Bug: 123716522
Test: Run sign_target_files_apks.py to sign a target_files with APEXes.
Test: Run check_target_files_signatures.py on signed artifact.
Test: python -m unittest test_sign_target_files_apks
Change-Id: I3fa13e3d9461cf5e0838e0572d436e218164fe41
Only the container certs will be checked and reported. For the payload
within an APEX, we can't easily extract the cert info.
It needs to go along a longer path, if ever needed, by:
- extracting public keys from all the available certs;
- using each of them to verify against an APEX payload to find a match
(`avbtool verify_image --image payload --key public_key`).
Bug: 123716522
Test: Run check_target_files_signatures.py on target_files with APEXes.
Change-Id: I2ef318e05433d2d65ab84e2dff9e01fb6ee3373d
Other modules have switched to logging module. sign_target_files_apks.py
needs to init the logger to get the logs.
Test: Run `sign_target_files_apks.py -v`. Check outputs.
Test: Run `check_target_files_signatures.py -v`.
Change-Id: Ic68c019f6fb14840561885f1194ad6efdfdb7d82
Bug: 124467065
Test: Running `python merge_target_files.py` using the three new flags
and observing that their contents are passed to the merge_target_files() function.
Change-Id: I4de46f041f5ae8bc8be2730313ce873a952bf78e
sign_target_files_apks script looks for the signapk.jar inside the out dir.
If the our dir is set to a different directory via OUT_DIR_COMMON_BASE the script does not work properly.
From now script checks if the OUT_DIR_COMMON_BASE is set, then searches the jar in the proper path.
If OUT_DIR_COMMON_BASE is unset, searches in "out" like it did before.
Test: Build with OUT_DIR_COMMON_BASE set and unset and verify that sign_target_files_apks works in both cases
Change-Id: I9218b98ff79526184f8353705640193405afac9e
For retrofit updates:
ab_partitions -= dynamic_partition_list
ab_partitions += super_block_devices
For example,
if super_block_devices == ["system", "vendor", "odm"] and
dynamic_partition_list == ["system", "vendor", "product"],
product partition needs to be removed from ab_partitions.txt
otherwise brillo_update_payload will generate a payload with
product partition in it.
Test: retrofit update that adds a partition
Fixes: 127425410
Change-Id: Id79a410cee3c611ac50d27f14282916aea34f938
This change adds another utility function to common.py: UnzipToDir, which is
generally useful. Refactor merge_target_files.py to use it, and also refactor
other uses in common.py to use it.
Test: ota_from_target_files.py, validate_target_files.py, test_common.py
Bug: 124464492
Change-Id: Ia571070bceb7d3c8002304836bdf688485bf0dd9
Then refactor the code in merge_target_files.py to adapt to this semantic
change. This makes the code more consistent with existing releasetools code,
and it's easier to follow.
Test: Failure cases (verify exception), success cases (merged target generated)
Bug: 124521133
Change-Id: I56f04e360d8ff8ffcd6245359cdeb79f4565a9c4
The merge_target_files.py script needs fc_sort and sefcontext_compile, so
include these tools into otatools.zip via core/Makefile.
Modify tools/releasetools/merge_target_files.py to use the otatools common argv
processing to take advantage of the '--path' option so that we add point the
'--path' option to an extracted otatools.zip package to gain access to fc_sort,
sefcontext_compile, and soong_zip (previously included in otatools.zip).
Bug: 123600124
Test: extract otatools.zip, use --path option to point to it, verify result
Change-Id: I7d84525981b8741c6bdbcac9984256920fc7f417
The validate_target_files.py checks the 'incomplete' field of the range
in file_map. And range has already considered the shared blocks and
could be smaller in size than the original file range. Therefore, the
'incomplete' flag was set on the original range in common.py; and we
should switch to use the original range also during validation.
I also checked another flag usage in CanUseImgdiff(), and it has
explicitly rejected cases of shared blocks.
Bug: 124868891
Test: unit tests pass
Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
Add a flag to write a copy of the metadata to a separate file. Therefore,
users can read the post build fingerprint without extracting the OTA package.
Bug: 124783265
Test: Check the dumped metadata file after generate A/B and non-A/B OTA.
Change-Id: I8918aec87bb81906ef0a7eee774178e9f689d91d
This serves as a workaround to skip the compatibility check for devices
with incompatible kernels.
Bug: 114240221
Test: generate and check the OTA package for wear device
Change-Id: I65b523a66648af7a77fc3ea79176764fe8ae8d02
This script takes as input two partial target files (one contains system bits,
and the other contains non-system, or other, bits). The script merges the
contents of the two partial target files packages to produce a complete target
files package.
Bug: 123430711
Test: Build two partial target files, merge, compare with full target files.
Test: Validate merged target files via validate_target_files.py.
Change-Id: Ic24acf43b86fc703fb4c970688b006291a1861f8
We want to remove target specific host tools and since
fs_config_generate is compiled with a target specific header file, we
instead remove fs_config_generate entirely and allow python to build
the fs_config_files/dirs files directly from config.fs files and
parsed C headers.
Test: associated unit tests and new end to end test
Test: aosp_sailfish, aosp_crosshatch build produces valid fs_config files
Test: aosp_cf_x86_phone build correctly produces empty fs_config files
Change-Id: Idbc63ff56c0979e1e4c17721371de9d9d02dc8ff
This was deprecated along with TARGET_ANDROID_FILESYSTEM_CONFIG_H so
warn if it still exists.
Test: successful error if it exists, no error if it does not
Change-Id: I7dde3c88aaf7ecec23ffe018cbe8b42ebadb2bf8
tools/releasetools/add_img_to_target_files.py: This patch excludes the
inclusion of the system path into the target files if it does not exist (which
it will not if we are not building the system image).
Bug: 123430711
Test: Disable building system image, verify that target files builds without system.
Change-Id: Iaf964ede2b1df5ea4e004b572fd91187a366e75e
This commit extracts the AVB key used to sign system_other.img into
system.img, for init to verify system_other's AVB metadata.
The extracted key will locate in:
/system/etc/security/avb/system_other.avbpubkey
Bug: 123611926
Test: build and checks the following is generated
$OUT/system/etc/security/avb/system_other.avbpubkey
Change-Id: Icdc703ff5a0d50f8140bb652507b9b4cbc8a2118
This change allows ro.product.[brand|device|manufacturer|model|name] and
ro.build.fingerprint to be derived at boot time (and in the OTA
generation scripts) from partition-specific properties.
Test: booted system image, verified properties
Test: booted recovery image, verified properties
Test: unpacked OTA package, verified build fingerprint
Bug: 120123525
Change-Id: Iadd230a0577f35c7c37b0f911e91a5c2863ed1fe
TARGET_FS_CONFIG_GEN has existed as the preferred mechanism for two
releases, so we finally deprecate TARGET_ANDROID_FILESYSTEM_CONFIG_H.
Test: build
Change-Id: I299a4d1d1d893ac16d6e6ce2ec4659bfcdc19095
Add kernel configs / version to verified_assembled_vendor_manifest.xml
so that the kernel of the incoming package can be checked against
the framework. Previously, the running kernel was used instead.
Bug: 111125947
Test: test_extract_kernel
Test: manual OTA on Pixel 3 from build:
Android P (kernel version 4.9.96)
to ToT build:
device kernel version = (manually modified) framework requirement = latest,
PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS = true
Change-Id: Id524a58e94bdb6bba348ca461c9d33614ce451a9
For dynamic partitions in retrofit devices, system partition will be
a logical partition but system_other is not. However, current
build system use the same settings (logical) for both system.img and
system_other.img, leading AVB unable to locate the footer from the end
of system_other partition.
This commit support building system_other.img with correct partition size
while building system.img as a dynamic image.
Bug: 123506156
Test: check there is "system_other_size=2952790016" in file
$OUT/obj/PACKAGING/system_other_intermediates/system_other_image_info.txt
Test: build system_other.img, then
`simg2img $OUT/system_other.img system_other.img.raw`, checks the
raw image size.
Change-Id: I748320a7770c694d06f06f4a35bfceb622849aa8
- Add hashtree_info to EmptyImage so that BlockDifference.Compute()
can accept EmptyImage() as target image, which is the case when
a partition is removed.
- BlockDifference also checks source_info_dict to determine
whether a partition is dynamic. When a partition is removed,
its name does not appear in target_info_dict.
- Add tests to ensure DynamicPartitionDifference() still works.
Test: DynamicPartitionDifferenceTest
Test: test_blockimgdiff
Change-Id: Iadb1db075f5dc344db6d5ade358c83b01231e443
This is not used by anyone and the other half of the code to compare
against it is already functionally dead, so remove this.
Test: build
Change-Id: I44ed087cb7735bbc23e30b6c310c80eb3b7b6488
Bug: 111136242
Test: When BOARD_PREBUILT_DTB_DIR is set correctly,
generated $OUT/boot.img contains the DTB image.
Change-Id: I282e31b04cc60383377b9e9b54f8fe64a8140242
Support signing system_other.img but shouldn't include it into the
top-level vbmeta.img. system_other verifiation will not be included
in /vbmeta chains and will be done separately.
Bug: 112103720
Test: avbtool info_image --image $OUT/system_other.img
Test: avbtool info_image --image $OUT/vbmeta.img, checks 'system_other' is NOT included.
Test: Checks $OUT/obj/PACKAGING/system_other_intermediates/system_other_image_info.txt
See the following:
avb_system_other_hashtree_enable=true
avb_system_other_add_hashtree_footer_args=--rollback_index 1551744000
avb_system_other_key_path=external/avb/test/data/testkey_rsa4096.pem
avb_system_other_algorithm=SHA256_RSA4096
Change-Id: Ia152aaab1387dcf556a42222adb39ea76881263a
This commit introduces a prebuilt ELF binaries checker. The checker
will check:
1. Whether all DT_NEEDED shared libraries are specified in
`shared_libs` (Android.bp) or `LOCAL_SHARED_LIBRARIES` (Android.mk).
2. Whether all undefined symbols in the prebuilt binary can be resolved
to defined symbols exported by its dependencies.
This ensures that prebuilt binaries won't silently become ABI
incompatible.
To check the prebuilt binaries, all of the dependencies must be
specified in `shared_libs` (Android.bp) or `LOCAL_SHARED_LIBRARIES`
(Android.mk).
If your prebuilt binaries cannot be checked for some reason, you may add
the following property to Android.bp:
check_elf_files: false,
Or, add the following setting to Android.mk:
LOCAL_CHECK_ELF_FILES := false
Bug: 119084334
Test: CHECK_ELF_FILES=true make check-elf-files
Change-Id: I523d3083f22fd4053c096d26f61f8375800281c8
- When removing a partition, BlockDifference() object
will have tgt=EmptyImage(). Fix the asserts accordingly.
Also, BlockDifference object now allow tgt=None case.
- When adding a partition, BlockDifference() object
will have src=None. Fix the asserts accordingly.
Also, add unit tests to DynamicPartitionsDifference.
Test: create incremental OTA
Test: test_common.DynamicPartitionsDifferenceTest
Bug: 111801737
Change-Id: I3a35378ecf93111b8f44545cff6ae9696b6b4851
Tao Bao