For VAB launched device, factory OTA will write system_other
partition to the super image. So we want to check that
sum(dynamic partitions) + system_other + overhead <= super at
build time.
Since we don't know the overhead at build time, we might instead
check sum(all partitions) < super.
Bug: 185809374
Test: m check-all-partition-sizes, unittests
Change-Id: Ia7ba5999d23924a1927e9a9463856a4d0ea90c20
Merged-In: Ia7ba5999d23924a1927e9a9463856a4d0ea90c20
(cherry-picked from commit 294ec7d9e5298d91768e0f2e9abe4cc7de180fe1)
Change-Id: I479d1b399a1639b595ae5d7f1481c771a3439e51
This option is to reduce system partition size.
Bug: 171942852
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Idc849cfce33ac0badb2b9b7953bb821c46a24472
Devices using GKI architecture will use a prebuilt boot.img.
However, we should still sign this prebuilt boot.img with
device-specific AVB keys.
Steps to test the CL.
1. In a device BoardConfig.mk:
# Uses a prebuilt boot.img
TARGET_NO_KERNEL := true
BOARD_PREBUILT_BOOTIMAGE := device/google/redbull/boot.img
# Enable chained vbmeta for the boot image.
# The following can be absent, where the hash descriptor of the
# 'boot' partition will be stored then signed in vbmeta.img instead.
BOARD_AVB_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_BOOT_ALGORITHM := SHA256_RSA4096
BOARD_AVB_BOOT_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION := 2
2. `make bootimage`, then `avbtool info_image --image $OUT/boot.img`,
checks the image is re-signed with a device-specific key
3. `make dist` to generate out/dist/TF.zip
4. `unzip out/dist/TF.zip IMAGES/boot.img`
5. `avbtool info_image --image out/dist/IMAGES/boot.img`,
checks the image is re-signed with a device-specific key
6. `sign_target_files_apks \
--avb_boot_key=external/avb/test/data/testkey_rsa8192.pem \
--avb_boot_algorithm=SHA256_RSA8192 \
--avb_boot_extra_args="--prop test:sign" \
./out/dist/*-target_files-eng.*.zip signed.zip`, resign the TF.zip
7. `unzip signed.zip IMAGES/boot.img`, then use `avbtool info_image` to
check the boot.img is re-signed with the --avb_boot_key in step 6.
Bug: 188485657
Test: above steps
Change-Id: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
Merged-In: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
(cherry picked from commit cf9ead8972dd2b7c90772b6a1fd26bd4311a7c74)
Test: th
Test: Manual OTA test on bramble, pause/resume multiple times
Test: verity enabled, VABC enabled OTA
Test: verity enabled, VABC disabled OTA
Test: verity disabled, VABC enabled OTA
Test: verity disabled, VABC disabled OTA
Change-Id: Ia236984b158761f84f54ab7a6d3d49491c249546
If the build prop ro.build.id isn't set at build time, init will
set it at runtime. The logic is appending the vbmeta digest to
the ro.build.legacy.id.
Make the same change in ota scripts, so the correct build fingerprint
will be saved in the ota metadata.
Bug: 186786987
Test: generate an OTA, check the metadata
Change-Id: I278f59c41c1f98d4cbea749e5d9e4eaf7a6b9565
Commit I8bd8ad3acf324931b47d45fd30bc590206b1927e adds a default
value of "gki_signing_signature_args" in the misc_info.txt for
release signing to work. However, it's better to replace the default
value entirely (e.g., --prop foo:bar) as there is no need to include
them in the final release-signed image.
Bug: 178559811
Bug: 177862434
Test: atest releasetools_test
Test: atest releasetools_py3_test
Change-Id: I060b5a7076ff3e5d883abeb7d72f3db887c9fd69
Background in http://go/compatible-build-fingerprint. If we want
to append unique vbmeta digest to build id, we cannot setup the
prop value at build time. Instead, set the old value as
ro.build.legacy.id; and let init set ro.build.id at runtime.
Bug: 186786987
Test: build a target file with the flag on
Change-Id: Ie139725bb7e5c65bd3f28f43b9975ba48ee10354
Calculate the vbmeta digest if the device builds vbmeta image. The
digest will used later to determine the build fingerprint in new
format.
One sample usage is the ota package generation, where we put the
build fingerprint in the ota metadata. But we don't have the runtime
vbmeta digest provided the bootloader.
Bug: 186786987
Test: unit tests
Change-Id: If572e2b973e295a6c95a9e23a65bb20b3afbf1b0
Downgrade VABC OTA causes users to wait in recovery for merge to
complete, disable by default.
Test: th
Test: generate downgrade OTA, make sure VABC disabled
Test: generate upgrade OTA with --wipe_user_data, make sure VABC
disabled
Test: generate upgrade OTA, make sure VABC is used
Test: generate downgrade OTA with --vabc_downgrade, make sure VABC is
enabled
Bug: 187215486
Change-Id: Ib7e6165252d47f1ecaac4fc2329b580274c8d70e
* add .pylintrc to use 2 space indentation
* rename single-letter local variables
Test: ./warn.py build.log > warnings.html
Change-Id: I2ca56a6cb130a9d6c73328c5592ad7cde8a974ab
If source supports VABC, delta_generator/update_engine will attempt to
use VABC. This dangerous, as the target build won't have snapuserd to
serve I/O request when device boots. Therefore, disable VABC if source
build doesn't supports it.
Test: downgrade from VABC enabled build to a build w/o VABC
Change-Id: Ie8353e00f65354c2242ee5255b6652c6b62483a4
If dynamic partitioning is enabled and the partition size is not set,
we will get a KeyError before image_size or partition_size is calculated
when we try to catch exception in BuildImageMkfs.
Bug: 186704243
Test: build_image.py can correctly throw exception
Change-Id: I3d8c143ad5603d07fe94afb8bb911ead244f0bf7
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
* Add missing function doc strings.
Suppress this warning on trivial functions in *_warn_patterns.py.
* Remove unused g-importing-memeber, g-complex-comprehension.
* Suppress pylint warning on unrecognized g-* options.
* Suppress too-few-public-methods warnings on simple classes.
* Suppress too-many-arguments and missing-function-docstring in
html_writer.py, which will be refactored later.
* Fix bad naming, long lines and line breaks, and bad quotes.
Test: compare output for build.log
Change-Id: Icdb34f014a10ec1e642c2cfe8003fc3ae245b507
Use common function LoadDictionaryFromFile(), instead
of LoadDictionaryFromLines(). Makes these codes conciser.
Change-Id: Ibb6f19744246b3415bcd639bc59dbb2aede725d9
Signed-off-by: jiajia tang <tangjiajia@xiaomi.com>
We already added support on device to write verity. Flipping a flag in
ota generation tools to enable verity.
Test: th && running OTA repeatedly on bramble
Change-Id: Id1639f644eb8c23f97e171264702a7872f41411a
This patch is intended to make build log is more
accurate if input_file is not exists, then check if
it is a zipfile.
Change-Id: I30da0141ea44fc3ce0947f868a86a15a054a4346
Signed-off-by: jiajia tang <tangjiajia@xiaomi.com>
Uses apex_utils.GetApexInfoFromTargetFiles to find and parse APEX files
in the target files partition dirs. Raises an error on failure to parse
or duplicate package names.
Bug: 177225446
Test: releasetools_test
Test: Create a merged build that provides the VNDK APEX on both vendor
and system. Observe failure.
Change-Id: I1356e263b7b32d6063129e079f3ba7ab4ff132a7
As we don't fix the grf window, we may not calculate the grf
expiration date and the required api level.
The verification of this will be covered by the tests at run time.
Bug: 176950752
Test: atest --host post_process_props_unittest
Change-Id: I1205f0d9a9da5bc508a49acbcbb7da581800bf45
Some OEMs, namely OnePlus don't use AOSP compliant build description.
Making sure that the last piece ends with -keys is more than enough.
Change-Id: Iefa3c408a3fdda0b63db257befb8ba2d36793293
RamdiskFormat class is introduced by commit : f3f842b676
But it seems _MakeRamdisk() related codes are also needed, then
both of the code style are same.
This patch takes below 2 changes:
1) adds new commom function _GetRamdiskFormat()
2) unfiy the code logic of _MakeRamdisk() and its related code logic.
Change-Id: Ibd4932a6050fbac15fcd741c70dd7854c12e887d
Signed-off-by: jiajia tang <tangjiajia@xiaomi.com>
GRF devices must define the API level of which the SoC is first
shipped by setting BOARD_SHIPPING_API_LEVEL. As this is a permanent
value, vendors may not change this value even if they implement new
features under the GRF policy.
BOARD_API_LEVEL can be optionally defined in this case to manually
set the api level of the vendor implementation.
The current api level will be set to `ro.board.api_level` property.
Bug: 176950752
Test: atest --host post_process_props_unittest
Change-Id: Ib126c1a622ded9848650f3f60c0f15005867272d
Tianjie Xu