Add kernel configs / version to verified_assembled_vendor_manifest.xml
so that the kernel of the incoming package can be checked against
the framework. Previously, the running kernel was used instead.
Bug: 111125947
Test: test_extract_kernel
Test: manual OTA on Pixel 3 from build:
Android P (kernel version 4.9.96)
to ToT build:
device kernel version = (manually modified) framework requirement = latest,
PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS = true
Change-Id: Id524a58e94bdb6bba348ca461c9d33614ce451a9
For dynamic partitions in retrofit devices, system partition will be
a logical partition but system_other is not. However, current
build system use the same settings (logical) for both system.img and
system_other.img, leading AVB unable to locate the footer from the end
of system_other partition.
This commit support building system_other.img with correct partition size
while building system.img as a dynamic image.
Bug: 123506156
Test: check there is "system_other_size=2952790016" in file
$OUT/obj/PACKAGING/system_other_intermediates/system_other_image_info.txt
Test: build system_other.img, then
`simg2img $OUT/system_other.img system_other.img.raw`, checks the
raw image size.
Change-Id: I748320a7770c694d06f06f4a35bfceb622849aa8
- Add hashtree_info to EmptyImage so that BlockDifference.Compute()
can accept EmptyImage() as target image, which is the case when
a partition is removed.
- BlockDifference also checks source_info_dict to determine
whether a partition is dynamic. When a partition is removed,
its name does not appear in target_info_dict.
- Add tests to ensure DynamicPartitionDifference() still works.
Test: DynamicPartitionDifferenceTest
Test: test_blockimgdiff
Change-Id: Iadb1db075f5dc344db6d5ade358c83b01231e443
This is not used by anyone and the other half of the code to compare
against it is already functionally dead, so remove this.
Test: build
Change-Id: I44ed087cb7735bbc23e30b6c310c80eb3b7b6488
Bug: 111136242
Test: When BOARD_PREBUILT_DTB_DIR is set correctly,
generated $OUT/boot.img contains the DTB image.
Change-Id: I282e31b04cc60383377b9e9b54f8fe64a8140242
Support signing system_other.img but shouldn't include it into the
top-level vbmeta.img. system_other verifiation will not be included
in /vbmeta chains and will be done separately.
Bug: 112103720
Test: avbtool info_image --image $OUT/system_other.img
Test: avbtool info_image --image $OUT/vbmeta.img, checks 'system_other' is NOT included.
Test: Checks $OUT/obj/PACKAGING/system_other_intermediates/system_other_image_info.txt
See the following:
avb_system_other_hashtree_enable=true
avb_system_other_add_hashtree_footer_args=--rollback_index 1551744000
avb_system_other_key_path=external/avb/test/data/testkey_rsa4096.pem
avb_system_other_algorithm=SHA256_RSA4096
Change-Id: Ia152aaab1387dcf556a42222adb39ea76881263a
This commit introduces a prebuilt ELF binaries checker. The checker
will check:
1. Whether all DT_NEEDED shared libraries are specified in
`shared_libs` (Android.bp) or `LOCAL_SHARED_LIBRARIES` (Android.mk).
2. Whether all undefined symbols in the prebuilt binary can be resolved
to defined symbols exported by its dependencies.
This ensures that prebuilt binaries won't silently become ABI
incompatible.
To check the prebuilt binaries, all of the dependencies must be
specified in `shared_libs` (Android.bp) or `LOCAL_SHARED_LIBRARIES`
(Android.mk).
If your prebuilt binaries cannot be checked for some reason, you may add
the following property to Android.bp:
check_elf_files: false,
Or, add the following setting to Android.mk:
LOCAL_CHECK_ELF_FILES := false
Bug: 119084334
Test: CHECK_ELF_FILES=true make check-elf-files
Change-Id: I523d3083f22fd4053c096d26f61f8375800281c8
- When removing a partition, BlockDifference() object
will have tgt=EmptyImage(). Fix the asserts accordingly.
Also, BlockDifference object now allow tgt=None case.
- When adding a partition, BlockDifference() object
will have src=None. Fix the asserts accordingly.
Also, add unit tests to DynamicPartitionsDifference.
Test: create incremental OTA
Test: test_common.DynamicPartitionsDifferenceTest
Bug: 111801737
Change-Id: I3a35378ecf93111b8f44545cff6ae9696b6b4851
We cannot simultaneously stash more blocks than the size limit imposed by
the cache size. As a result, some 'diff' commands will be inevitably
converted to new. We used to do this conversion blindly when iterating
through the transfer list. This leads to an unintended large package.
In order to choose the right transfers to convert, we calculate the size
of the compressed data, and build a heuristic about the package size
increase to remove each stash blocks. After the process, the given
package size for the watch device further reduces from 186M->155M.
In some rare cases, the removed stashed blocks don't directly contribute
to the maximum simultaneously stashed size. For example,
stash A: 10 blocks
stash B: 5 blocks
free B: 5 blocks <-- stash B has been freed before we reach max stashed blocks
stash C: 10 blocks
Converting these blocks lead to an uncertain result. On one hand, patches
are generally smaller than the new data; while on the other hand, the
regenerated graph may have fewer order violation and thus give some size
reduction. But these cases are rare and it seems an overkill to consider all
possible scenarios here.
Bug: 120561199
Test: build non-A/B incrementals and check the size
(p.s. it can be tested on all target files with customed cache threshold)
Change-Id: I599420a91b80f1a1d83d22ee1b336b699050cfb4
To address problems creating real tiny filesystem placeholders,
make sure extra spare inodes margin is greater than 0.
For initial estimate we add 4% of total we request at least 8.
For second pass estimate we add 0.2% of total we request at least 1.
We bumped up the margin for zie on the second pass to 0.3% as the
value was too close on one of the builds.
Test: build
Bug: 122328872
Change-Id: I41707bb6fcc8bbfbdda143a9ce62446cad9c1533
Test: sideload full OTA on cuttlefish
Test: sideload incremental OTA on cuttlefish (that grows
system, shrinks vendor, and move vendor to group foo)
Bug: 111801737
Change-Id: Ie8a267a90b4df9e9e0a2fbcc1b582ab2e353df52
We used to create the intermediate output file as a tempfile, when
adding images to a given zip file. This CL changes OutputFile to write
intermediate files under the given input dir (i.e. OPTIONS.input_tmp
that holds the unzipped files), if the final destination is a zip
archive. This allows image building codes finding the generated images
at consistent locations. The intermediate files will be cleaned up as
part of OPTIONS.input_tmp.
Bug: 122608028
Test: `m dist`
Test: Delete OTA/super*.img from a target_files.zip. Run
`add_img_to_target_files.py -a` that re-generates split super
images.
Change-Id: I97903a59fcc0ca5e43bb9b07c3a0b25e9baa92f9
Bug: 122608028
Test: Run sign_target_files_apks.py on a target-files zip that has split
super images (e.g. OTA/super_system.img).
Change-Id: Iaf7263790961a897ea3f339f5af6b18cf253b946
Allow right-size to support images that are not sparse.
This is in support of cuttlefish.
Test: build
Bug: 122328872
Change-Id: Ic8ef968e750203dffde7044bc6dfc71c1e283158
To address flakiness in image creation, add a .2% margin of safety
for both inodes and space for ext filesystems.
Test: build
Bug: 122328872
Change-Id: I6665bd6fe642291b825dba58dfd09cc55628230f
inode-size will jump around based on filesystem size, however
readonly Android system partitions have a specific pattern of
xattr associated with sepolicy and 256 is the most efficient at
absorbing the content.
Test: manual
Bug: 122328872
Change-Id: I06dd6a503067ab6477293b386d56a89dd86b0e83
We used to build retrofit full OTA package as long as
PRODUCT_RETROFIT_DYNAMIC_PARTITIONS is true. This doesn't work with AOSP
targets that have the flag set but without any available vendor image.
This CL detects such a condition and uses a separate flag to guard the
retrofit OTA building as well as the split super images generation.
Bug: 120852744
Test: `m -j dist` on blueline (w/ vendor images) and aosp_blueline (w/o
vendor images).
Change-Id: I65726f24f8fc546be6802941a6a06590a3804c16
soong_ui is passing the Android.mk file list to Kati, and it ignores
Android.mk files found via symlinks, so we don't need the workarounds
for build/make/target/board/Android.mk and build/target/board/Android.mk
both existing.
We've got dist support in Soong now, so we can remove the signapk
Android.mk
Bug: 122332221
Test: m dist out/dist/signapk.jar out/dist/libconscrypt_openjdk_jni.so
Change-Id: I2ac9016b04146340c5ac80f7090d00e186023574
These replace $USER and `hostname`, which will soon become stable values
due to sandboxing the build on Linux.
Bug: 122270019
Test: check build.prop
Change-Id: I7493e45a2a2defbdba5d82596cb91d68480f0187
This is just a hash of the current.txt and system-current.txt right now,
though it may expand to include other API surfaces in the future.
Once prebuilts/sdk/current is populated with api_fingerprint.txt files,
we can use those for unbundled builds, but until then, just use the
PLATFORM_PREVIEW_SDK_VERSION as a placeholder.
MD5 was just the most convenient, since we don't have a sha tool that we
can use on Mac currently. I'm hoping we can get a toybox-based tool in
the future that standardizes that, but we aren't currently using sha*sum
from toybox on Linux, much less on Darwin yet.
Test: m dist out/dist/api_fingerprint.txt
Test: m out/target/product/.../system/build.prop
Change-Id: If69f270560d05135cb81a9bb2d1b208ea78f86df
Package size will be unintended large if we stash more blocks than the
stash limit specified by the cache size. To reduce the maximum size of
simultaneous stashed blocks, we will inevitably convert some 'diff'
commands to 'new' commands.
To mitigate the impact, we add a new function to smartly select the
transfers to convert based on their patch size and compressed size.
This cl converts the transfers that have a larger patch size than the
compressed target sizes. And there's a slightly improvement in the
final package size: from 194M -> 185M.
Bug: 120561199
Test: build a non-A/B incremental package, run simulator
Change-Id: Id73ff736ba4e6901d245ad5549d42310d0740284
The current increase of 4 % is insufficient for some
targets.
Test: mmm
Bug: 119115481
Change-Id: Idcba8025b913da9b70794bfc7464d15b4d99ad34
(cherry picked from commit 3e02e34090)
This prints the uid map in a very simple format, with
AID_CONSTANT<space>uid
on each line. This is super easy for other tools to
parse, and generate their own mappings, without requiring
edits to fs_config_generator.py itself.
Test: make, treehugger
Change-Id: I10e24ac29d440a24d43580880343d122ae1cdf02
We will call it at an earlier time to compute the patch size; and
choose the transfers to convert to 'new'.
Bug: 120561199
Test: Generate an incremental update on shiner
Change-Id: I29a0c8e75c9e5b66a266c1387186692a86fcbe43
The code to manage citing empty <partition>/etc/fs_config_{files|dirs}
content by specifically setting the file(s) to access mode 00000 is
bitrotted and ill-suited for multiple partitions and was written for
a more paranoid time when DAC and MAC rules were not nearly as mature.
Striking out the complications as it affected deterministic results.
Test: compile and boot
Bug: 119310326
Change-Id: Iec02e0c1194eaa799ab95adff4ff0951a24652a4
* The include directive is ignored for now here.
Bug: 112259977
Test: ./checkowners.py -v -c OWNERS
Change-Id: I671f3643ea88e50aea0957db59c36f10bff3b92d
For some internal branches, vendor.img isn't built, so there
is no need to build super image / super split images there.
Test: remove vendor.img and VENDOR/ from target_files_intermediates, then
run add_img_to_target_files
Fixes: 120634805
Change-Id: I2834a27ce232538f203733c204dd257279c789fc
Mechanical extension of mount directories to also support product/
and product_services/ as individually supplied images.
NB: In the distant past, a prototype placing the make rules into a
macro was rejected as too difficult to maintain within the macro
rules, so rules are rolled-out to make them easy to understand.
Test: compile
Bug: 119310326
Change-Id: Ief137cbe62db7175ee02275804ff1d644858dc3d
Yifan Hong