Replace java -> $(JAVA), etc. to prepare for moving java binaries
out of the path and using full paths to them.
Test: builds
Bug: 62956999
Change-Id: I5dfcd0d4e855ecde69cd127169e9545e59723d12
Adding option "--padding_size 4096" in BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS
instead of INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS. The former setting will
be propogated to `make dist` while the latter is only used for `make`.
Bug: 38454093
Test: `make dist` and check vbmeta.img is being padded.
Merged-In: I929288b218761a4637a2a2ef0679d3ff85c70731
Change-Id: I929288b218761a4637a2a2ef0679d3ff85c70731
(cherry picked from commit 9e95beab31)
There's already a to-lower function. Add a to-upper function to make
it complete.
Bug:36012197
Test: `make` pass, flash images from $OUT and boot device with chain
partitions
Change-Id: I39fe8c277a3cf6b87fc3c411eeab2fa5fb40007b
Radio images are added to INSTALLED_RADIOIMAGE_TARGET, which by default
will be packed under RADIO/ in a target_files zip. This CL introduces
BOARD_PACK_RADIOIMAGES that allows additionally copying them into
IMAGES/, which will then be included into <product>-img.zip.
Bug: 62195105
Test: Define BOARD_PACK_RADIOIMAGES and `m dist`. Check the generated
target_files zip and <product>-img.zip.
Change-Id: I3deafd2dfecd1d4dbfdfc2d002fc40ef22fb60ea
make sync will build everything necessary to adb sync system
and vendor, without wasting time rebuilding system.img and
vendor.img.
Test: m -j sync
Change-Id: I91c0012eed6d58a338393cc375056a30e2a24b09
We cannot cache the result of ($shell ...) and we have to run these on
every build even if we don't have to re-read the makefiles. Replace it
with make functions $(substr $(substr ... )).
Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Change-Id: I6d4ff8e487931ba25008a2a881401a8951d4049e
Current build system will include AVB metadata from each partition and
store them into /vbmeta partiton when BOARD_AVB_ENABLE is set, which makes
each partition tightly-coupled.
Add the support for 'chain partition':
- The vbmeta of each partition is stored on the same partition itself.
- The public key used to verify each partition is stored in /vbmeta.
For example, the following build variables are required to enable chain
partition for system partition:
- BOARD_AVB_SYSTEM_KEY_PATH := path/to/system_private_key
- BOARD_AVB_SYSTEM_ALGORITHM := SHA512_RSA8192
- BOARD_AVB_SYSTEM_ROLLBACK_INDEX := 1
- BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 2
The corresponding settings will be added into META/misc_info.txt for
build_image.py and/or add_img_to_target_files.py:
- avb_system_key_path=path/to/system_private_key
- avb_system_algorithm=SHA512_RSA8192
- avb_system_add_hashtree_footer_args=--rollback_index 1
- avb_system_rollback_index_location=2
To enable chain partition for other partitions, just replace SYSTEM with
BOOT, VENDOR and/or DTBO in the build variables.
Also switch from `avbtool make_vbmeta_image --setup_rootfs_from_kernel system.img ...`
to `avbtool add_hashtree_footer --image system.img --setup_as_rootfs_from_kernel...`
when BOARD_BUILD_SYSTEM_ROOT_IMAGE is true. This works for both chained
and no-chained:
- chained: `avbtool add_hashtree_footer --setup_as_rootfs_from_kernel` will
add dm-verity kernel cmdline descriptor to system.img
- no-chained: `avbtool make_vbmeta_image --include_descriptors_from_image
system.img` will include the kernel cmdline descriptor from system.img into
vbmeta.img
Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device without chain partitions
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device without chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device with chain partitions
Test: follow the same steps in
https://android-review.googlesource.com/#/c/407572/
Change-Id: I344f79290743d7d47b5e7441b3a21df812a69099
Adding option "--padding_size 4096" when making vbmeta.img.
Bug: 38454093
Test: build vbmeta.img and check it's being padded.
Change-Id: Id3ba6bf9998755bae75ec8b272ceccf59f4b8666
board_avb_algorithm and board_avb_key_path are overlapping with
avb_signing_args. In core/Makefile, only avb_signing_args (i.e.
INTERNAL_AVB_SIGNING_ARGS) will be used in the AVB-signing command. It
covers the contents in board_avb_{algorithm,key_path}. We should do the
same thing in tools/releasetools to avoid potential inconsistency.
This CL cleans up the logic in tools/releasetools, by always using
avb_signing_args. This also allows easier signing key replacement (so we
can replace the key/algorithm/signer in 'avb_signing_args').
board_avb_system_add_hashtree_footer_args is unused in releasetools
script, and the same information has been covered by
system_avb_add_hashtree_footer_args. This CL removes this arg as well.
Test: `m dist`. Then a) check the removed three args no longer exist in
META/misc_info.txt; b) check that rebuilding images with
add_img_to_target_files.py uses the same parameters.
Change-Id: I7db890b5c942de5b6868d8d1ebf937586d4729c0
This is a step to enable signing a given target_files zip with release
keys.
When calling sign_target_files_apks.py, we will delete all the entries
under IMAGES/ in order to re-generate them (with the proper release
keys). In order to support that, we need to pack everything in need into
TF.zip.
Steps to test the CL.
a) Choose a target that has both AVB and DTBO enabled.
$ m dist
b) Check IMAGES/dtbo.img and PREBUILT_IMAGES/dtbo.img both exist in the
generated out/dist/TF.zip.
c) Remove the entries under IMAGES/ from the generated TF.zip.
$ zip -d TF.zip IMAGES/\*
d) Re-generate the images with TF.zip.
$ build/make/tools/releasetools/add_img_to_target_files.py TF.zip
e) Check that IMAGES/dtbo.img is re-generated, and it's identical to the
image in b). Note that by default the re-generated image will carry a
different footer, because of the random salt. This CL is verified by
specifying the same salt.
Bug: 38315721
Test: see above.
Change-Id: I0bdc4e1cd4800962dc3902ca550dad6a8ca56c78
Also pack the test keys for easier testing.
Bug: 38315721
Test: m otatools-package and avbtool is present in otatools.zip.
Change-Id: Ieb63bf3f4bc211ef1f48ab278cb01b70845d06da
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.
Sample signing configurations:
* AVB HASH footer:
- CUSTOM_IMAGE_AVB_HASH_ENABLE := true
- CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image
* AVB HASHTREE footer:
- CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
- CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8
* Using custom signing key:
- CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
- CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE
Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
This CL ensures that the _asan suffix is added to the build flavor
only when it doesn't already contain _asan (or _asan_coverage). This
correctly prevents it from appending an extra _asan to ASAN lunch
configs that already include it in the flavor, while allowing
sanitized targets for generic configs to behave as they used to.
Bug: 38145756
Test: _asan is correctly appended only for lunch configs that don't
already specify it in the build flavor.
Change-Id: Ia7d9356f717b97d1c64e3237ca31cc507f27734f
This is useful for devices with low disk space with different
build variants.
Bug: 37469715
Test: Regular image builds successfully, errors occur when
the headroom size is greater than available partition space.
Change-Id: I526cdd0f84981bbd16e3afcfe1cd7fc43dce98ef
Xml files will be generated instead of html files, and then Settings
will generate html file on runtime from xml files of partitions.
Test: build succeeded and tested on sailfish
Bug: 37099941
Merged-In: Id7899381a537b1947cbb6164ed2b4a98492334af
Change-Id: Id7899381a537b1947cbb6164ed2b4a98492334af
(cherry picked from commit 3b7560bf88)
Test: make with corresponding configurations in BoardConfig.mk
- dtbo.img is copied to the OUT directory
- avbtool info_image --image dtbo.img shows avb hashes
- avbtool info_image --image vbmeta.img shows dtbo partition info
Bug: 37730955
Change-Id: If3edaab860926c743f18fd031c911b076eb09fab
For A/B OTAs, ota_from_target_files.py calls brillo_update_payload
script to generate the payload entry in an A/B OTA package.
Bug: 37443093
Test: lunch aosp_marlin-userdebug && rm
out/host/linux-x86/bin/brillo_update_payload && m otapackage
Change-Id: I3845786b6c934c709f32e12a63cd6ea1f303d380
Uses avbtool to sign vendor.img if BOARD_AVB_ENABLE is set.
It also allows appending additional arguments to avbtool via
BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS.
e.g.,
BOARD_AVB_ENABLE := true
BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS := --generate_fec
Bug: 35415839
Test: "make" with the above variables and use avbtool to check vbmeta is
appended to vendor.img
Test: "make dist" with the above variables
Change-Id: I8ada38dff3def6d34613e77c67944def8a49f464
This patch updates the logic to use the PRODUCT_IOT variable instead of
BRILLO.
Bug: 36702887
Test: `make`; Image doesn't have the dev key.
Change-Id: I1751e97d8cdfeba83c7e4720a017a5f4dcfd49da
For tar-ed ASAN artifacts, enforce ownership by the system uid.
Bug: 36458146
Test: m && m SANITIZE_TARGET=true SANITIZE_TARGET_SYSTEM=true
Change-Id: I190cba3d160f15a89ef74f26e7aaa853a449929f
Add build system support for asan.tar.bz in the system image. This
is triggered by SANITIZE_TARGET_SYSTEM=true.
Bug: 36458146
Test: m && m SANITIZE_TARGET=true SANITIZE_TARGET_SYSTEM=true
Change-Id: I725f99f16a8c9182b1c7ad26580c73d3708f8554
If a module has multiple dependencies, the current regexp for making
the dependencies absolute paths only modifies the first dependency.
Test: build sailfish with module configuration including multiple
dependencies
Change-Id: I8f2b40c8c5ec228aa8f831086bcdd561c8714910
fileslist.go is still disabled by default. To enable, use:
USE_FILESLIST_GO=true m -j
Bug: 36274890
Test: Manual, with m -j
Change-Id: I722e17fa7fb6ba91e2b2c44cd7524d974cbe4a56
This got lost from the previous backport, since systemotherimage wasn't
in AOSP yet.
(The Merged-In is a random Change-Id only on master so that this only
merges up to master)
Test: lunch aosp_marlin-eng; m -j systemotherimage
Change-Id: I92c05f27c92d877f3b83e5c5ae2e76728eb162bd
Merged-In: Iafed66e19bc114552b0261dd299379dbb37873c6
add_img_to_target_files may use these to create the recovery patch, so
add a dependency. They were previously a transitive dependency through
the system image to the standalone recovery patch creation.
Bug: 36575896
Test: rm out/host/linux-x86/bin/imgdiff; m -j target-files-package
Change-Id: I2a43220e94c09393e88e1d9950032f5665a0d2ce
This used to happen in the system image creation, but the target-files
didn't really depend on the system image, so I removed that dependency.
But then we weren't creating the symlink all the time.
This should be safe to run in parallel with the same link step in the
system creation.
Bug: 36540023
Test: m -j target-files-package, ensure vendor symlink is created
without system.img.
Change-Id: I37059fa1ce759a0870dc4c65c5515050992245e2
We don't actually need to build the system image before
target-files-package, we just need to make sure everything is present in
$(PRODUCT_OUT)/system. So switch the dependencies around.
This can't be done as easily for the vendor image, since it may be a
prebuilt, or we may need to install some kernel modules into
$(PRODUCT_OUT)/vendor when building vendor.img. It tends to be smaller
anyway, so the time savings isn't as big.
Test: Make sure the build server outputs the same files
Test: Ensure target-files-package is identical before/after.
Change-Id: I84e4f878491ab2b71582f4f49418dbfbba75590f
And move simple cases of $(ACP) to cp. That does change OTA/bin/updater
from 0640 to 0700, but that's more consistent anyways.
Test: m -j target-files-package; ensure it's the same before/after.
Change-Id: I37b65eb9ddccd2f360aa007f929ece35c9e44f9b
We've just created the target files package and still have the extracted
directory, so pass that to ota_from_target_files so that it doesn't have
to re-extract what we just compressed.
This saves a little bit of time -- for bullhead-userdebug on internal
master, this brings the time to build an OTA from ~340s -> ~310s. Much
of the time is still spent generating and signing the OTA.
Test: lunch bullhead-userdebug; m -j otapackage
Test: bullhead-ota-*.zip is identical before/after
Change-Id: Ib51cf6b02123e9c49280e9957c6590645470a52c
When building target-files-package, dir: META has to be copied first
to help early validation of the .zip file.
In order to prevent $(zip_root)/META from getting copied twice to $@.list,
use the method (find -path -prune -o -print) instead of (grep pattern -v).
Test: m target-files-package
Bug: b/31676493
Change-Id: Id6b4d77fb62aa136253de88573cc51a575b90be2
The vendor image will have more than just proprietary modules in it
under Treble, so let's stop marking open source code as proprietary just
to move it to vendor.
Bug: 36452052
Test: compare build-aosp_arm.ninja before/after, no changes.
Test: Try defining LOCAL_VENDOR_MODULE / LOCAL_PROPRIETARY_MODULE in the
same and different ways, ensure it works.
Change-Id: I0ab046bcb7563a20d44ed00667e18497ef0873a8
/file_contexts.bin is needed only by devices which do not have
PRODUCT_FULL_TREBLE set to true. Adding this file to devices which
have PRODUCT_FULL_TREBLE set to true causes confusion and wastes
about 800 kB of space.
/file_contexts.bin was being added unconditionally to all devices due
to the build system needing the combined file_contexts file for
host-side labelling of filesystems in images and for inclusion into
target files ZIP (again, to be used for host-side labelling later).
This change switches these targets to depend on the same file, but
from intermediates directory. As a result, everything continues to
work just fine, but without pulling in /file_contexts.bin. On devices
which need /file_contexts.bin, it is pulled in by
system/core/init/Android.mk.
Test: /file_contexts.bin still there on bullhead, but not there on
sailfish with PRODUCT_FULL_TREBLE set to true.
Test: Clean build, device boots up with, no new denials.
Reboot to recovery, recovery boots up fine too, no denials.
This was tested on sailfish-eng and marlin-eng.
Bug: 36002414
Change-Id: I9bbbb08bbf7d874bba0bafcc19bcbf9eec564326
