For an PRESIGNED APEX, it has the following format, which should be
considered as a valid input.
name="foo.apex" public_key="PRESIGNED" private_key="PRESIGNED" container_certificate="PRESIGNED" container_private_key="PRESIGNED"
Bug: 131153746
Test: Run sign_target_files_apks.py on a target_files.zip with PRESIGNED
APEXes.
Test: python -m unittest sign_target_files_apks
Change-Id: I51076b0c6eddfb75637d37659a08009f0a88e931
By sorting the content of the final output merged target files package, the
merged target files package is more like the target files packages generated by
a build.
Test: Generate merged target files package, verify that content is sorted.
Change-Id: Ic0c198630ebd7692a3f3f9663d85e4b45229175c
We used to require explicitly setting both (e.g. `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=` to skip signing `foo.apex`).
This CL allows specifying `-e` alone to achieve the same result.
However, if a conflicting `--extra_apex_payload_key` is also specified,
that would be considered as a config error.
Bug: 131153746
Test: Run sign_target_files_apks.py with `-e foo.apex=` alone to skip
signing foo.apex.
Test: Run sign_target_files_apks.py with `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=key` and expect assertion error.
Change-Id: Ia747f59ee726b60bdb1445024e749320171064c2
This is used by merge_target_files to prevent an unnecessary unzip and
copy.
Test: Ran merge_target_files.py and booted using the img.zip.
Change-Id: I6fe0dd025b30b3f4965c9b22fb6943019bf5899b
In some build targets, e.g., aosp_arm64_ab, $OUT/ramdisk is an empty
dir, and leads to rsync $OUT/ramdisk/* failure. Removing the trailing
asterisk to avoid throwing an error if it's empty. Note that the
trailing slash still needs to be kept to avoid creating an additional
directory level at the destination.
Bug: 126493225
Test: `make ramdisk_debug` on aosp_arm64_ab
Test: flash boot-debug.img on crosshatch still can adb root
Change-Id: I44937324379fa78fc26a4471ba94eb7694911c2d
Merged-In: I44937324379fa78fc26a4471ba94eb7694911c2d
Some targets have ramdisk.img but no boot.img, howerver,
ramdisk-debug.img only depends on boot.img. Fix this by making
ramdisk-debug.img depends on ramdisk.img.
Bug: 126493225
Test: make ramdisk_debug
Change-Id: I65120a3b3372712fafc26442354ee031eede0bd3
Allow setting it for host modules, it is necessary for
RoboLectric.
Remove some unused PRIVATE_DONT_DELETE_JAR_META_INF variables.
Remove unzip-jar-files, it is obsolete since merge_zips was
introduced.
Test: m checkbuild
Change-Id: I3f2fc466321904eace31525cbac99ad524f39188
The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.
See the following for more details about boot-debug.img:
https://android-review.googlesource.com/c/platform/build/+/947857
Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
command fails:
./build/tools/releasetools/sign_target_files_apks \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
It's a vendor-specific property, which was historically included into
/system/build.prop prior to this change.
Whether a target uses A/B OTA shouldn't affect anything on the system
image, including the `ro.build_ab_update` property. Moving it to vendor
partition will also make it consistent with other A/B specific configs,
such as the `slotselect` flag in device fstab
(/vendor/etc/fstab.$(PRODUCT_PLATFORM)).
Bug: 130516531
Test: Build and flash crosshatch-userdebug. Check /system/build.prop,
/vendor/build.prop and the runtime property.
Change-Id: I927625fbcc02c4a875a1f39850b51576f5ff6c66
This is to migrate sepolicy Makefiles into Soong. For the first part,
file_contexts, hwservice_contexts, property_contexts, and
service_contexts are migrated. Build-time tests for contexts files are
still in Makefile; they will also be done with Soong after porting the
module sepolicy.
The motivation of migrating is based on generating property_contexts
dynamically: if we were to amend contexts files at build time in the
future, it would be nicer to manage them in Soong. To do that, building
contexts files with Soong can be very helpful.
Bug: 127949646
Bug: 129377144
Test: 1) Build blueline-userdebug, flash, and boot.
Test: 2) Build blueline-userdebug with TARGET_FLATTEN_APEX=true, flash,
and boot.
Test: 3) Build aosp_arm-userdebug.
Change-Id: I486f7065207468697320776f726b732077656c6c
Non-installable, non-library modules can still have notice files
attached if they are bundled in an apex module, in which case the
current make setting would generate an error. This change makes it just
ignore them silently if the module is ETC. Other classes will still
trigger an error.
Test: manual build + TreeHugger
Change-Id: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
The two new debugging images adds additional files based on
boot.img and ramdisk.img/ramdisk-recovery.img, respectively.
File /force_debuggable is to trigger special logic in /init to load an
userdebug version of sepolicy and an additional property file from this
ramdisk to allow adb root, if the device is unlocked.
It's intentional to skip signing for boot-debug.img, as it can
only be used if the device is unlocked, where verification error
is allowed.
Those debugging images allows adb root on user build
system.img, vendor.img, product.img, etc. This can facilitate more
automated testings on user builds and is helpful to narrow down the
delta between what's being tested v.s. what's being shipped.
Bug: 126493225
Test: `make dist`, checks both boot-debug.img and ramdisk-debug.img
are in $OUT/ and out/dist.
Test: `make dist`, checks installed-files-ramdisk-debug.{json,txt} are
in out/dist.
Test: `system/core/mkbootimg/unpack_bootimg.py --boot_img $OUT/boot-debug.img`,
checks the extracted out/ramdisk is as expected
Test: Run `gunzip -c ramdisk | cpio -idm` for the ramdisk extracted from
$OUT/boot-debug.img and $OUT/boot.img, respectively.
Then compare the root dirs of both, e.g.,
`diff -rq --no-dereference ./ramdisk ./ramdisk-debug`
Test: `make ramdisk_debug-nodeps` and `make bootimage_debug-nodeps`
Change-Id: I30137c3caef91805d9143d404e5e4d06c0fccc30
This reverts commit a280a66b5a.
/init now switched to read adb_debug.prop from debug ramdisk instead
of GSI or other system.img. No need to keep the file in GSI.
See the following for more details:
https://android-review.googlesource.com/c/platform/system/core/+/946517
Bug: 126493225
Test: tree hugger
Change-Id: I981db8e13216fbe0f066f4d3684ee149b1177d22
The extensions is for OEM. To avoid AOSP code using OEM
extensions mistakenly. GSI denys product to use the extensions
by enabling the following property:
ro.nnapi.extensions.deny_on_product=true
Bug: 129900377
Test: make gsi_arm64-userdebug, check /system/build.prop
Change-Id: Ia679f1f9c108bd5a164c8cdeb1d73f57da755608
This allows update_engine listing the file as a required module,
regardless of the value in AB_OTA_UPDATER.
Bug: 130516531
Test: Build aosp_arm64-userdebug w/o setting AB_OTA_UPDATER. Check that
/system/etc/update_engine/update-payload-key.pub.pem is available.
Change-Id: Ied041aca750e7260402ae8dbf65ff740d0b87205
Bug: 30414428
Test: `m -j dist` with aosp_taimen-userdebug. Check
/system/etc/security/otacerts.zip available under system and
recovery images.
Change-Id: I5abeb2da441fb3e3231e094063c2383eb3807852
Merged-In: I5abeb2da441fb3e3231e094063c2383eb3807852
So that it can be overridden by PRODUCT_PROPERTY_OVERRIDES.
Test: native bridge property is overridden when requested
Bug: 130825973
Bug: 130564502
Change-Id: I8413b9b5b2ac24ac62b6cf22a5f14393420927f5
This variable is used to populate the ro.sf.lcd_density property
in /vendor/build.prop, as well as choosing the correct density
bucket for assets in recovery.
Bug: 118676832
Test: inspect taimen and crosshatch in recovery
Test: adb shell getprop ro.sf.lcd_density
Change-Id: I80cf4d28ecfbae17f1ee206a279e7d9144bd7c05
Merged-In: I80cf4d28ecfbae17f1ee206a279e7d9144bd7c05
(cherry picked from commit 0dc9878af0)
