We were using zipfile.write() to write system/etc/security/otacerts.zip
when signing for release. It led to unexpected timestamp change in the
generated otacerts.zip and non-idempotent signed images when signing the
same target_files.zip.
Replace with common.ZipWrite() to always use a fixed timestamp.
Bug: 28122968
Change-Id: Ia6cf4b7d380cbf72ed7050ebb60c932dc8826d87
(cherry picked from commit 7ee3a9678e)
Android platform does not support DSA with SHA-512. Thus, it does not
make sense to support this unsupported algorithm in APK Signature
Scheme v2.
Bug: 24331392
Change-Id: Ifba90ad5b11188bb968c28d9e0ed3f9cb13ce2e7
make 3.81 sets its own stack size to be unlimited, but accidentally
leaves it unlimited for all child processes. If it is unlimited, reset
it back to a reasonable default (8MB).
See http://savannah.gnu.org/bugs/?22010
Change-Id: Ieb0289823f12a421b59d8ab5292d3df3c6dfc27e
* Put all Clang-Tidy warning messages in a group for now.
There are too many coding style warnings.
* Change the 'top' link to the top of the page.
* Add a few more new clang compiler warnings.
Bug: http://b/27779618
Change-Id: I385b9db927a397704b56f53440301352da8694cf
APK entry alignment logic assumes that input entries have zero-length
comment and extra fields. When the assumption is broken, the logic
silently breaks alignment of output entries. This happens, for
example, when the APK to be signed is already aligned and thus may
contain entries with non-empty extra fields.
Given that APKs are not supposed to use comment and extra fields for
anything useful and given that this signer already discards comment
and extra fields of compressed entries, this change makes the signer
discard comment and extra fields of STORED input entries as well.
This unbreaks the existing alignment logic.
Bug: 27814973
Change-Id: I8242b037e21ba7bcf45d0fe2afc8bfc47f1ec314
* The table of warning counts has links to each warning pattern section,
which has a new anchor.
* Each warning pattern section has a new link to the 'top' of the table
of warning counts.
* Background color of unknown warnings is changed to more visible light blue.
BUG: 27698849
Change-Id: Ia3d4a8511bd42f44f6a47afcb9c3889f6d62b9f2
The following variables are introduced
BOARD_BVB_ENABLE: can be set to true to build boot.img and system.img
files compatible with Brillo Verfied Boot.
BOARD_BVB_ROLLBACK_INDEX: can be set to an integer to use for the
rollback index.
BOARD_BVB_KEY_PATH, BOARD_BVB_ALGORITHM: If set, the former must be a
path to the private key used to sign the boot image and the latter must
be the algorithm to use. If unset, a test-key stored in the tree will
be used.
BOARD_BVB_MAKE_BOOT_IMAGE_ARGS: Extra options to pass to 'bvbtool
make_boot_image'.
BOARD_BVB_SIGN_BOOT_IMAGE_ARGS: Extra options to pass to 'bvbtool
sign_boot_image'.
BOARD_BVB_ADD_IMAGE_HASHES_ARGS: Extra options to pass to 'bvbtool
add_image_hashes'.
BOARD_CUSTOM_BVBTOOL: Can be set to specify what bvbtool program to
use.
The existing BOARD_KERNEL_CMDLINE variable is also used, as are existing
kernel and initrd-related variables. Therefore, simply adding
BOARD_BVB_ENABLE := true
to an existing Makefile should do the trick.
Bug: 26185038
TEST=Added 'BOARD_BVB_ENABLE := true' to hardware/bsp/intel/soc/edison/soc.mk
and built an image and then ran bvbtool's info_boot_image and
info_image_hashes commands on the resulting boot.img and system.img
files and verified that the information was correct. Also ran 'm dist'
and verified that the boot.img and system.img files in the resulting
target_files.zip file had similar information.
Change-Id: I08045ed8b0cbddc7c3acdd3a6f2c4bb75cb44bbc
Fix compilation warning:
" destination for this 'memcpy' call is a pointer to dynamic class
'CentralDirEntry'; vtable pointer will be overwritten"
by removing unnecessary virtual desctructor.
Bug: 27695718
Change-Id: Id3c451f82374f2232176115b7bc3291ac4275c00
This CL fixes the bug in [1] (copy-paste error) and reenables it.
We need to handle a special case that an OTA goes from a source build
without OEM properties to a target build with those properties (or vice
versa). Add support in OTA scripts to deal the case properly, by a)
using two oem_props variables to handle source and target builds
respectively; b) adjusting the fingerprint/thumbprint assertions to
allow a mix of both.
[1] commit c086370440
Change-Id: I98118d77d5a0ff694fa1ee33602b5ee5e048599b
* Zip EoCD record comment length was referred to as 32-bit whereas it
is a 16-bit field. The implementation was fine, but the comment and
the naming of a constant were wrong.
* System.out.println was left over from early prototyping days.
Removed.
Bug: 25794543
Change-Id: I97199310d4b4451271a75bb6c6d0463e0b788be9
We used to use the update-binary from the target build when creating
incremental OTAs. But for downgrade OTAs, we should use the one in the
source build instead, which is actually newer.
Bug: 27556903
Change-Id: Ib6415729b979dbffdebdda24902f7f560942801a
Introduce TARGET_FS_CONFIG_GEN, an option for generating
android_filesystem_config.h files from multiple intermediate
file formats. See the README for more details.
Change-Id: Ibdb2f65702657802e34b0cec18fb43709d7452bb
Signed-off-by: William Roberts <william.c.roberts@intel.com>
We need to handle a special case that an OTA goes from a source build
without OEM properties to a target build with those properties (or vice
versa). Add support in OTA scripts to deal the case properly, by a)
using two oem_props variables to handle source and target builds
respectively; b) adjusting the fingerprint/thumbprint assertions to
allow a mix of both.
Change-Id: Ib517c366730b967a974c89528df9d42887c92ec2
We use a bitset for blocks in the target image to assert a block hasn't
been touched before reading. Skip checking the blocks that are in the
source image only.
Change-Id: I3a77292da673c813bd20d8dc177ff36419d8ecae
The CL in [1] added support for --oem_no_mount. It missed one place that
guards the OEM mounting.
[1] commit 8608cde944
Change-Id: I6ecaa94cd0866e0fd4fc88cb0aa3ebf55cde2968
am: a65b01fc09
* commit 'a65b01fc09b47c83e59dc4757c76eafba1e15cbc':
Remove LOCAL_ACP_UNAVAILABLE
Remove unused dependencies on $(ACP)
Replace some uses of acp with cp
Now that copy-file-to-target doesn't use acp, nothing in the acp build
path uses acp, so we don't need to special case it to prevent loops.
Change-Id: I12810c1b064d0c03135a80077a76bc4c9cc18b24
We may have devices with OEM-specific properties but without an OEM
partition (e.g. the properties might be set by init based on hardware
SKUs). For such devices, we supply --oem_no_mount to skip mounting the
OEM partition in the updater-script. The option is only meaningful when
-o (--oem_settings) is specified.
Bug: 27359929
Change-Id: Ic08396e478a82be4188e980e704b33b4f704a8d7
Add --downgrade flag to ota_from_target_files.py script. It allows
generating an incremental OTA that updates from a newer build to an
older one (based on timestamp comparison). "post-timestamp" line in the
metadata file will be replaced by "ota-downgrade=yes". A data wipe will
always be enforced, so "ota-wipe=yes" will also be included in the
metadata file.
Bug: 26883782
Change-Id: Iaa05f662d948b7ab632a9fbb7051cc3f8bf68c21
