b48589af57
The userdata.img and cache.img entries are not useful in signed builds; because fastboot doesn't look at these two entries in the *img.zip when flashing a device. And they aren't used elsewhere. Therefore, skip building the image files for them when signing the target files with sign_target_files_apks. Also, add an option "--is_signing" to avoid adding these two images when we call add_img_to_target_files. Change-Id: I39ba91a86d9a856d7d01771f6d1403dbf21f2011 Test: Run sign_target_files_apks on a target file and userdata/cache.img doesn't not generate. Bug: 30642470
502 lines
17 KiB
Python
Executable file
502 lines
17 KiB
Python
Executable file
#!/usr/bin/env python
|
|
#
|
|
# Copyright (C) 2014 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
"""
|
|
Given a target-files zipfile that does not contain images (ie, does
|
|
not have an IMAGES/ top-level subdirectory), produce the images and
|
|
add them to the zipfile.
|
|
|
|
Usage: add_img_to_target_files [flag] target_files
|
|
|
|
-a (--add_missing)
|
|
Build and add missing images to "IMAGES/". If this option is
|
|
not specified, this script will simply exit when "IMAGES/"
|
|
directory exists in the target file.
|
|
|
|
-r (--rebuild_recovery)
|
|
Rebuild the recovery patch and write it to the system image. Only
|
|
meaningful when system image needs to be rebuilt.
|
|
|
|
--replace_verity_private_key
|
|
Replace the private key used for verity signing. (same as the option
|
|
in sign_target_files_apks)
|
|
|
|
--replace_verity_public_key
|
|
Replace the certificate (public key) used for verity verification. (same
|
|
as the option in sign_target_files_apks)
|
|
|
|
--is_signing
|
|
Skip building & adding the images for "userdata" and "cache" if we
|
|
are signing the target files.
|
|
|
|
--verity_signer_path
|
|
Specify the signer path to build verity metadata.
|
|
"""
|
|
|
|
import sys
|
|
|
|
if sys.hexversion < 0x02070000:
|
|
print >> sys.stderr, "Python 2.7 or newer is required."
|
|
sys.exit(1)
|
|
|
|
import datetime
|
|
import errno
|
|
import os
|
|
import shlex
|
|
import shutil
|
|
import subprocess
|
|
import tempfile
|
|
import zipfile
|
|
|
|
import build_image
|
|
import common
|
|
|
|
OPTIONS = common.OPTIONS
|
|
|
|
OPTIONS.add_missing = False
|
|
OPTIONS.rebuild_recovery = False
|
|
OPTIONS.replace_verity_public_key = False
|
|
OPTIONS.replace_verity_private_key = False
|
|
OPTIONS.is_signing = False
|
|
OPTIONS.verity_signer_path = None
|
|
|
|
def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None):
|
|
"""Turn the contents of SYSTEM into a system image and store it in
|
|
output_zip. Returns the name of the system image file."""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "system.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "system.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return prebuilt_path
|
|
|
|
def output_sink(fn, data):
|
|
ofile = open(os.path.join(OPTIONS.input_tmp, "SYSTEM", fn), "w")
|
|
ofile.write(data)
|
|
ofile.close()
|
|
|
|
if OPTIONS.rebuild_recovery:
|
|
print "Building new recovery patch"
|
|
common.MakeRecoveryPatch(OPTIONS.input_tmp, output_sink, recovery_img,
|
|
boot_img, info_dict=OPTIONS.info_dict)
|
|
|
|
block_list = common.MakeTempFile(prefix="system-blocklist-", suffix=".map")
|
|
imgname = BuildSystem(OPTIONS.input_tmp, OPTIONS.info_dict,
|
|
block_list=block_list)
|
|
|
|
# If requested, calculate and add dm-verity integrity hashes and
|
|
# metadata to system.img.
|
|
if OPTIONS.info_dict.get("board_bvb_enable", None) == "true":
|
|
bvbtool = os.getenv('BVBTOOL') or "bvbtool"
|
|
cmd = [bvbtool, "add_image_hashes", "--image", imgname]
|
|
args = OPTIONS.info_dict.get("board_bvb_add_image_hashes_args", None)
|
|
if args and args.strip():
|
|
cmd.extend(shlex.split(args))
|
|
p = common.Run(cmd, stdout=subprocess.PIPE)
|
|
p.communicate()
|
|
assert p.returncode == 0, "bvbtool add_image_hashes of %s image failed" % (
|
|
os.path.basename(OPTIONS.input_tmp),)
|
|
|
|
common.ZipWrite(output_zip, imgname, prefix + "system.img")
|
|
common.ZipWrite(output_zip, block_list, prefix + "system.map")
|
|
return imgname
|
|
|
|
|
|
def BuildSystem(input_dir, info_dict, block_list=None):
|
|
"""Build the (sparse) system image and return the name of a temp
|
|
file containing it."""
|
|
return CreateImage(input_dir, info_dict, "system", block_list=block_list)
|
|
|
|
|
|
def AddVendor(output_zip, prefix="IMAGES/"):
|
|
"""Turn the contents of VENDOR into a vendor image and store in it
|
|
output_zip."""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "vendor.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "vendor.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return
|
|
|
|
block_list = common.MakeTempFile(prefix="vendor-blocklist-", suffix=".map")
|
|
imgname = BuildVendor(OPTIONS.input_tmp, OPTIONS.info_dict,
|
|
block_list=block_list)
|
|
common.ZipWrite(output_zip, imgname, prefix + "vendor.img")
|
|
common.ZipWrite(output_zip, block_list, prefix + "vendor.map")
|
|
|
|
|
|
def BuildVendor(input_dir, info_dict, block_list=None):
|
|
"""Build the (sparse) vendor image and return the name of a temp
|
|
file containing it."""
|
|
return CreateImage(input_dir, info_dict, "vendor", block_list=block_list)
|
|
|
|
|
|
def CreateImage(input_dir, info_dict, what, block_list=None):
|
|
print "creating " + what + ".img..."
|
|
|
|
img = common.MakeTempFile(prefix=what + "-", suffix=".img")
|
|
|
|
# The name of the directory it is making an image out of matters to
|
|
# mkyaffs2image. It wants "system" but we have a directory named
|
|
# "SYSTEM", so create a symlink.
|
|
try:
|
|
os.symlink(os.path.join(input_dir, what.upper()),
|
|
os.path.join(input_dir, what))
|
|
except OSError as e:
|
|
# bogus error on my mac version?
|
|
# File "./build/tools/releasetools/img_from_target_files"
|
|
# os.path.join(OPTIONS.input_tmp, "system"))
|
|
# OSError: [Errno 17] File exists
|
|
if e.errno == errno.EEXIST:
|
|
pass
|
|
|
|
image_props = build_image.ImagePropFromGlobalDict(info_dict, what)
|
|
fstab = info_dict["fstab"]
|
|
if fstab:
|
|
image_props["fs_type"] = fstab["/" + what].fs_type
|
|
|
|
# Use a fixed timestamp (01/01/2009) when packaging the image.
|
|
# Bug: 24377993
|
|
epoch = datetime.datetime.fromtimestamp(0)
|
|
timestamp = (datetime.datetime(2009, 1, 1) - epoch).total_seconds()
|
|
image_props["timestamp"] = int(timestamp)
|
|
|
|
if what == "system":
|
|
fs_config_prefix = ""
|
|
else:
|
|
fs_config_prefix = what + "_"
|
|
|
|
fs_config = os.path.join(
|
|
input_dir, "META/" + fs_config_prefix + "filesystem_config.txt")
|
|
if not os.path.exists(fs_config):
|
|
fs_config = None
|
|
|
|
# Override values loaded from info_dict.
|
|
if fs_config:
|
|
image_props["fs_config"] = fs_config
|
|
if block_list:
|
|
image_props["block_list"] = block_list
|
|
|
|
succ = build_image.BuildImage(os.path.join(input_dir, what),
|
|
image_props, img)
|
|
assert succ, "build " + what + ".img image failed"
|
|
|
|
return img
|
|
|
|
|
|
def AddUserdata(output_zip, prefix="IMAGES/"):
|
|
"""Create a userdata image and store it in output_zip.
|
|
|
|
In most case we just create and store an empty userdata.img;
|
|
But the invoker can also request to create userdata.img with real
|
|
data from the target files, by setting "userdata_img_with_data=true"
|
|
in OPTIONS.info_dict.
|
|
"""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "userdata.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "userdata.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return
|
|
|
|
# Skip userdata.img if no size.
|
|
image_props = build_image.ImagePropFromGlobalDict(OPTIONS.info_dict, "data")
|
|
if not image_props.get("partition_size"):
|
|
return
|
|
|
|
print "creating userdata.img..."
|
|
|
|
# Use a fixed timestamp (01/01/2009) when packaging the image.
|
|
# Bug: 24377993
|
|
epoch = datetime.datetime.fromtimestamp(0)
|
|
timestamp = (datetime.datetime(2009, 1, 1) - epoch).total_seconds()
|
|
image_props["timestamp"] = int(timestamp)
|
|
|
|
# The name of the directory it is making an image out of matters to
|
|
# mkyaffs2image. So we create a temp dir, and within it we create an
|
|
# empty dir named "data", or a symlink to the DATA dir,
|
|
# and build the image from that.
|
|
temp_dir = tempfile.mkdtemp()
|
|
user_dir = os.path.join(temp_dir, "data")
|
|
empty = (OPTIONS.info_dict.get("userdata_img_with_data") != "true")
|
|
if empty:
|
|
# Create an empty dir.
|
|
os.mkdir(user_dir)
|
|
else:
|
|
# Symlink to the DATA dir.
|
|
os.symlink(os.path.join(OPTIONS.input_tmp, "DATA"),
|
|
user_dir)
|
|
|
|
img = tempfile.NamedTemporaryFile()
|
|
|
|
fstab = OPTIONS.info_dict["fstab"]
|
|
if fstab:
|
|
image_props["fs_type"] = fstab["/data"].fs_type
|
|
succ = build_image.BuildImage(user_dir, image_props, img.name)
|
|
assert succ, "build userdata.img image failed"
|
|
|
|
common.CheckSize(img.name, "userdata.img", OPTIONS.info_dict)
|
|
common.ZipWrite(output_zip, img.name, prefix + "userdata.img")
|
|
img.close()
|
|
shutil.rmtree(temp_dir)
|
|
|
|
|
|
def AddPartitionTable(output_zip, prefix="IMAGES/"):
|
|
"""Create a partition table image and store it in output_zip."""
|
|
|
|
_, img_file_name = tempfile.mkstemp()
|
|
_, bpt_file_name = tempfile.mkstemp()
|
|
|
|
# use BPTTOOL from environ, or "bpttool" if empty or not set.
|
|
bpttool = os.getenv("BPTTOOL") or "bpttool"
|
|
cmd = [bpttool, "make_table", "--output_json", bpt_file_name,
|
|
"--output_gpt", img_file_name]
|
|
input_files_str = OPTIONS.info_dict["board_bpt_input_files"]
|
|
input_files = input_files_str.split(" ")
|
|
for i in input_files:
|
|
cmd.extend(["--input", i])
|
|
disk_size = OPTIONS.info_dict.get("board_bpt_disk_size")
|
|
if disk_size:
|
|
cmd.extend(["--disk_size", disk_size])
|
|
args = OPTIONS.info_dict.get("board_bpt_make_table_args")
|
|
if args:
|
|
cmd.extend(shlex.split(args))
|
|
|
|
p = common.Run(cmd, stdout=subprocess.PIPE)
|
|
p.communicate()
|
|
assert p.returncode == 0, "bpttool make_table failed"
|
|
|
|
common.ZipWrite(output_zip, img_file_name, prefix + "partition-table.img")
|
|
common.ZipWrite(output_zip, bpt_file_name, prefix + "partition-table.bpt")
|
|
|
|
|
|
def AddCache(output_zip, prefix="IMAGES/"):
|
|
"""Create an empty cache image and store it in output_zip."""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "cache.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "cache.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return
|
|
|
|
image_props = build_image.ImagePropFromGlobalDict(OPTIONS.info_dict, "cache")
|
|
# The build system has to explicitly request for cache.img.
|
|
if "fs_type" not in image_props:
|
|
return
|
|
|
|
print "creating cache.img..."
|
|
|
|
# Use a fixed timestamp (01/01/2009) when packaging the image.
|
|
# Bug: 24377993
|
|
epoch = datetime.datetime.fromtimestamp(0)
|
|
timestamp = (datetime.datetime(2009, 1, 1) - epoch).total_seconds()
|
|
image_props["timestamp"] = int(timestamp)
|
|
|
|
# The name of the directory it is making an image out of matters to
|
|
# mkyaffs2image. So we create a temp dir, and within it we create an
|
|
# empty dir named "cache", and build the image from that.
|
|
temp_dir = tempfile.mkdtemp()
|
|
user_dir = os.path.join(temp_dir, "cache")
|
|
os.mkdir(user_dir)
|
|
img = tempfile.NamedTemporaryFile()
|
|
|
|
fstab = OPTIONS.info_dict["fstab"]
|
|
if fstab:
|
|
image_props["fs_type"] = fstab["/cache"].fs_type
|
|
succ = build_image.BuildImage(user_dir, image_props, img.name)
|
|
assert succ, "build cache.img image failed"
|
|
|
|
common.CheckSize(img.name, "cache.img", OPTIONS.info_dict)
|
|
common.ZipWrite(output_zip, img.name, prefix + "cache.img")
|
|
img.close()
|
|
os.rmdir(user_dir)
|
|
os.rmdir(temp_dir)
|
|
|
|
|
|
def AddImagesToTargetFiles(filename):
|
|
OPTIONS.input_tmp, input_zip = common.UnzipTemp(filename)
|
|
|
|
if not OPTIONS.add_missing:
|
|
for n in input_zip.namelist():
|
|
if n.startswith("IMAGES/"):
|
|
print "target_files appears to already contain images."
|
|
sys.exit(1)
|
|
|
|
try:
|
|
input_zip.getinfo("VENDOR/")
|
|
has_vendor = True
|
|
except KeyError:
|
|
has_vendor = False
|
|
|
|
OPTIONS.info_dict = common.LoadInfoDict(input_zip, OPTIONS.input_tmp)
|
|
|
|
common.ZipClose(input_zip)
|
|
output_zip = zipfile.ZipFile(filename, "a",
|
|
compression=zipfile.ZIP_DEFLATED,
|
|
allowZip64=True)
|
|
|
|
has_recovery = (OPTIONS.info_dict.get("no_recovery") != "true")
|
|
system_root_image = (OPTIONS.info_dict.get("system_root_image", None) == "true")
|
|
board_bvb_enable = (OPTIONS.info_dict.get("board_bvb_enable", None) == "true")
|
|
|
|
# Brillo Verified Boot is incompatible with certain
|
|
# configurations. Explicitly check for these.
|
|
if board_bvb_enable:
|
|
assert not has_recovery, "has_recovery incompatible with bvb"
|
|
assert not system_root_image, "system_root_image incompatible with bvb"
|
|
assert not OPTIONS.rebuild_recovery, "rebuild_recovery incompatible with bvb"
|
|
assert not has_vendor, "VENDOR images currently incompatible with bvb"
|
|
|
|
def banner(s):
|
|
print "\n\n++++ " + s + " ++++\n\n"
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", "boot.img")
|
|
boot_image = None
|
|
if os.path.exists(prebuilt_path):
|
|
banner("boot")
|
|
print "boot.img already exists in IMAGES/, no need to rebuild..."
|
|
if OPTIONS.rebuild_recovery:
|
|
boot_image = common.GetBootableImage(
|
|
"IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
|
|
else:
|
|
if board_bvb_enable:
|
|
# With Brillo Verified Boot, we need to build system.img before
|
|
# boot.img since the latter includes the dm-verity root hash and
|
|
# salt for the former.
|
|
pass
|
|
else:
|
|
banner("boot")
|
|
boot_image = common.GetBootableImage(
|
|
"IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
|
|
if boot_image:
|
|
boot_image.AddToZip(output_zip)
|
|
|
|
recovery_image = None
|
|
if has_recovery:
|
|
banner("recovery")
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", "recovery.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "recovery.img already exists in IMAGES/, no need to rebuild..."
|
|
if OPTIONS.rebuild_recovery:
|
|
recovery_image = common.GetBootableImage(
|
|
"IMAGES/recovery.img", "recovery.img", OPTIONS.input_tmp,
|
|
"RECOVERY")
|
|
else:
|
|
recovery_image = common.GetBootableImage(
|
|
"IMAGES/recovery.img", "recovery.img", OPTIONS.input_tmp, "RECOVERY")
|
|
if recovery_image:
|
|
recovery_image.AddToZip(output_zip)
|
|
|
|
banner("system")
|
|
system_img_path = AddSystem(
|
|
output_zip, recovery_img=recovery_image, boot_img=boot_image)
|
|
if OPTIONS.info_dict.get("board_bvb_enable", None) == "true":
|
|
# If we're using Brillo Verified Boot, we can now build boot.img
|
|
# given that we have system.img.
|
|
banner("boot")
|
|
boot_image = common.GetBootableImage(
|
|
"IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT",
|
|
system_img_path=system_img_path)
|
|
if boot_image:
|
|
boot_image.AddToZip(output_zip)
|
|
if has_vendor:
|
|
banner("vendor")
|
|
AddVendor(output_zip)
|
|
if not OPTIONS.is_signing:
|
|
banner("userdata")
|
|
AddUserdata(output_zip)
|
|
banner("cache")
|
|
AddCache(output_zip)
|
|
if OPTIONS.info_dict.get("board_bpt_enable", None) == "true":
|
|
banner("partition-table")
|
|
AddPartitionTable(output_zip)
|
|
|
|
# For devices using A/B update, copy over images from RADIO/ and/or
|
|
# VENDOR_IMAGES/ to IMAGES/ and make sure we have all the needed
|
|
# images ready under IMAGES/. All images should have '.img' as extension.
|
|
banner("radio")
|
|
ab_partitions = os.path.join(OPTIONS.input_tmp, "META", "ab_partitions.txt")
|
|
if os.path.exists(ab_partitions):
|
|
with open(ab_partitions, 'r') as f:
|
|
lines = f.readlines()
|
|
for line in lines:
|
|
img_name = line.strip() + ".img"
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
|
|
if os.path.exists(prebuilt_path):
|
|
print "%s already exists, no need to overwrite..." % (img_name,)
|
|
continue
|
|
|
|
img_radio_path = os.path.join(OPTIONS.input_tmp, "RADIO", img_name)
|
|
img_vendor_dir = os.path.join(
|
|
OPTIONS.input_tmp, "VENDOR_IMAGES")
|
|
if os.path.exists(img_radio_path):
|
|
common.ZipWrite(output_zip, img_radio_path,
|
|
os.path.join("IMAGES", img_name))
|
|
else:
|
|
for root, _, files in os.walk(img_vendor_dir):
|
|
if img_name in files:
|
|
common.ZipWrite(output_zip, os.path.join(root, img_name),
|
|
os.path.join("IMAGES", img_name))
|
|
break
|
|
|
|
# Zip spec says: All slashes MUST be forward slashes.
|
|
img_path = 'IMAGES/' + img_name
|
|
assert img_path in output_zip.namelist(), "cannot find " + img_name
|
|
|
|
common.ZipClose(output_zip)
|
|
|
|
def main(argv):
|
|
def option_handler(o, a):
|
|
if o in ("-a", "--add_missing"):
|
|
OPTIONS.add_missing = True
|
|
elif o in ("-r", "--rebuild_recovery",):
|
|
OPTIONS.rebuild_recovery = True
|
|
elif o == "--replace_verity_private_key":
|
|
OPTIONS.replace_verity_private_key = (True, a)
|
|
elif o == "--replace_verity_public_key":
|
|
OPTIONS.replace_verity_public_key = (True, a)
|
|
elif o == "--is_signing":
|
|
OPTIONS.is_signing = True
|
|
elif o == "--verity_signer_path":
|
|
OPTIONS.verity_signer_path = a
|
|
else:
|
|
return False
|
|
return True
|
|
|
|
args = common.ParseOptions(
|
|
argv, __doc__, extra_opts="ar",
|
|
extra_long_opts=["add_missing", "rebuild_recovery",
|
|
"replace_verity_public_key=",
|
|
"replace_verity_private_key=",
|
|
"is_signing",
|
|
"verity_signer_path="],
|
|
extra_option_handler=option_handler)
|
|
|
|
|
|
if len(args) != 1:
|
|
common.Usage(__doc__)
|
|
sys.exit(1)
|
|
|
|
AddImagesToTargetFiles(args[0])
|
|
print "done."
|
|
|
|
if __name__ == '__main__':
|
|
try:
|
|
common.CloseInheritedPipes()
|
|
main(sys.argv[1:])
|
|
except common.ExternalError as e:
|
|
print
|
|
print " ERROR: %s" % (e,)
|
|
print
|
|
sys.exit(1)
|
|
finally:
|
|
common.Cleanup()
|