This will only be used when the block file format is at least
version 3. For V1/V2 (L, L MR1) block versions, fall back to
the old range_sha1 check.
Bug: 19357591
Change-Id: I7cb178b70d48ec3c98cdb88ed1c94cf7797a01d0
Python 2.7's zipfile implementation wrongly thinks that zip64 is
required for files larger than 2GiB. We can work around this by
adjusting their limit. Note that `zipfile.writestr()` will not work
for strings larger than 2GiB. The Python interpreter sometimes rejects
strings that large (though it isn't clear to me exactly what
circumstances cause this). `zipfile.write()` must be used directly to
work around this.
This mess can be avoided if we port to python3.
Bug: 18015246
Change-Id: I8a476d99c5efdef6ea408373b706e9fbd3a798be
Add source and target block hashes as parameters to transfer list
commands that copy or patch data to a partition. This allows the
updater to verify the status of each command in the transfer list
and makes resuming block based OTAs possible. Due to the changes,
update the transfer list version to 3.
Needs matching changes from
I1e752464134aeb2d396946348e6041acabe13942
Bug: 18262110
Change-Id: Ia5c56379f570047f10f0aa7373a1025439495c98
When building images set the mount point (data,cache,system) as the
filesystem label on the generated image. This is required for the
Android Emulator.
IMPORTANT: This depends on the following patch to system/extras/:
https://android-review.googlesource.com/#/c/120047/
which has already been submitted to AOSP and merged into the
internal tree.
Change-Id: Iaeb45462570c26d37980f1cc5d8a1b929e476c89
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Allow a simple mechanism to call tune2fs to modify an existing
partition without reformatting.
Bug: 18430740
Change-Id: I9210355b6bfec74d002d1f40b930330740f379a5
A device can set up BOARD_SYSTEMIMAGE_JOURNAL_SIZE (number of journal blocks)
in its BoardConfig.mk.
To disable journaling, set "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0".
BOARD_VENDORIMAGE_JOURNAL_SIZE and BOARD_OEMIMAGE_JOURNAL_SIZE work in
similar way.
Bug: 18430740
(cherry picked from commit f3b86357e2)
Change-Id: Icc6c7e1b3be25b8e21b6a737492d944428e4a35a
A device can set up BOARD_SYSTEMIMAGE_JOURNAL_SIZE (number of journal blocks)
in its BoardConfig.mk.
To disable journaling, set "BOARD_SYSTEMIMAGE_JOURNAL_SIZE := 0".
BOARD_VENDORIMAGE_JOURNAL_SIZE and BOARD_OEMIMAGE_JOURNAL_SIZE work in
similar way.
Bug: 18430740
Change-Id: I0594814fe19ffc54dff41ec2464e2e3a802b9419
There may be cases where various partitions were
modified (such as extra signing of boot/recovery)
which require the system partition to be regenerated
with a new recovery patch script. Allow a request
for the recovery patch to be rebuilt, and for
missing images to be readded to the existing images.
Change-Id: Ie93c5bc1161a0d5002002dca23e07742ce2ba468
Change boot, recovery, and verity metadata signing keys to use the
same PKCS8 / X.509 PEM format as the other signing keys, and update
build scripts to use correct arguments for the updated signing
tools.
Bug: 15984840
Bug: 18120110
Change-Id: I23ed5a004ecdad6cf7696487935ad5031eb8adf8
(cherry picked from commit 72d90eb189)
When rebuilding recovery, the boot images created for patching
purposes still were being signed with the old verity key and
not the new one specified on the command line.
In addition, the replacement verity public key in the boot ramdisk
wasn't being used.
Change-Id: I451e17d1cf08c507580c4b58134c1069532740e8
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This will allow safer mount options to be added per mount FS
type, to better ensure data is written during an OTA.
Bug: 18079773, 18092222
Change-Id: I1e3e4fd4639c6fd263e550b770cc3c858ef1e03b
The if statements appear to check for public_signing
and then calls the private_signing function, and vice
versa.
Change-Id: I4511b9bcf0e03b9ba49b69eb80db84cf31d77020
The erase command we insert at the top for full OTAs was getting
inserted in the wrong place for version 2.
Change-Id: I9caf03a40efbdba79f3428f73e50d4319d9ba371
Generate version 2 of the block_image_update transfer list format.
This improves patch size by a different strategy for dealing with
out-of-order transfers. If transfer A must be done before transfer B
due to B overwriting A's source but we want to do B before A, we
resolve the conflict by:
- before B is executed, we save ("stash") the overlapping region (ie
the blocks B will overwrite that A wants to read)
- when A is executed, it will read those parts of source data from
the stash rather than from the image.
This reverses the ordering constraint; with these additions now B
*must* go before A. The implementation of the stash is left up to the
code that executes the transfer list to apply the patch; it could hold
stashed data in RAM or on a scratch disk such as /cache, if available.
The code retains the ability to build a version 1 block image patch;
it's needed for processing older target-files.
Change-Id: Ia9aa0bd45d5dc3ef7c5835e483b1b2ead10135fe
There may be cases where there is an OEM partition
but it has no effect on the OTA itself. In these
cases, ignore an empty value from the misc_info.txt
Change-Id: I5f467e873030765af12810a07ddd5f302ca8cc0b
When generating incrementals for the system and vendor partitions,
check the first block (which contains the superblock) of the partition
to see if it's what we expect. If this check fails, give an explicit
log message about the partition having been remounted R/W (the most
likely explanation) and the need to flash to get OTAs working again.
Bug: 17393999
Change-Id: Ifd2132b428dbc4907527291712690204a3664ac0
Move BlockDifference into common and make its script generation code
more complete, so that it can be use by releasetools.py to do diffs on
baseband images.
Bug: 16984795
Change-Id: Iba9afc1c7755458ce47468b5170672612b2cb4b3
Replace the xdelta/xz-based block OTA generation with a new system
based on the existing bsdiff/imgdiff tools.
Bug: 16984795
Change-Id: Ia9732516ffdfc12be86260b2cc4b1dd2d210e886
Now that we're building and saving images in the target_files at build
time, we should use those images instead of rebuilding them.
Bug: 17201052
Change-Id: I459e650f66f1e0bdf01ad54df9e34f36bf2ee899
This ensures that when the verity key is rotated to a release key
both the boot and recovery images will be correctly signed. It does
mean that they will both be signed with the same key for now, but
as that doesn't change the threat model separating them is just a
distant nice-to-have.
Bug: 15725238
Change-Id: I5b75e4346fe0655065643ab553431690cc1a8cb0
The AOSP bootimage format allows the use of a second stage image
however the BuildBootableImage function does not allows the "second"
optional argument. This patch adds the support of this argument.
Bug: 17035158
Change-Id: I8ed9d9e56449945c2d42fc908269921c394f68c0
Signed-off-by: Benoit Fradin <benoit.fradin@intel.com>
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Signed-off-by: Patrick Tjin <pattjin@google.com>
make_ext4fs can now output a file listing the blocks used for each
file in the image. Request this file and save it in the target_files;
it will be used for future improvements to block OTAs.
Bug: 16984795
Change-Id: Id1e60465e3b5a9d126a7934b4d089cf34d8fec44
When making bsdiff/imgdiff patches, give up after 5 minutes. (On
certain large files it can take hours to build a patch, if it ever
even completes.)
Change-Id: I123c06f8194f85f6f4e640f7eb31c7746f76ba4d
Block incremental OTA generation can currently fail on some
target-files pairs. Fall back to generating a full OTA so that the
script succeeds rather than failing.
Change-Id: Ide70395d1f3759aa2076bd173836f6a5e5b397c0
Store sparse images in the target-files, and use those (when they're
available) for building block OTAs.
- New script add_img_to_target_files is added to make the images and
add them to the IMAGES/ subdir in the target-files. It gets run
from the Makefile when building a target-files.
- img_from_target_files becomes mostly vestigial: it creates the
img.zip by just copying the images out of the target-files. (It
still knows how to build images for use on older target-files.)
- ota_from_target_files uses images from the target-files in
preference to rebuilding images from the source files.
- sign_apk_target_files builds images and includes them in its output
target files (even if the input target-files didn't have them).
Bug: 16488065
Change-Id: I444e0d722d636978209467ffc01750a585c6db75
In the past, there was an exception for ext-base fs types to
deal with the lack of image size.
Back then it was only yaffs and ext*.
So now we explicitely only allow yaffs to have no userdata image size.
Change-Id: Ie354ee6222a58228dbcce2c6934971a0737422af
Signed-off-by: JP Abgrall <jpa@google.com>
- Support TARGET_USERIMAGES_USE_F2FS.
- Support BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE.
- Support "userdata_fs_type" in the prop dict.
- Update build_image to recognize f2fs and call the correct command.
Change-Id: If31cc8bd235f93a4c7814fab36e6e2d13d3037ad
Signed-off-by: JP Abgrall <jpa@google.com>
Make vendor partition a first-class member of the OTA system (for
target_files that contain a VENDOR/ subdirectory).
Build vendor images in a way that is compatible with block-based OTA.
Support updating the vendor partition in both full and incremental,
block and file OTAs. In most cases this is handled by refactoring the
existing code to handle the system partition to handle either, and
then calling it twice.
Currently we don't support incremental OTAs from a target-files
without a VENDOR subdirectory to one with one, or vice versa. To add
or remove a vendor partition a full OTA will need to be done.
Bug: 15544685
Change-Id: I9cb9a1267060bd9683a9bea19b43a26b5a43800d
When building images, we want to use the file_contexts and fs_config
data contained in the target_files zip, rather than whatever happens
to be in the current client.
Change-Id: I13df2405898039f5a9b4bb4837147e76b31b068a
Read and write the same file when testing block patches, which can
turn up errors that don't show up otherwise. (And will appear on the
device.)
Change-Id: Ic9b8d93ec980d13163b135f619af589f41433d7f
Emit script commands to produce a more accurate progress bar (for full
block OTAs) and a working progress bar (for incremental block OTAs) --
ones that are driven by the progress callback from the thing actually
writing the system image.
Change-Id: Ifca10be68cfdaab7135d23515bd0ae5be2f98a16
img_from_target_files.py just skips the boot.img and recovery.img since
there is no kernel or recovery.fstab for emulator.
Bug: 15383279
Change-Id: I4035193e6ab933194ff1417dfae4eab963fe5301
img_from_target_files.py just skipps the boot.img and recovery.img since
there is no kernel or recovery.fstab for emulator.
Bug: 15383279
Change-Id: I4035193e6ab933194ff1417dfae4eab963fe5301
Prior to this change salts were randomly generated, causing OTAs
to fail when they tried to check whether the system they were
installing on was binary identical to the source from which they
were generated.
Bug: 15018770
Change-Id: I86fffe2264a0c263aaf47112fb82fa71240e3403
NamedTemporaryFile's aggressive caching behavior can cause an issue
where changes made by another process aren't visible even after the
fseek() below or a flush(). To avoid this, simply open the file
again and read from the fresh version.
This fixes an issue where verity metadata written by append2simg
doesn't become visible to img_from_target_files.
Change-Id: I291fb3a95d5b532218ac6205ecc9e9b4f3a36bd4
Without this, system images will be built that do not contain the
necessary bits for verification.
Change-Id: I87c15282b26377d7a2a1540e3d0e30b0299622e3
If you had a target_files without a recovery patch and specified
--block (which should have no effect without a patch), it would have
omitted some necessary commands from the OTA script.
Change-Id: I96e79cd561ebf09cfe53792d1cc558cc71479869
Block OTAs don't have the system partition mounted and so can't use
file_getprop on the system partition. Make assertions look at the
recovery system finger/thumbprints, which should be the same as the
ones on the system partition (even for sprout devices).
Change-Id: Ie5d329d13beab4b428e37f75da9b9e1b8ceb35bc
Without this, system images will be built that do not contain the
necessary bits for verification.
Change-Id: Icaa636085dbfd386424c90dfbe404c5960df0fe4
A separate OEM file must be specified to provide the expected
values for these properties. The list of properties comes from
the "oem_fingerprint_properties" list in misc_info.txt
Bug: b/13367676
Change-Id: I1a3eaf108492132cf6f595a5d1c9f7e0c3cb3142
The C++ version avoids the need to unsparse the image to generate
the verity image, and is much faster for images with large regions
of don't care (treated as zeroes).
Change-Id: I8396b08a5fdb93f27d8c71c9c1ac23cb75cf1f7f
To build oem.img:
- You must define BOARD_OEMIMAGE_PARTITION_SIZE in your BoardConfig.mk
- The file system type will be the same as system.img and userdata.img.
- To install a module to oem.img, use "LOCAL_OEM_MODULE := true"
- run "make -j48 showcommands oem_image dist". By default it's not
built.
Bug: 13367676
Change-Id: I1a26d4d0c61b72ecffe60279667b1b3de050780d
Now that OTA packages can be downloaded to /data, if they include a
data wipe we should do that last.
Change-Id: I75102fb2ff85d0f0110d55dfca06ec5f38104850
After building a patch for the system image (for incremental block
OTAs), apply it to a local copy of the file and test that it succeeds.
This is an imperfect test as it's using the local client's
syspatch_host, which may differ from the syspatch library actually
used in the target build, but it's somewhat better than nothing.
Change-Id: Ic0001b0145881e2ebd4b5b36ce9b5bcebd76deb4
The system partitions has regions that we shouldn't write and can't
depend on the contents of. Adds a new script to generate a map of
these regions (using the sparse image as input), and include the map
in the package zip so it can be used when writing or patching the
system partition.
Also fixes a bug where the wrong SELinux file contexts are used when
generating incrementals.
Change-Id: Iaca5b967a3b7d1df843c7c21becc19b3f1633dad
Add the --block flag to this script to control whether block-based OTA
packages are generated (defaults to off). Make the full OTA package
produced by "make otapackage" continue to produce a block-based OTA.
Also fix a problem where block incremental OTAs didn't ever succeed,
and the --no_signing option never worked.
Change-Id: I610d0b4abed4b8b65fbe8ce0abaeec6cf52e14a1
These scripts already use some post-2.4 features, so let's make it
official: Python 2.7 is needed to run them.
Change-Id: I256e9ed99b0b62abe4e22a7b1f811acb7419e88e
The target_files zip should now contain the recovery-from-boot patch
and the script to install it. This means that sign_target_files_apks,
which generates a signed target_files from an unsigned target_files,
now needs to recompute the patch and script (taking into account the
key replacement, property changes, etc., that it does) so its output
contains the correct patch.
Change-Id: I18afd73864ba5c480b7ec11de19d1f5e7763a8c0
Instead of writing individual files and fixing up their metadata, make
full OTAs contain a system image and simply write it to the block
device.
This is only done for target-files that already contain the recovery
flashing information, older target-files still get a file-based full
OTA.
Bug: 12893978
Change-Id: If7586083c8f275e24fec49d260af5b5aff4a0a88
Currently, the "img" zip files generated by the build system lack the
script and data needed to rewrite the recovery partition, while the
"ota" zip files do (when installed).
In order to move towards block-based OTAs, we want the result of
flashing an image and the result of installing the corresponding OTA
package to be identical.
Generate the recovery-from-boot patch and install script as part of
the process of building the target-files. This requires breaking the
code to generate that out of ota_from_target_files into its own tool
that we can run from the Makefile. (ota_from_target_files can still
do this, so it continues to work with older target-files.)
Bug: 12893978
Change-Id: I80e62268840780b81216e548be89b47baf81b4ac
If the target_files zip for the target build contains a
META/releasetools.py (which it has since Nov 2013), prefer that over
using a releasetools.py from the local client.
Explicitly specifying the device-specific extensions path via
command-line options takes priority over both of the above mechanisms.
Change-Id: Ia068b0e2e06ede7da89ebe4315cdec592eb8995e
Sometimes it is useful to be able to tell ota_from_target_files
to not sign the output zip file. For instance, the private
release key may not be available when ota_from_target_files
is executed; similarly the release tools may not be available
or executable where the private key is stored.
This change adds an option, '--no_signing', to simply output the
unsigned OTA zip file, instead of spuriously signing it with the
test key even though the zip file would need to be re-signed later
with a different key.
Change-Id: I1f3c4dc8ffa35ce85478f848b147aff3d40fe283
In eng builds, ro.display.id has many space separated items and was
resulting in an error when trying to rewrite it as 'value' gets
turned into a list and never converted back to a string.
Change-Id: I6c8633ed2eb52c56a4097992a32d53d80df4f844
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This would cause an existing sparse image to be reused by a
subsequent build, leading to verity failures.
Change-Id: I2082df3dfba014515c9267e02189fe9987a56830
Pass the -T option to mkuserimg.sh to set all timestamps in the system
image (and any other ext4 image we build) to the value of
ro.build.date.utc for the build. This makes images produced from a
given target_files bit-identical.
Change-Id: Ibba5fa7a610f476209ef61708729cfd79dece0b6
When run with the -2 option, ota_from_target_files will generate a
package (full or incremental) that does some extra reboots in order to
install the new recovery first, so that the rest of the installation
is done with the new recovery. This can be useful if (say) the
package installation needs some features from the newer kernel.
For incremental packages, the verification phase is still done with
the old recovery.
This is only supported on devices where the misc partition is EMMC
(not MTD).
Two-step packages are slower to install and possibly confusing to
users (they will see their device reboot four times instead of twice),
so only use this option if necessary.
Change-Id: I3267d905e5e8eb1a1eb61bf48255b8b24ffc4ad1
* commit 'c3644114805150eef2f5035085878e5f860c7436':
Revert "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add."
* commit '8ea83e902d931591af37e747763e768e7a6990be':
Revert "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add."
Revert "Waiting till post MR0 - this impacts signing tools for MR0."
This reverts commit a7b5c4a7dc.
Bug: 11334314
Change-Id: I89f8996161e4258b80bf2d0bc7817f0e8e32df13
* commit '3b44339d6a443fde57db4ae84a7e46823da6d162':
Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add.
* commit '37335b42385970d957d48056145a3d4c4dbc6087':
Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add.
Added support to perform a string replace of specified
dev keys with release keys when using the release tool
scripts.
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
(cherry picked from commit 817c574d75)
Change-Id: I51be8d62945436d3f374f51867295c5b792d4b53
Bug: 11334314
Update the OTA generation script to understand SELinux file
labels and file capabilities.
Make fs_config aware of SELinux labels and file capabilities, and
optionally output those elements whenever we output the
UID / GID / file perms. The information is emitted as a key=value pair
to allow for future extensibility.
Pass the SELinux file label and capabilities to the newly created
set_metadata() and set_metadata_recursive() calls. When the OTA
script fixes up filesystem permissions, it will also fix up the SELinux
labels and file capabilities.
If no SELinux label and capabilities are available for the file, use
the old set_perm and set_perm_recursive calls.
Bug: 8985290
Bug: 10183961
Bug: 10186213
Change-Id: I4fcfb2c234dbfb965cee9e62f060092a4274d22d
The existing logic in common.py breaks string arguments incorrectly:
e.g. --para1 val1 --para2 "val2 is a string" will be output as:
'--para', 'val1, '--para2', 'val2' 'is' 'a' 'string'
This will cause mkbootimg command fails due to the invalid arguments
generated from the wrong parsing.
The patch fixes this issue to get:
'--para', 'val1, '--para2', 'val2 is a string'
Change-Id: Ia34ec357550f11ae9d6adc719d86a0c6a9099fbc
Signed-off-by: Jianxun Zhang <jianxun.zhang@intel.com>
Support using custom mkbootimg to allow boards to specify custom
boot image formats. Also export this as the environment variable
MKBOOTIMG to the *_from_target_files releasetools scripts.
Change-Id: I2084273b1175de097fb7da5c4f2264ea8014d74f
Signed-off-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Added support to perform a string replace of specified
dev keys with release keys when using the release tool
scripts.
Change-Id: Id0e945b0d62720c41f5ca9764a00de4bcdecaab4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Add "dev-keys" or "test-keys" to the value of ro.build.display.id for
user builds. (This is the property that is displayed under "Build
number" in the Settings UI.) Modify the signing script to remove the
keys tag from this value when signing.
Change-Id: I3d9d92056f8567d7f84b1be047619be7c6e4c419
Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
(cherry picked from commit a28acc6972)
Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
Replace OTA script constructs of the form:
assert(foo);
with
foo || abort("sensible message");
so that the log and the on-screen display is somewhat more accessible
to non-experts. (assert() displays the source code of the false
expression 'foo'.)
Change-Id: Ic99448e4466561d305b167cd4d5c1f0f2dbadcce
When not building locally and just using a target-files.zip from some
other build, it still tries to access the file_contexts from the out/
directory. This change instead looks at the unzipped target-files.zip
hierarchy to grab that information.
Bug: 9191141
Change-Id: I6ea12e82d6c6376fcada412314c5eefc97ff4853
With this change, e2fsck is run only when you build the update.zip file,
which is built when "dist" is among the make command.
Bug: 7591683
Change-Id: I446b71d5aa9295aff3af622f115175f769746615
At this point, userdata_size has been converted to partition_size in
build_image.ImagePropFromGlobalDict().
Change-Id: Ida6be1905ca3109c2660274a16359a9f3fbcd94d
When /system/etc/recovery-resource.dat is available, use it to
construct the recovery-from-boot patch.
Change-Id: I1575f7d284711323186ca6823842eb2a866fd890
Arrange to take $(BOARD_MKBOOTIMG_ARGS) and pass it to all invocations
of mkbootimg from within make, and to store it in the target_files so
it can be used by future invocations of img_from_target_files and
ota_from_target_files.
Bug: 6918260
Change-Id: I7130ac52e96bd51d4d8b80ca036635e1626f01f1
When building a bootable image with mkbootfs, use the set of file
metadata that's stored in the target_files zip (when available),
rather than whatever is built into the mkbootfs binary at the time the
image is built.
Bug: 6435132
Change-Id: If6c59149bdbcc9a67e5ab9161398f355bd1f511d
Pass the file_contexts configuration to the releasetools scripts
so that the security contexts of files can be properly set for OTA
and update packages.
Requires Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
Change-Id: I5a63fd61a7e74d386d0803946d06bcf2fa8a857e
A block of code that should be evaluated for all
image types was instead only being run for yaffs
partitions.
Change-Id: I83ccbd7fa3c1bc02b9bba0832701ecc258e40a7d
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Checksum the entire recovery partition at boot time to see if we need
to rewrite it, rather than just the first 2kb.
Bug: 5668350
Change-Id: I777754f92e8da630ae3c09bb0d4c41884ff62f39
Checksum the entire recovery partition at boot time to see if we need
to rewrite it, rather than just the first 2kb.
Bug: 5668350
Change-Id: I777754f92e8da630ae3c09bb0d4c41884ff62f39
Bug: 5153694
To build cache.img, set BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE (required,
ext4 only for now), BOARD_CACHEIMAGE_PARTITION_SIZE (optional) in
BoardConfig.mk.
Change-Id: I1d8b91646aa1dba88285e008ad3335768bcbddd2
Bug: 5398808
Before this change we have duplicate code in the Makefile and the
python-based releasetool. That's a real headache to maintain.
Change-Id: I8ddf04a79c6886540e89d990f723d8f77c9dd883
The signing and OTA-building tools now understand the
default_sys_dev_certificate value which may be present in the
META/misc_info.txt file of the target-files packages.
Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
The Package Manager handles this now. To share a UID, all packages
must be signed with exactly the same set of certs.
Change-Id: I2fd08923f55f02ae2f1d503266ab124be2472921
Works around a problem observed on a retail device: incremental update
from build 1 to build 2 partially completed, leaving a mix of files
from the two builds. (Why it booted into the regular system instead
of recovery to restart update installation is still a mystery.)
build.prop was one of the files updated, so the device reported itself
as having build 2. The device hobbled along for months in this state,
until build 3 was released and the 2-to-3 incremental package
repeatedly failed (because some of the files it was trying to patch
were build 1).
This change makes updating build.prop the very last thing does by an
incremental update script, so if installation is aborted and the
regular system starts (and works at all), it will continue reporting
itself as build 1 and be sent the 1-to-2 OTA package again.
Change-Id: I1edc1dcef2bd2495b6fd96517c2f4c574b994f27
Nothing calls this, and the updater function it calls no longer
exists. The HTC-device-specific thing it used to do was moved to HTC
extension libraries.
Change-Id: I2252adf44ea0c5beb6e9379215d7337880f66f68
Gmake in Darwin has file descriptor leak.
In a full build, ota_from_target_files will inherits
more than 2000 open PIPEs from gmake and fails in a call to select.select().
This change fixes the build by closing the PIPEs before doing real work.
Change-Id: Ie7035d7add0b1da3afb6bf9c2009d40f8c7d29b3
Specifying one or more key files (without .x509.pem extension) as
TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable
keys for recovery packages. They are *not* included in otacerts.zip,
so actual downloaded over-the-air packages can't use them, but they
can be used to sign sideload-only packages.
Bug: 3413359
Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776
img_from_target_files now, with the -z flag, will produce an output
zip with only the bootable partitions (boot and recovery).
img_ and ota_from_target_files can take, instead of a simple
"target_files.zip", a name of the form
"target_files.zip+bootable_images.zip", where the second zip contains
bootable images that should be used instead of building them from the
target_files.zip. (This should be the zip produced by the above -z
flag, perhaps with the images messed with in some way, such as by an
unnamed OEM's extra signature wrapper for their "secure boot"
process.)
Bug: 3391371
Change-Id: Iaf96dfc8f30e806ae342dcf3241566e76ae372d4
If making /data and it's an EMMC interface, reserve the last 16 Kbytes
of the partition for the crypto footer.
Change-Id: Ia2c0bb53a545f074e79fc9d6ac04faee75fb9be4
Gmake in Darwin has file descriptor leak.
In a full build, ota_from_target_files will inherits
more than 2000 open PIPEs from gmake and fails in a call to select.select().
This change fixes the build by closing the PIPEs before doing real work.
Change-Id: Ife021382198642a97bbbf0b623e4f24f3d86b2b2
Merge commit '8317e66433903badaec8ebd2b9ec2b8153f3d612'
* commit '8317e66433903badaec8ebd2b9ec2b8153f3d612':
make info_dict and GetTypeAndDevice available to device extensions
Make recovery image depend on the fstab file so it gets rebuilt when
fstab changes. Add support for "emmc" fstab partition type to
edify_generator.
Change-Id: Ic5df4e86c24321bf7d82a644e3e4770352e4f64b
Include the recovery.fstab file in the recovery image. Remove the
global fs_type and partition_type values from the target-files
key/value dict, and parse the recovery.fstab file instead to find
types for each partition.
(Cherrypicked from gingerbread w/some edits to resolve conflicts.)
Change-Id: Ic3ed85ac5672d8fe20280dacf43d5b82053311bb
Include the recovery.fstab file in the recovery image. Remove the
global fs_type and partition_type values from the target-files
key/value dict, and parse the recovery.fstab file instead to find
types for each partition.
Change-Id: I35ee2dd0989441dc2a704b63c1b32e598049acb5
Instead of separate files for recovery api version, tool extensions,
and mkyaffs2 options, put those all in the generic key-value file.
Change-Id: Ib642311632844d52e4895fd4747093fc7e86232d
Do the yaffs-specific adjustments to image sizes in common.CheckSize,
instead of baking it into the image size stored in the target-files
package. Remove the special fs_type flag and fold it into the
"info_dict" we have for saving key-value pairs from the build system.
Change-Id: I6e63f3330f6277d9a946b22e66cadeb51203ba14
Move the image sizes into a more generic key-value file. Make them
optional. Add additional key/value pairs describing what kind of
filesystem the device uses. Pass new fs-type-related arguments in
edify scripts when mounting and reformatting partitions.
Don't include all the init.*.rc files from the regular system in
recovery -- they aren't needed, and break recovery on some devices.
Change-Id: Ic1c651f754ed00ba1cffe8cf56c43f7f3b0ebfd7
This makes them accessible from device-specific extensions (so they
can be used to send radio images as binary patches, for instance).
Change-Id: I2f2174b93b4265abf9400f9e5a0982caca0771e9
Merge commit '9314823c06d4434bf18d589c2fdea490428becf8'
* commit '9314823c06d4434bf18d589c2fdea490428becf8':
return to using subprocess for running commands
Reverts Ic4f1c747 and fixes the problem by splitting the extra_flags
argument (it wasn't working before because it was getting one argument
"-c 4096 -s 128" instead of four arguments "-c", "4096", "-s", "128"
and mkyaffs2image apparently just ignores that bogus argument?)
Change-Id: Ib1e08d634aa68bfab0f7e09680d407f2cee0797d
Remove the remaining (unused and untested) support for generating
amend scripts. This means that you won't be able to OTA directly from
cupcake to gingerbread.
Change-Id: Iaf5295db92a42b336960d05295f48b67cb729337
