26f00cda4b introduced a bug where an
APK entry's extra field is padded for alignment purposes when no
padding is necessary because the entry is aligned without any padding
bytes.
Bug: 27461702
Change-Id: Icb164dbaa26d9686412e2920318a9f40c5ce9751
This patch uses subprocess.communicate instead of subprocess.wait to
prevent deadlock if any of the child processes outputs too much data,
and redirects the subprocess output to stdout when running in verbose
mode.
With this patch `ota_from_target_files -v` prints the delta_generator
output in stdout, and no output if '-v' is not passed.
Bug: None
TEST=ota_from_target_files -v ...
Change-Id: Id66e4f3360a6f91d61a3ce96d53afbccdaa19da5
This adds the ApkVerifier class which verifies APKs using APK
Signature Scheme v2 only. In a follow-up commit this class will be
extended to verify APKs using JAR signature scheme when necessary.
The APK verifier is designed to not just verify an APK, but also
report errors, warnings, and information about signers in a structured
way, to enable tools to surface this information to users in various
ways.
Bug: 27461702
Change-Id: I10c6ba436021d86b6dbf6d3cf44494652adacb66
This modifies JAR signing code to produce DSA signatures which are
accepted by all Android platforms rather than only API Level 9 and
higher.
The issue is that by default Bouncy Castle uses OID 1.2.840.10040.4.3
(dsaWithSha1) in PKCS #7 CMS SignerInfo whereas Android accepts that
only since API Level 9. However, OID 1.2.840.10040.4.1 (dsa) is
accepted by all Android platforms.
Bug: 27461702
Change-Id: I24256a255bcdc2108bdb447557af7568a2c096e3
In preparation for including them in prebuilts/build-tools.
acp: We use a prebuilt in prebuilts/sdk, but it's not part of the sdk.
ijar: We use the host libstdc++ to workaround the lack of libc++ on
some unbundled branches.
ziptime: We disable this on unbundled builds, due to the lack of libc++.
Change-Id: Ib9766b1dbddd151c38ff27c529865200ab37fce1
This adds getByteBuffer and copyTo methods to the DataSource
abstraction. These methods enable the client to avoid unnecessary
copying of the data source's data.
Bug: 27461702
Change-Id: If4e9f902ea75c1ca5c7be0e20c0e7218faf9c504
findleaves.py needs to be able to search multiple directories for
multiple filenames (Android.bp and Android.mk). Add support for a new
--dir= option to specify one or more directories to search, and then
treat any remaining options as filenames. If no directories are
specified, fall back to treating only the last option as a filename and
the rest as directories.
Change-Id: Ie879facd49192c6b4fafae070ad00eb21b1faa32
This switches signapk's APK signing from its own signing logic to that
offered by apksigner-core library. OTA update package signing logic
remains inside signapk codebase.
Bug: 27461702
Change-Id: Ibf8435c555fe3f2b621d5189e7ae44f79082c810
1. This adds way to obtain a DataSource which represents a region of
data contained in the DataSource.
2. This fixes a design bug in "feed" method where the size parameter
was an int instead of long.
3. This fixes a bug in ByteBufferDataSource where its mSize field was
a long instead of an int (ByteBuffer's length cannot be more than
2^31).
Bug: 27461702
Change-Id: Ib0812784beb581f19d2412e667b8bd018f0a3c78
Data of uncompressed APK entries is often aligned to a multiple of 4
or 4096 in the APK to make it easier to mmap the data. Unfortunately,
the current method for achieving alignment suffers from two issues:
(1) the way it uses the Local File Header extra field is not compliant
with ZIP format (for example, this prevents older versions of Python's
zipfile from reading APKs: https://bugs.python.org/issue14315), and
(2) it does not store information about the alignment multiple in the
APK, making it harder/impossible to preserve the intended alignment
when rearranging entries in the APK.
This change solves these issues by switching to a different method for
aligning data of uncompressed APK entries. Same as before, alignment
is achieved using Local File Header entry field. What's different is
that alignment is achieved by placing a well-formed extensible data
field/block into the extra field. The new field/block contains the
alignment multiple (e.g., 4 or 4096) as well as the necessary padding
(if any). Compared to the original alignment method, the new method
uses 6 more bytes for each uncompressed entry.
Bug: 27461702
Change-Id: I8cffbecc50bf634b28fca5bc39eb23f671961cf9
This moves the creation of potentially expensive objects from the
thread which creates JAR entry inspection requests, to the thread
which fulfills these requests, increasig concurrency opportunities.
Bug: 27461702
Change-Id: If753b2de7fb04ee5e2e4bbcb27d42269d7fa5def
Use summary information from annotation within Error Prone to auto-generate
the warnings list.
Bug: 28681096
Change-Id: Ib3a5f734bd229726fcd7332eaa9e0e1bd1200c25
This removes the logic for JAR signing from -w (whole-file signing)
mode. This mode is designed specifically for OTA update packages. When
such packages are verified, their JAR signatures are ignored. Thus,
there is no need to JAR-sign in -w mode.
For context, OTA update packages are protected by a special signature
residing in the ZIP End of Central Directory record (at the very end
of the file). This is the signature verified when update packages are
being applied to Android.
Change-Id: Ia852a11ed6774ce746087cdd7f028b191ef6bc8b
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
The target zip will include images in BRILLO_VENDOR_PARTITIONS if
defined, under VENDOR_IMAGES/ with path kept. Also any vendor partitions
defined in AB_OTA_PARTITIONS will be copied to IMAGES/ in the target zip.
BUG: 28623063
Change-Id: Ic479048dfb8ac506acf827865e784fcb0432a1d5
Add argument parsing using the argparse library.
Make HTML easier to read by adding a \n after each table row.
Change-Id: I6b745fc60afb96fb51e5f69df7d607b5fb8da0e5
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
BUG: 28623063
Change-Id: I6e0969c31c9ad2e8285c6f560825c160aa8c4d55
This adds the ApkSignerEngine abstraction to the apksigner-core
library. This abstraction enables the separation of
parsing/building/writing of an APK from signing the APK.
Users of ApkSignerEngine invoke it during specific I/O events (e.g.,
JAR entry encountered in input APK, all output JAR entries ready).
The engine responds by occasionally providing instructions about what
to do next. For example, it may provide JAR entries to be added to
the output APK, thus making the output APK signed.
The default implementation of ApkSignerEngine will be provided in a
follow-up commit.
Bug: 26516150
Bug: 27461702
Change-Id: Ia85fd09497a6e2ff3103ba10c53a1848ba731f7b
apksigner-code library will offer a high-level primitive (future
commit) for signing APKs. This is meant to be used by
build/tools/signapk and Android Studio's APK builder/signer.
This commit adds a lower-level APK Signature Scheme v2 (aka v2
signing) code which will be used by the future APK signing abstraction
exposed by this library.
All classes (except DataSource and DataSources) added by this commit
are internal (i.e., implementation details of this library). Clients
of this library should not be using these classes.
Bug: 26516150
Change-Id: I98d4da0666cf122667c67565108ea4fb28ac51e6
apksigner-code library will offer a high-level primitive (future
commit) for signing APKs. This is meant to be used by
build/tools/signapk and Android Studio's APK builder/signer.
This commit adds a lower-level JAR signing (aka v1 signing) code which
will be used by the future APK signing abstraction exposed by this
library.
All classes added by this commit are internal (i.e., implementation
details of this library). Clients of this library should not be using
these classes.
Bug: 26516150
Change-Id: I5cecd435e63aab206d63868be5e0d0e289e7c423
Turns out APK signatures using SHA-256 with ECDSA are accepted only by
platforms with API Level 21 and higher, not 18 and higher.
Bug: 28296599
Change-Id: I3fab5be17bf3a9bdbf4d84d90d51448027c7e761
Alex Klyubin