bd51d4d8b80ca036635e1626f01f1
When building a bootable image with mkbootfs, use the set of file
metadata that's stored in the target_files zip (when available),
rather than whatever is built into the mkbootfs binary at the time the
image is built.
Bug: 6435132
Change-Id: If6c59149bdbcc9a67e5ab9161398f355bd1f511d
Pass the file_contexts configuration to the releasetools scripts
so that the security contexts of files can be properly set for OTA
and update packages.
Requires Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
Change-Id: I5a63fd61a7e74d386d0803946d06bcf2fa8a857e
A block of code that should be evaluated for all
image types was instead only being run for yaffs
partitions.
Change-Id: I83ccbd7fa3c1bc02b9bba0832701ecc258e40a7d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Checksum the entire recovery partition at boot time to see if we need
to rewrite it, rather than just the first 2kb.
Bug: 5668350
Change-Id: I777754f92e8da630ae3c09bb0d4c41884ff62f39
Checksum the entire recovery partition at boot time to see if we need
to rewrite it, rather than just the first 2kb.
Bug: 5668350
Change-Id: I777754f92e8da630ae3c09bb0d4c41884ff62f39
Bug: 5153694
To build cache.img, set BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE (required,
ext4 only for now), BOARD_CACHEIMAGE_PARTITION_SIZE (optional) in
BoardConfig.mk.
Change-Id: I1d8b91646aa1dba88285e008ad3335768bcbddd2
Bug: 5398808
Before this change we have duplicate code in the Makefile and the
python-based releasetool. That's a real headache to maintain.
Change-Id: I8ddf04a79c6886540e89d990f723d8f77c9dd883
The signing and OTA-building tools now understand the
default_sys_dev_certificate value which may be present in the
META/misc_info.txt file of the target-files packages.
Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
The Package Manager handles this now. To share a UID, all packages
must be signed with exactly the same set of certs.
Change-Id: I2fd08923f55f02ae2f1d503266ab124be2472921
Works around a problem observed on a retail device: incremental update
from build 1 to build 2 partially completed, leaving a mix of files
from the two builds. (Why it booted into the regular system instead
of recovery to restart update installation is still a mystery.)
build.prop was one of the files updated, so the device reported itself
as having build 2. The device hobbled along for months in this state,
until build 3 was released and the 2-to-3 incremental package
repeatedly failed (because some of the files it was trying to patch
were build 1).
This change makes updating build.prop the very last thing does by an
incremental update script, so if installation is aborted and the
regular system starts (and works at all), it will continue reporting
itself as build 1 and be sent the 1-to-2 OTA package again.
Change-Id: I1edc1dcef2bd2495b6fd96517c2f4c574b994f27
Nothing calls this, and the updater function it calls no longer
exists. The HTC-device-specific thing it used to do was moved to HTC
extension libraries.
Change-Id: I2252adf44ea0c5beb6e9379215d7337880f66f68
Gmake in Darwin has file descriptor leak.
In a full build, ota_from_target_files will inherits
more than 2000 open PIPEs from gmake and fails in a call to select.select().
This change fixes the build by closing the PIPEs before doing real work.
Change-Id: Ie7035d7add0b1da3afb6bf9c2009d40f8c7d29b3
Specifying one or more key files (without .x509.pem extension) as
TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable
keys for recovery packages. They are *not* included in otacerts.zip,
so actual downloaded over-the-air packages can't use them, but they
can be used to sign sideload-only packages.
Bug: 3413359
Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776
img_from_target_files now, with the -z flag, will produce an output
zip with only the bootable partitions (boot and recovery).
img_ and ota_from_target_files can take, instead of a simple
"target_files.zip", a name of the form
"target_files.zip+bootable_images.zip", where the second zip contains
bootable images that should be used instead of building them from the
target_files.zip. (This should be the zip produced by the above -z
flag, perhaps with the images messed with in some way, such as by an
unnamed OEM's extra signature wrapper for their "secure boot"
process.)
Bug: 3391371
Change-Id: Iaf96dfc8f30e806ae342dcf3241566e76ae372d4
If making /data and it's an EMMC interface, reserve the last 16 Kbytes
of the partition for the crypto footer.
Change-Id: Ia2c0bb53a545f074e79fc9d6ac04faee75fb9be4
Gmake in Darwin has file descriptor leak.
In a full build, ota_from_target_files will inherits
more than 2000 open PIPEs from gmake and fails in a call to select.select().
This change fixes the build by closing the PIPEs before doing real work.
Change-Id: Ife021382198642a97bbbf0b623e4f24f3d86b2b2
Merge commit '8317e66433903badaec8ebd2b9ec2b8153f3d612'
* commit '8317e66433903badaec8ebd2b9ec2b8153f3d612':
make info_dict and GetTypeAndDevice available to device extensions
Make recovery image depend on the fstab file so it gets rebuilt when
fstab changes. Add support for "emmc" fstab partition type to
edify_generator.
Change-Id: Ic5df4e86c24321bf7d82a644e3e4770352e4f64b
Include the recovery.fstab file in the recovery image. Remove the
global fs_type and partition_type values from the target-files
key/value dict, and parse the recovery.fstab file instead to find
types for each partition.
(Cherrypicked from gingerbread w/some edits to resolve conflicts.)
Change-Id: Ic3ed85ac5672d8fe20280dacf43d5b82053311bb
Include the recovery.fstab file in the recovery image. Remove the
global fs_type and partition_type values from the target-files
key/value dict, and parse the recovery.fstab file instead to find
types for each partition.
Change-Id: I35ee2dd0989441dc2a704b63c1b32e598049acb5
Instead of separate files for recovery api version, tool extensions,
and mkyaffs2 options, put those all in the generic key-value file.
Change-Id: Ib642311632844d52e4895fd4747093fc7e86232d
Do the yaffs-specific adjustments to image sizes in common.CheckSize,
instead of baking it into the image size stored in the target-files
package. Remove the special fs_type flag and fold it into the
"info_dict" we have for saving key-value pairs from the build system.
Change-Id: I6e63f3330f6277d9a946b22e66cadeb51203ba14
Move the image sizes into a more generic key-value file. Make them
optional. Add additional key/value pairs describing what kind of
filesystem the device uses. Pass new fs-type-related arguments in
edify scripts when mounting and reformatting partitions.
Don't include all the init.*.rc files from the regular system in
recovery -- they aren't needed, and break recovery on some devices.
Change-Id: Ic1c651f754ed00ba1cffe8cf56c43f7f3b0ebfd7
This makes them accessible from device-specific extensions (so they
can be used to send radio images as binary patches, for instance).
Change-Id: I2f2174b93b4265abf9400f9e5a0982caca0771e9
Merge commit '9314823c06d4434bf18d589c2fdea490428becf8'
* commit '9314823c06d4434bf18d589c2fdea490428becf8':
return to using subprocess for running commands
Reverts Ic4f1c747 and fixes the problem by splitting the extra_flags
argument (it wasn't working before because it was getting one argument
"-c 4096 -s 128" instead of four arguments "-c", "4096", "-s", "128"
and mkyaffs2image apparently just ignores that bogus argument?)
Change-Id: Ib1e08d634aa68bfab0f7e09680d407f2cee0797d
Remove the remaining (unused and untested) support for generating
amend scripts. This means that you won't be able to OTA directly from
cupcake to gingerbread.
Change-Id: Iaf5295db92a42b336960d05295f48b67cb729337
Merge commit '485bd44d0d78f9f612075e17db1adb281741c84f'
* commit '485bd44d0d78f9f612075e17db1adb281741c84f':
Fix mkyaffs2image extra flags in the release tools.
ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained (supported by apriori/soslim).
Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I500e325bf4a70a8d69a2ab9b2938e83dadb4e65d
Move the image sizes into a more generic key-value file. Make them
optional. Add additional key/value pairs describing what kind of
filesystem the device uses. Pass new fs-type-related arguments in
edify scripts when mounting and reformatting partitions.
Don't include all the init.*.rc files from the regular system in
recovery -- they aren't needed, and break recovery on some devices.
Change-Id: I40e49e65f0d76f735259e4b4fef882322cd739da
Remove the remaining (unused and untested) support for generating
amend scripts. This means that you won't be able to OTA directly from
cupcake to gingerbread.
Change-Id: Ie7179a5f2e5ca0d2c0305000344ac39b1dd7385f
Store a dump of the desired uid/gid/mode for every system file in the
target_files zip. Modify ota_from_target_files to use this stored
information when it is available, instead of running fs_config from
the current client (which might be out of sync from the one where the
target_files zip was built).
b/2516887 - New android_filesystem_config.h needed
Change-Id: I8409a0265d1d50daad9c2bc033c99b74b8931b20
applypatch now takes patches as blob-valued arguments instead of just
filenames, eliminating the need to unpack all patches to /tmp before
starting to apply them.
Revert the last change I made where sha1_check(read_file(...)) was
substituted for apply_patch_check(...). apply_patch_check() knows to
check /cache/saved.file if the original source file is missing or has
a bad checksum, which is important if the device loses power or
otherwise restarts during patching.
Change-Id: Ia5b761474b0f809a5a5eed29455b1b145145699e
- Delete the applypatch code (it's being moved to bootable/recovery).
- Change the OTA script generator to verify the sha1sum of all the
patch files after they are unpacked into /tmp.
b/2361316 - VZW Issue PP628: Continuous reset to Droid logo:
framework-res.apk update failed (CR LIBtt59130)
Change-Id: I5858d48f10127f72e708d50d3de844569d1aff27
(Cherry-pick from donut.)
Delete the old recovery-from-boot patch before patching system files,
then install the new one at the end of the process. Also fix an issue
with applypatch returning the wrong status.
Change-Id: I614fce39f307eded696ba792912b863f9fb0580b
Three unrelated changes:
- change the add-radio-file makefile function to support adding files
with paths. (The path part of the pathname is stripped off.)
- add an UnmountAll function to the OTA script generation code, so
that we can explicitly unmount everything we've mounted (in addition
to doing it automatically at the end of the script).
- add the updater API version to the info object passed to
device-specific code.
Change-Id: Ia62b15403c1cc8fce8d9910f291450c8077e49f4
Apply the same changes to tags to ro.build.tags that we do for the
tags in the fingerprint (ro.build.fingerprint) and the description
(ro.build.description).
Change-Id: Ie5a057d8f04cbc32d849f91e1f9d2ea7832e81f6
http://b/2363735 - release-key user builds ship with property ro.build.tags == test-keys
Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a
prebuilt or otherwise) as needing the default test key within the
system, but one that should be signed after the target_files is
produced but before sign_target_files_apks does the rest of the
signing. (We use this to ship apps on the system that are signed by
third parties, like Facebook.)
The check_target_files_signatures determines what key was used to sign
every .apk in a given target_files. It can compare that signature to
that of another target_files (eg, the previous release for that
device) and flag any problems such as .apks signed with a different
key.
Merge commit '8bec09ee7264160e4e08973a0efcc6bd2c898925' into eclair-mr2
* commit '8bec09ee7264160e4e08973a0efcc6bd2c898925':
add 'extras' mechanism to OTA and signing tools
Make the recovery image be the first thing installed in system/ in the
OTA package, so it will get installed even if the system partition
fills during OTA installation.
Store the location of the releasetools extensions in the target-files
zip, and make ota_from_target_files use that stored location by
default (though it can still be overridden with -s if desired).
Change ota_from_target_files to compute binary patches for all the
changed files in the OTA package in parallel. On a recent test build
this cuts incremental construction time roughly in half (6 min to 2
min 40 sec).
Make the OTA progress bar advance a bit more smoothly by reallocating
how much is dedicated to various phases of incremental OTA
installation, based on some crude measurements of how long each phase
takes.
imgdiff now understands the zip file format and can produce smaller
patches by doing the patching in uncompressed space. Start taking
advantage of this for .zip, .apk, and .jar files.
When unzipping a target-files which has been signed with OTA key
replacement, you'll get "overwrite this file?" prompts because the key
files appear in the zip files twice. Suppress these prompts.
Many developer phone products don't define PRODUCT_OTA_PUBLIC_KEYS, so
add a default key.
This change doesn't affect device code.
Merge commit 'b6153173952895441e55d0ff6be332bb7c7605e2'
* commit 'b6153173952895441e55d0ff6be332bb7c7605e2':
use the max image sizes from the target files zip
For some time now the build system has included all the max image
sizes in a file in the META directory. Use these instead of needing
to parse the BoardConfig.mk file for the device at the time of
building an image or OTA package.
Merge commit '828bbfb18838f04b93ffbed0d7d3b597beaa534c'
* commit '828bbfb18838f04b93ffbed0d7d3b597beaa534c':
in amend, remove symlink targets before creating them
amend's symlink command isn't idempotent, so if you restart after the
symlinks have been completed then the second installation attempt will
fail. Work around this by deleting all symlink targets before
creating symlinks.
Bug: 2020011
Instead of storing the whole recovery image in system in order to
flash it on first boot, we instead use an imgdiff patch from the boot
image to create the recovery image. This is substantially smaller
since it effectively only stores the recovery binary and UI images
(the kernel and the init binary are identical to that of the boot
image).
This change modifies the OTA-building script to create and install
these patches, and changes the calculation of the system image size in
the Makefile to reflect the new scheme.
Make some changes needed to applypatch in order to store the recovery
image in the system partition as a binary patch relative to the boot
image:
- make applypatch use shared libraries, so it's smaller. It will
need to be on the main system so it can install the recovery
image. Make an applypatch_static binary for use in recovery
packages (still needed for updating cupcake devices to donut).
- output the results of patching to an in-memory buffer and write
that to the partition; there's no convenient /tmp for us to us.
(This should be basically a no-op in recovery, since /tmp is a
ramdisk anyway.)
Interpret a "*" in the "require version-bootloader" line as "don't
require any specific bootloader". Sholes OTAs include the bootloader
and the main system in the same package.
Merge commit '030614740c1a22e51c6513058852f9ab368fdf5d'
* commit '030614740c1a22e51c6513058852f9ab368fdf5d':
in auto mode, generate both edify and amend scripts for full OTAs
If we fail to load the device-specific releasetools module (ie, if -s
is specified but the file is missing), issue an error message but
continue without any device-specific code.
If the source target-files zip omits files needed to build the
recovery and/or boot images, leave them out instead of dying with an
error. This lets build like "generic-userdebug" work.
Merge commit '55766e47aaf4fe72a2b5cdd8aa60d14781c01e94'
* commit '55766e47aaf4fe72a2b5cdd8aa60d14781c01e94':
don't fail if no required bootloaders are defined
Generic targets don't have a list of defined bootloaders. Instead of
failing to build an OTA package, just omit the constraint.
Fix bad references to ExternalError.
Replace the installation of the "radio image", which is an
HTC-specific notion, with calls to device-specific python modules that
can add whatever additional OTA script commands are necessary. Add
the -s flag to specify the location of the device-specific script
(replacing the unused -s flag in sign_target_files_apks).
Split the details of generating script syntax into a generator class:
one for amend (whose output should be equivalent to the current
output), and one for edify.
Fix 'otatools' build rule to build imgdiff.
The ota and img building scripts contained some hardcoded 'linux-x86'
paths. Remove and replace with a slightly redefined -p option.
Modify Makefile to pass correct -p when building.
Some devices define a BOARD_KERNEL_BASE argument which must be given
as an argument to mkbootimg when building a bootable image. Store the
value of this var (if any) in the target-files zip and use it when
building images.
Make the following things optional:
- kernel command lines for bootable images
- radio images
- bootloader assertions
These are not all (yet?) defined for some new devices.
In python 2.5 and earlier, ZipFile.writestr(filename, data) results in
the file being added to the archive with permissions 000. (See
http://svn.python.org/view?view=rev&revision=65235.) Work around this
by creating a ZipInfo object and setting the permissions explicitly.
Modify applypatch to be able to write MTD partitions as well as read
them. Make applypatch save a backup copy of the contents of an MTD
partition it reads in cache, to be used in case an update is
interrupted while writing back to MTD. Modify OTA package creation
script to send boot image updates in patch form.
Allow an MTD partition so serve as a source "file" in applypatch,
using a magically-formatted 'filename' that specifies the partition
name, size of data to read, and expected hash. Build incremental OTAs
that update the recovery image via a patch.
Use minigzip (from the zlib distribution, built in the android tree)
to compress images rather than the system install of gzip. This will
let us send useful patches for images since we can make zlib available
in the applypatch program.
Allow the user to set ANDROID_PW_FILE to the name of a file for
storing password keys. When the tools need additional passwords, they
will rewrite this file and invoke the user's editor for the new
passwords to be added. This allows passwords to be reused across
invocations of the signing tools, without making the user reenter them
every time.
Paranoid users can use a file stored in a ramdisk, or not use this
feature at all (the code will prompt for passwords in the ordinary way
when ANDROID_PW_FILE is not set).
All APKs that want to share a given user id must be signed with the
same key. Look inside each APK for what (if any) shared user id it
requests, and error out if any with the same shared user are being
signed with different keys.
Allow applypatch to use different filenames for the source and target.
(Using the same filename is still fine; in fact the target filename
can be specified as "-" to mean "same as the source file.) This will
allow us to still use diffs in the case of files being renamed, and
will allow us to use diffs for the boot and recovery images.
To support devphone and holiday builds we need more control over the
build fingerprint tags; generalize the -t option so we can arbitrarily
add and remove tags.
Adds the -t option to sign_target_files_apks, which lets the user
specify extra tags that should be added to the build fingerprint
during the signing process.
through the key map. Clarify the help for the -e option to
make clear this should happen.
(This change doesn't affect device code.)
Original author: dougz
Merged from: //branches/cupcake/...
Automated import of CL 146194
The build system now (in donut) produces builds that use the testkey
cert for OTA package verification. Change the app-signing script to
also optionally substitute the "real" cert in both the recovery and
system images. Also fix bug where the build fingerprint and
description were not getting properly updated in the recovery
partition.
building images & OTA packages out of vendor/google.
No device code is touched by this change.
Original author: dougz
Merged from: //branches/cupcake/...
Automated import of CL 144270
