Instead of writing individual files and fixing up their metadata, make
full OTAs contain a system image and simply write it to the block
device.
This is only done for target-files that already contain the recovery
flashing information, older target-files still get a file-based full
OTA.
Bug: 12893978
Change-Id: If7586083c8f275e24fec49d260af5b5aff4a0a88
Currently, the "img" zip files generated by the build system lack the
script and data needed to rewrite the recovery partition, while the
"ota" zip files do (when installed).
In order to move towards block-based OTAs, we want the result of
flashing an image and the result of installing the corresponding OTA
package to be identical.
Generate the recovery-from-boot patch and install script as part of
the process of building the target-files. This requires breaking the
code to generate that out of ota_from_target_files into its own tool
that we can run from the Makefile. (ota_from_target_files can still
do this, so it continues to work with older target-files.)
Bug: 12893978
Change-Id: I80e62268840780b81216e548be89b47baf81b4ac
If the target_files zip for the target build contains a
META/releasetools.py (which it has since Nov 2013), prefer that over
using a releasetools.py from the local client.
Explicitly specifying the device-specific extensions path via
command-line options takes priority over both of the above mechanisms.
Change-Id: Ia068b0e2e06ede7da89ebe4315cdec592eb8995e
Sometimes it is useful to be able to tell ota_from_target_files
to not sign the output zip file. For instance, the private
release key may not be available when ota_from_target_files
is executed; similarly the release tools may not be available
or executable where the private key is stored.
This change adds an option, '--no_signing', to simply output the
unsigned OTA zip file, instead of spuriously signing it with the
test key even though the zip file would need to be re-signed later
with a different key.
Change-Id: I1f3c4dc8ffa35ce85478f848b147aff3d40fe283
When run with the -2 option, ota_from_target_files will generate a
package (full or incremental) that does some extra reboots in order to
install the new recovery first, so that the rest of the installation
is done with the new recovery. This can be useful if (say) the
package installation needs some features from the newer kernel.
For incremental packages, the verification phase is still done with
the old recovery.
This is only supported on devices where the misc partition is EMMC
(not MTD).
Two-step packages are slower to install and possibly confusing to
users (they will see their device reboot four times instead of twice),
so only use this option if necessary.
Change-Id: I3267d905e5e8eb1a1eb61bf48255b8b24ffc4ad1
Update the OTA generation script to understand SELinux file
labels and file capabilities.
Make fs_config aware of SELinux labels and file capabilities, and
optionally output those elements whenever we output the
UID / GID / file perms. The information is emitted as a key=value pair
to allow for future extensibility.
Pass the SELinux file label and capabilities to the newly created
set_metadata() and set_metadata_recursive() calls. When the OTA
script fixes up filesystem permissions, it will also fix up the SELinux
labels and file capabilities.
If no SELinux label and capabilities are available for the file, use
the old set_perm and set_perm_recursive calls.
Bug: 8985290
Bug: 10183961
Bug: 10186213
Change-Id: I4fcfb2c234dbfb965cee9e62f060092a4274d22d
Make fs_config aware of SELinux contexts, and output the context
whenever we output the UID / GID / file perms.
Pass the selinux context to the set_perm2() and set_perm2_recursive()
calls. When the OTA script fixes up filesystem permissions, it will
also fix up the SELinux context on the files.
Bug: 8985290
Change-Id: I6419b64c06309a93ac6b2f2cf9fc7f8815adeaf3
Replace OTA script constructs of the form:
assert(foo);
with
foo || abort("sensible message");
so that the log and the on-screen display is somewhat more accessible
to non-experts. (assert() displays the source code of the false
expression 'foo'.)
Change-Id: Ic99448e4466561d305b167cd4d5c1f0f2dbadcce
When not building locally and just using a target-files.zip from some
other build, it still tries to access the file_contexts from the out/
directory. This change instead looks at the unzipped target-files.zip
hierarchy to grab that information.
Bug: 9191141
Change-Id: I6ea12e82d6c6376fcada412314c5eefc97ff4853
When /system/etc/recovery-resource.dat is available, use it to
construct the recovery-from-boot patch.
Change-Id: I1575f7d284711323186ca6823842eb2a866fd890
Arrange to take $(BOARD_MKBOOTIMG_ARGS) and pass it to all invocations
of mkbootimg from within make, and to store it in the target_files so
it can be used by future invocations of img_from_target_files and
ota_from_target_files.
Bug: 6918260
Change-Id: I7130ac52e96bd51d4d8b80ca036635e1626f01f1
Pass the file_contexts configuration to the releasetools scripts
so that the security contexts of files can be properly set for OTA
and update packages.
Requires Ica5fb73d6f2ffb981b74d1896538988dbc4d9b24
Change-Id: I5a63fd61a7e74d386d0803946d06bcf2fa8a857e
Checksum the entire recovery partition at boot time to see if we need
to rewrite it, rather than just the first 2kb.
Bug: 5668350
Change-Id: I777754f92e8da630ae3c09bb0d4c41884ff62f39
Checksum the entire recovery partition at boot time to see if we need
to rewrite it, rather than just the first 2kb.
Bug: 5668350
Change-Id: I777754f92e8da630ae3c09bb0d4c41884ff62f39
The signing and OTA-building tools now understand the
default_sys_dev_certificate value which may be present in the
META/misc_info.txt file of the target-files packages.
Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
Works around a problem observed on a retail device: incremental update
from build 1 to build 2 partially completed, leaving a mix of files
from the two builds. (Why it booted into the regular system instead
of recovery to restart update installation is still a mystery.)
build.prop was one of the files updated, so the device reported itself
as having build 2. The device hobbled along for months in this state,
until build 3 was released and the 2-to-3 incremental package
repeatedly failed (because some of the files it was trying to patch
were build 1).
This change makes updating build.prop the very last thing does by an
incremental update script, so if installation is aborted and the
regular system starts (and works at all), it will continue reporting
itself as build 1 and be sent the 1-to-2 OTA package again.
Change-Id: I1edc1dcef2bd2495b6fd96517c2f4c574b994f27
Gmake in Darwin has file descriptor leak.
In a full build, ota_from_target_files will inherits
more than 2000 open PIPEs from gmake and fails in a call to select.select().
This change fixes the build by closing the PIPEs before doing real work.
Change-Id: Ie7035d7add0b1da3afb6bf9c2009d40f8c7d29b3
img_from_target_files now, with the -z flag, will produce an output
zip with only the bootable partitions (boot and recovery).
img_ and ota_from_target_files can take, instead of a simple
"target_files.zip", a name of the form
"target_files.zip+bootable_images.zip", where the second zip contains
bootable images that should be used instead of building them from the
target_files.zip. (This should be the zip produced by the above -z
flag, perhaps with the images messed with in some way, such as by an
unnamed OEM's extra signature wrapper for their "secure boot"
process.)
Bug: 3391371
Change-Id: Iaf96dfc8f30e806ae342dcf3241566e76ae372d4
Gmake in Darwin has file descriptor leak.
In a full build, ota_from_target_files will inherits
more than 2000 open PIPEs from gmake and fails in a call to select.select().
This change fixes the build by closing the PIPEs before doing real work.
Change-Id: Ife021382198642a97bbbf0b623e4f24f3d86b2b2
Merge commit '8317e66433903badaec8ebd2b9ec2b8153f3d612'
* commit '8317e66433903badaec8ebd2b9ec2b8153f3d612':
make info_dict and GetTypeAndDevice available to device extensions
Include the recovery.fstab file in the recovery image. Remove the
global fs_type and partition_type values from the target-files
key/value dict, and parse the recovery.fstab file instead to find
types for each partition.
(Cherrypicked from gingerbread w/some edits to resolve conflicts.)
Change-Id: Ic3ed85ac5672d8fe20280dacf43d5b82053311bb
Include the recovery.fstab file in the recovery image. Remove the
global fs_type and partition_type values from the target-files
key/value dict, and parse the recovery.fstab file instead to find
types for each partition.
Change-Id: I35ee2dd0989441dc2a704b63c1b32e598049acb5
Instead of separate files for recovery api version, tool extensions,
and mkyaffs2 options, put those all in the generic key-value file.
Change-Id: Ib642311632844d52e4895fd4747093fc7e86232d
Do the yaffs-specific adjustments to image sizes in common.CheckSize,
instead of baking it into the image size stored in the target-files
package. Remove the special fs_type flag and fold it into the
"info_dict" we have for saving key-value pairs from the build system.
Change-Id: I6e63f3330f6277d9a946b22e66cadeb51203ba14
Move the image sizes into a more generic key-value file. Make them
optional. Add additional key/value pairs describing what kind of
filesystem the device uses. Pass new fs-type-related arguments in
edify scripts when mounting and reformatting partitions.
Don't include all the init.*.rc files from the regular system in
recovery -- they aren't needed, and break recovery on some devices.
Change-Id: Ic1c651f754ed00ba1cffe8cf56c43f7f3b0ebfd7
This makes them accessible from device-specific extensions (so they
can be used to send radio images as binary patches, for instance).
Change-Id: I2f2174b93b4265abf9400f9e5a0982caca0771e9
Remove the remaining (unused and untested) support for generating
amend scripts. This means that you won't be able to OTA directly from
cupcake to gingerbread.
Change-Id: Iaf5295db92a42b336960d05295f48b67cb729337
ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained (supported by apriori/soslim).
Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I500e325bf4a70a8d69a2ab9b2938e83dadb4e65d
