It replaces the package verification key (change of path due to
system_root_image flag), as well as the payload verification key.
Bug: 29397395
Change-Id: I10435072aaf4356f2d8b5e1b6e82eb9cead7ad62
(cherry picked from commit 24a7206430)
This should make it easier to add parameters/options without breaking
existing clients.
Bug: 27461702
Change-Id: Ia4577f78d703a6b91828dd08492c78d5e9afb110
This surfaces relevant NoSuchAlgorithmExceptions to the caller instead
of rethrowing as other exception types. Some setups need to be able to
distringuish issues due to their own misconfiguration
(required crypto algorithm mising -- NoSuchAlgorithmException) from
issues with the APK being signed or verified.
Bug: 27461702
Change-Id: I993f73edb29b2cd4cc485734a89a924ec357ef19
This enables verification of APKs which are served to a specific
range of Android platform versions, or to replicate behavior of
particular platform versions.
Bug: 27461702
Change-Id: I44ab4c99419eb97d72c4ccd109137fe1efda577d
There's only a single library, libhost, and it's only used by acp and
atree in build/tools, move it there.
Bug: 28001743
Change-Id: Ie404d2793710de4e265a6fa95d462c32d4042623
This addresses the TODO to mimic the behavior of Android when
verifying APK JAR signatures. Unfortunately, the behavior of Android
kept changing in interesting ways between different platform versions.
This is hard-coded as a big lookup.
Bug: 27461702
Change-Id: I49bc181ee05f774ef8ee041af870385b35212c23
update_engine now accepts POWERWASH=1 to schedule a factory reset in
the post-install phase. Hook up with the --wipe_user_data flag in the
OTA script.
Bug: 28700985
Change-Id: Ie73876a61db90d124d2af588d674757376e9aabc
(cherry picked from commit 38ca0be399)
Instead of specifying character encoding by name, the faster, cleaner,
and safer way is to use StandardCharsets.UTF_8.
Bug: 27461702
Change-Id: I897284d3ceeb44a21cc74de09a9b25f6aec8c205
For acp, we've been using an old prebuilt in prebuilts/sdk, but it's not
part of the SDK. Instead, we'll use a prebuilt in the build-tools
repository.
For ijar, we've been using the host libstdc++ to workaround the lack of
libc++ on some unbundled branches. Instead, use a prebuilt that can use
libc++.
For ziptime, we've been disabling it on unbundled branches, due to the
lack of libc++. Instead, use a prebuilt version of ziptime that can use
the prebuilt libc++.
Change-Id: If80f845ea06f76e3fe6765964e77c864eaf303d0
This switches PKCS#7 SignedData generation code from Bouncy Castle to
OpenJDK's proprietary internal API. This is to avoid depending on a
huge library that's not really needed. In the longer term, it's best
to add our own implementation of PKCS#7 SignedData building, parsing,
and verification. This will give the code more power to mimic what the
Android platform does.
Bug: 27461702
Change-Id: I29f1ceea1293e35424fde69c0f2969d551345100
This replaces the less general DataSink which outputs into a
ByteArrayOutputStream with a more general DataSink which outputs into
an OutputStream.
Bug: 27461702
Change-Id: I9467f38c41f586b71f35edb3602fd6e57153184f
26f00cda4b introduced a bug where an
APK entry's extra field is padded for alignment purposes when no
padding is necessary because the entry is aligned without any padding
bytes.
Bug: 27461702
Change-Id: Icb164dbaa26d9686412e2920318a9f40c5ce9751
This patch uses subprocess.communicate instead of subprocess.wait to
prevent deadlock if any of the child processes outputs too much data,
and redirects the subprocess output to stdout when running in verbose
mode.
With this patch `ota_from_target_files -v` prints the delta_generator
output in stdout, and no output if '-v' is not passed.
Bug: None
TEST=ota_from_target_files -v ...
Change-Id: Id66e4f3360a6f91d61a3ce96d53afbccdaa19da5
This adds the ApkVerifier class which verifies APKs using APK
Signature Scheme v2 only. In a follow-up commit this class will be
extended to verify APKs using JAR signature scheme when necessary.
The APK verifier is designed to not just verify an APK, but also
report errors, warnings, and information about signers in a structured
way, to enable tools to surface this information to users in various
ways.
Bug: 27461702
Change-Id: I10c6ba436021d86b6dbf6d3cf44494652adacb66
This modifies JAR signing code to produce DSA signatures which are
accepted by all Android platforms rather than only API Level 9 and
higher.
The issue is that by default Bouncy Castle uses OID 1.2.840.10040.4.3
(dsaWithSha1) in PKCS #7 CMS SignerInfo whereas Android accepts that
only since API Level 9. However, OID 1.2.840.10040.4.1 (dsa) is
accepted by all Android platforms.
Bug: 27461702
Change-Id: I24256a255bcdc2108bdb447557af7568a2c096e3
In preparation for including them in prebuilts/build-tools.
acp: We use a prebuilt in prebuilts/sdk, but it's not part of the sdk.
ijar: We use the host libstdc++ to workaround the lack of libc++ on
some unbundled branches.
ziptime: We disable this on unbundled builds, due to the lack of libc++.
Change-Id: Ib9766b1dbddd151c38ff27c529865200ab37fce1
This adds getByteBuffer and copyTo methods to the DataSource
abstraction. These methods enable the client to avoid unnecessary
copying of the data source's data.
Bug: 27461702
Change-Id: If4e9f902ea75c1ca5c7be0e20c0e7218faf9c504
findleaves.py needs to be able to search multiple directories for
multiple filenames (Android.bp and Android.mk). Add support for a new
--dir= option to specify one or more directories to search, and then
treat any remaining options as filenames. If no directories are
specified, fall back to treating only the last option as a filename and
the rest as directories.
Change-Id: Ie879facd49192c6b4fafae070ad00eb21b1faa32
This switches signapk's APK signing from its own signing logic to that
offered by apksigner-core library. OTA update package signing logic
remains inside signapk codebase.
Bug: 27461702
Change-Id: Ibf8435c555fe3f2b621d5189e7ae44f79082c810
1. This adds way to obtain a DataSource which represents a region of
data contained in the DataSource.
2. This fixes a design bug in "feed" method where the size parameter
was an int instead of long.
3. This fixes a bug in ByteBufferDataSource where its mSize field was
a long instead of an int (ByteBuffer's length cannot be more than
2^31).
Bug: 27461702
Change-Id: Ib0812784beb581f19d2412e667b8bd018f0a3c78
Data of uncompressed APK entries is often aligned to a multiple of 4
or 4096 in the APK to make it easier to mmap the data. Unfortunately,
the current method for achieving alignment suffers from two issues:
(1) the way it uses the Local File Header extra field is not compliant
with ZIP format (for example, this prevents older versions of Python's
zipfile from reading APKs: https://bugs.python.org/issue14315), and
(2) it does not store information about the alignment multiple in the
APK, making it harder/impossible to preserve the intended alignment
when rearranging entries in the APK.
This change solves these issues by switching to a different method for
aligning data of uncompressed APK entries. Same as before, alignment
is achieved using Local File Header entry field. What's different is
that alignment is achieved by placing a well-formed extensible data
field/block into the extra field. The new field/block contains the
alignment multiple (e.g., 4 or 4096) as well as the necessary padding
(if any). Compared to the original alignment method, the new method
uses 6 more bytes for each uncompressed entry.
Bug: 27461702
Change-Id: I8cffbecc50bf634b28fca5bc39eb23f671961cf9
This moves the creation of potentially expensive objects from the
thread which creates JAR entry inspection requests, to the thread
which fulfills these requests, increasig concurrency opportunities.
Bug: 27461702
Change-Id: If753b2de7fb04ee5e2e4bbcb27d42269d7fa5def
Use summary information from annotation within Error Prone to auto-generate
the warnings list.
Bug: 28681096
Change-Id: Ib3a5f734bd229726fcd7332eaa9e0e1bd1200c25
This removes the logic for JAR signing from -w (whole-file signing)
mode. This mode is designed specifically for OTA update packages. When
such packages are verified, their JAR signatures are ignored. Thus,
there is no need to JAR-sign in -w mode.
For context, OTA update packages are protected by a special signature
residing in the ZIP End of Central Directory record (at the very end
of the file). This is the signature verified when update packages are
being applied to Android.
Change-Id: Ia852a11ed6774ce746087cdd7f028b191ef6bc8b
