For non-Brillo devices using AB update, add the payload signing public
key to the system image
(system/etc/update_engine/update-payload-key.pub.pem).
We first need to sign the payload with some private key, and pack it
into an Android OTA package. Then the whole zip package will be signed
again with the device key. This is to comply with the two existing OTA
flows (Android and CrOS).
We use the same device key to do the two signings, but update_engine
expects the key in RSA public key format. This CL extracts the public
key from x509 certificate and adds it to the system image.
Bug: 25715402
Change-Id: I6f6c1148534250ddb6d9e554175c7a35bceda99e
New version of build/ execute the tools from prebuilts/sdk/tools in
place, old versions copy them to $(HOST_OUT_EXECUTABLES). build/ and
prebuilts/sdk often use mixed versions, set a flag that
prebuilts/sdk/tools/Android.mk can use to determine when it is using an
old build/ directory.
Change-Id: Iad2f96c35203fd3b0976946d229bfa8ab4acb150
APKs are now signed with the usual JAR signature scheme and then
with the APK Signature Scheme v2.
APK Signature Scheme v2 is a whole-file signature scheme which aims
to protect every single bit of the APK as opposed to the JAR signature
scheme which protects only the names and uncompressed contents of ZIP
entries.
The two main goals of APK Signature Scheme v2 are:
1. Detect any unauthorized modifications to the APK. This is achieved
by making the signature cover every byte of the APK being signed.
2. Enable much faster signature and integrity verification. This is
achieved by requiring only a minimal amount of APK parsing before
the signature is verified, thus completely bypassing ZIP entry
decompression and by making integrity verification parallelizable
by employing a hash tree.
Bug: 25794543
Change-Id: I275d2a6d0a98504891985309b9dfff2e0e44b878
This change makes signapk not reject the --disable-v2 command-line
flag which may be used by build scripts in some branches. The flag
is currently ignored.
This change is landed separately from the actual support for APK
Signature Scheme v2 because of unbundled branches which use prebuilt
versions of signapk.
Bug: 25794543
Change-Id: I900966244b8b6296b1f443bf98830cc7f7cc81a8
Both aidl and clang/gcc were putting their dependencies in the same
place. Move aidl's dependencies to a file ending with .aidl.P rather
than the compiler's .P.
While here, inform kati that we have these special dep files.
Bug:26409006
Test: Rebuild, note both files being generated
Change-Id: I29d2eea822235d60713c2059f3a314e475eb5aa3
Transform ../ to dotdot/ for C++ generateds from .aidl source files.
This forces us to use one layer of indirection to calculate the build
rules for .aidl files, since we can no longer use a pattern rule.
This was tested by modifying system/tools/aidl's Android.mk to refer to
its .aidl files by going up two directories and then repeating the
directories again. When I print the build rules with $(info) I see that
dotdot/ appears in appropriate places (C++ paths, but not .aidl paths).
Bug: 26407018
Test: Described above.
Change-Id: I397c9d10408c0c66d8b5a247a1f34eb4bf4f74ce
It calls brillo_update_payload to generate the payload for A/B update.
And packages the payload according to Android OTA package format.
Note that it only supports generating full/incremental OTAs with this
CL. Signing for release may not work properly at the moment.
Bug: 25715402
Change-Id: I4ac8505bacad28a572a9320dc8b52dd0f1ce47f5
brillo_update_payload and shflags are the scripts to generate A/B OTA
package (payload). Include them into otatools.zip.
brillo_update_payload was already included in previous CL. Move it to
the folder for executables.
Bug: 25715402
Change-Id: Idf9c05767c24c55d058cc30e696f06d4eb5fd53b
This effectively changes the default instruction set of assembly files
from arm to thumb in order to match the default for C/C++.
Change-Id: I8684f144a1195b53b3e0fdd04cacf77f6a131c7e
The information is not useful. Javadoc hasn't included this
information for years.
Bug: 25767152
(cherry-picked from commit a37bdc89b4)
Change-Id: Id03a6e383118ab716ce870a1d7a3740656420fe7
Modify the number of max blocks per transfer to reduce splitting of
large files during patch generation. This will reduce the size of
final incremental OTA updater package. In specific, the size limit
for each file to transfer is set to 1/8 cachesize instead of a fix
number.
Bug: 26472126
Change-Id: Iffb135e378c4c7a91640f2fc4c40e9e93d1fe4bb
Building with USE_NINJA=false and piping build output to a file will
result in ANSI color codes in the build output. Only force ANSI codes
on when building with ninja, which strips the ANSI codes when writing
build output to a non-TTY.
Change-Id: Ifd2fb53799fd99c23b7ad91cdb84d943bf707db0
This uses far fewer hacks in order to build these host tools, but will
require more libraries(libc++,etc) from unbundled and stripped down
branches.
Once this becomes the only option, all builds will happen after soong
runs. Then the toolchain / global cflags information will be able to be
moved from make to soong (and exported back to make).
Change-Id: I270b1d92bcef28a96fbc3ec9910d9bd0c101ac0f
Bug: http://b/26524325
Bug: http://b/25282907
The latest Clang/LLVM requires Vista APIs in order to execute, so we
need to bump the minimum required Windows version for our host tools.
Change-Id: Ic1a760bc240060f5de39ce3a68484886021ff3d9
This was marked as unsupported only on arm[64], even though it works.
For soong, we want to keep a single list of unsupported clang flags
for all architectures.
Change-Id: I9c4ae0f255c549d2346ba7abae57e22c86ddcc61
SHA-1 is deprecated, but the replacement SHA-256 is only supported
for JAR/APK and OTA update package signatures on API Level 18 and
newer. This change thus adds a --min-sdk-version command-line
parameter to signapk. When this parameter is set to 18 or higher,
SHA-256 is used instead of SHA-1. When the parameter is not provided,
SHA-1 is used same as before.
This change also removes any other digests from the MANIFEST.MF.
This is to ignore any MANIFEST.MF digests already there in the APK,
such as when re-signing an already signed APK.
Build scripts will be modified to provide the --min-sdk-version
parameter in a follow-up change. This is not done in this change
because of prebuilts which require a prebuilt version of signapk
to support this parameter before the build scripts can be modified.
Bug: 25643280
Change-Id: I6a2782e465600fe2a3ad0c10bd80db2b80a6fb76
Due to a bug introduced in 8562fd478d
SHA-1 digests of APK entries' contents were listed under wrong
attribute name. The effect is equivalent to not listing SHA-1
digests.
This change fix the issue by listing SHA-1 digests under the correct
attribute name. However, these digests are not that useful because:
(1) typically the digest of the MANIFEST.MF verifies and thus the
per-entry digests are ignored, and (2) per-entry digests of entries
with names longer than 64 characters are wrong in any case because the
digest generation code does not take into account that such names are
split over multiple lines.
An alternative to this change would be to completely omit outputting
per-entry sections of .SF files, thus saving space and speeding up APK
verification (.SF files would decompress faster).
Bug: 26513901
Change-Id: If95d58e9baa62b1113639fe70724e1e9c9f4e15c
The CL in [1] changed to create a symlink to /storage/self/primary for
/sdcard. It breaks the mount of /sdcard under recovery.
[1] commit 595003a3d06a13862052ef2f4f578371dae5ad65
Bug: 26509280
Change-Id: I98d02d54d707c2c8826c5ee119cf1a3ffa0c4bc9
- For .l/.y source files, generate .c files; for .ll/.yy source files,
generate c++ files.
- Simplified the rules by adding the generated sources to
my_generated_sources.
- Simplified generated header file naming by always using .h extension
with bison's "--defines=" option.
- Removed the unnecesarry conditional inclusion to the generated
headers. Bison already automatically generates such things.
Bug: 26492989
Change-Id: I9ab6dc149c258f7642bc36c3fa32f90ff7ee51a4
If ninja is missing makeparallel prints an unhelpful error:
out/host/linux-x86/bin/makeparallel: exec failed: No such file or directory
which suggests that makeparallel is what is missing, not what is
reporting the error. Print the path passed to exec as well.
Change-Id: Ic04c1cde6da9c3a974b5c43e3fb3bdb6da6605f7
When USE_SOONG=true, ignore any Android.mk file that has an Android.bp
file in the same directory.
Change-Id: Id79bd90c2aed5dafc2f8ad2c5b7eb0aa6e81dc18
Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts. A change to init is removing this special case and
therefore, the "ro." prefixes must be explicitly added to
property_contexts.
Bug 26425619
Change-Id: I735eb9fc208eeec284cda8d778db946eeec24192
The lack of a changing timestamp improves reproducibility of builds, and
helps create smaller OTAs.
Bug: 24204119
Change-Id: I68acfb53be962ffd5c488337517dadb950a13b6f
