VNDK APEX replaces VNDK libs under /system/libs/vndk[-sp].
For current VNDK (vndk_package), com.android.vndk.current APEX is
installed instead of VNDK libraries.
For older versions of VNDK (vndk_snapshot_package),
com.android.vndk.v## APEXes are installed along with prebuilt VNDK libs.
The reason why phony targets of VNDK prebuilts are still installed is
that phony targets install the required *.libraries.##.txt files to
/system/etc.
After those .txt files are moved to APEXes, then we can remove those phony
targets.(b/141450808)
Bug: 141451661
Test: m && boot (tested with cuttlefish)
Change-Id: Ibfa06d42ec0081fa7010091ef097bb940bacf8d6
The signature size is needed during payload hashing and signing.
We used to sign the update_engine's payload with RSA keys only. In
this case, the signature size always equals the key size. But the
assumption is no longer true for EC keys, whose DER-encoded signature
size is a variant with a maximum size.
Therefore, we always give the maximum signature size to the delta
generator, who then add paddings to the real signature if necessary.
The maximum signature size is calculated by calling the delta_generator
with the new option '--calculate_signature_size'. For custom payload
signers, we also deprecate the '--payload_signer_key_size' and replace
it with '--payload_signer_maximum_signature_size'.
The EC key in the test is generated with:
The EC key in the unittest is generated with the command:
openssl ecparam -name prime256v1 -genkey -noout -out prime256v1-key.pem
openssl pkey -in prime256v1-key.pem -out testkey_EC.key
Bug: 141244025
Test: sign and verify a payload
Change-Id: Ife6e269d8aa3d870405aca20086330f1795e167f
This will let us quickly check the system image build type,
and modify *.rc behavior based on that.
Bug: 142430632
Test: adb shell getprop ro.sanitize.hwaddress in hwasan build
Change-Id: If2eb99dee93f0652cada5cb2e02fda963d00a7eb
We used to mimic the behavior of build system, to find the default
search path based on OUT_DIR_COMMON_BASE or OUT_DIR. These variables
should be internal to build system.
Since we've switched releasetools script to hermetic Python executables
(e.g. `m -j ota_from_target_files`, then run the binary at
`out/host/linux-x86/bin/ota_from_target_files`), we can set the search
path in relative to the path of the current executable.
Bug: 133126366
Test: TreeHugger
Test: 1. Build aosp_x86, by "lunch aosp_x86; m -j"
2. Inject errors to the executables under out/host/linux-x86/bin,
e.g. to `lpmake`.
3. Set up OUT_DIR (e.g., to /tmp/out) and build the same product
again by "export OUT_DIR=/tmp/out; lunch aosp_x86; m -j". Check
that the second run finishes successfully (with the binaries at
/tmp/out as opposed to out/; otherwise it would fail the build
due to the invalid binaries from step 2).
Test: lunch a target;
`atest --host releasetools_test releasetools_py3_test`
Change-Id: I366099c3dfd5fa4282745ef258a8cf35338e1e42
am: 13c9a00e30 -s ours
am skip reason: change_id I063f0430347d9f1e6ea5a8133204585833ed5ddc with SHA1 84633edb22 is in history
Change-Id: Ib4a6fa4e6cf666a4c88460a115483d231769d56e
am: 39124f2240 -s ours
am skip reason: change_id I063f0430347d9f1e6ea5a8133204585833ed5ddc with SHA1 84633edb22 is in history
Change-Id: I116f24077289c2251b30a158e50b62ebbbee8280
am: 51a7d20229 -s ours
am skip reason: change_id I063f0430347d9f1e6ea5a8133204585833ed5ddc with SHA1 84633edb22 is in history
Change-Id: Id2e7eaeb1ad6dd8ad7f9d5ebaf8d4e8f5c0511e0
am: 66ec993fe5 -s ours
am skip reason: change_id I063f0430347d9f1e6ea5a8133204585833ed5ddc with SHA1 84633edb22 is in history
Change-Id: I794691b6e2f321e6073be08803291871cd2c414c
required seems to conflict with apex with the following error:
build/make/core/main.mk:1338: warning: build/make/target/product/aosp_x86_64.mk produces files inside build/make/target/product/mainline_system.mks artifact path requirement.
Test: treehugger
Change-Id: Ifb1072b4585a94355909b33e3b8129455c35714a
Iae26e4676c29c68fa3f76187512c82786bfa0522 removed the definition
of ZIPALIGN_PAGE_ALIGN_FLAGS in favor of always using the -p flag,
but left accidentaly left one usage. Replace it with -p.
Bug: 141212627
Test: m checkbuild
Change-Id: Ica69d9195426f8f30039da211ed1a0ad5dffe8e8
For following cases:
Case 1: A/B devices: no change
Case 2: non-A/B devices, with unsigned recovery image:
not allowed anymore by mandating BOARD_AVB_RECOVERY_KEY_PATH
Case 3: non-A/B devices, with signed recovery image:
vbmeta.img should not include ChainPartitionDescriptor of recovery.img,
otherwise device can not even boot into normal mode if recovery partition
is damaged
This CL will cause a build break if BOARD_AVB_RECOVERY_KEY_PATH
is not set for non-A/B targets with recovery.img
The following is an example to fix the build break by specifying
AVB signing configs for the recovery.img.
BOARD_AVB_RECOVERY_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_RECOVERY_ALGORITHM := SHA256_RSA2048
BOARD_AVB_RECOVERY_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_AVB_RECOVERY_ROLLBACK_INDEX_LOCATION := 2
Also note that libavb in bootloader needs an update to include this
commit Iaa886037edb18c2ff6c60fa2a7f883ab7303ba1a, to support verifying
recovery.img independently (not through vbmeta.img).
Bug: 130351427
Test (Case 3):
normal mode: avb_slot_verify(flags=AVB_SLOT_VERIFY_FLAGS_NONE)
recovery mode: avb_slot_verify(flags=AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION)
Test: PYTHONPATH=build/make/tools/releasetools \
python -m unittest test_validate_target_files
Test: Use a lunch'd target. `atest --host releasetools_test releasetools_py3_test`
Test: validate_target_files.py with Case-3 target files
Change-Id: I2a73252b385fa463b4abd444923a8acc473df0b4
This allows querying per-partition fingerprint via libavb (in
particular, avb_property_lookup).
Bug: 80097573
Test: `m dist`; `avbtool info_image --image /path/to/image` to check the
written prop.
Test: `atest --host releasetools_test releasetools_py3_test`
Test: Run sign_target_files_apks to sign a target_files.zip that's built
with the change. Check the AVB prop in the signed images.
Change-Id: Id4f06df82c29e77aca128439c8c11f0367fe587e
