When calling 'openssl x509 -pubkey' to extract the public key from a
certificate, openssl 1.0 and 1.1 handle the '-out' parameter
differently. openssl 1.0 doesn't write the output into the specified
filename, which leads to the payload verification failure in
check_ota_package_signature.VerifyAbOtaPayload(). This CL addresses
the issue by always collecting the output from stdout instead.
It also refactors the two copies into common.ExtractPublicKey(), and
adds unittest. get_testdata_dir() is moved into test_utils.py that holds
common utils for running the unittests.
Bug: 72884343
Test: python -m unittest test_common
Test: python -m unittest test_ota_from_target_files
Test: Run sign_target_files_apks with '--replace_ota_keys' on marlin
target_files zip. Check the payload pubkey replacement.
Test: Trigger the tests with forrest, and tests no longer fail on
machines with openssl 1.0.1.
Change-Id: Ib0389b360f064053e9aa7cc0546d718e7b23003b
This breaks down the current WriteABOTAPackageWithBrilloScript() into
smaller and testable units, which also prepares for the work in
b/35724498.
Bug: 35724498
Test: python -m unittest test_ota_from_target_files
Test: Get identical A/B OTA packages w/ and w/o the CL.
Change-Id: I2ea45ce98e2d2baa58e94fb829b7242f6fe685a7
Merged-In: I2ea45ce98e2d2baa58e94fb829b7242f6fe685a7
(cherry picked from commit 036d721812)
This adds the Traceur app to all builds on phones and tablets.
Previously, it was included on userdebug builds on specific devices only.
Bug: 64762598
Test: Flashed a user build and a userdebug build and saw Traceur on both
builds.
Change-Id: I9bf7d68c737845a519f57f8f60ee9064bf33a2f5
The same thing has been set in GetPackageMetadata(), so they are no-op.
Also replace an occurrence of 'OPTIONS.source_info_dict' with
source_info, which has been missed from previous clean-up CLs.
Test: Generate an A/B OTA package, and an incremental BBOTA with
--wipe_user_data. Check the metadata.
Test: Generate a two-step incremental BBOTA successfully.
Change-Id: I4bb491cac9064d93fb86d12e617c8f38f040e01e
The info comes from the build.prop file of the target build (thus no
backward compatibility concerns). OTA server and client can optionally
use these info to understand the expected behavior of an OTA package.
Bug: 72751683
Test: python -m unittest test_ota_from_target_files
Test: `m dist`, then check the metadata in the generated OTA package.
Change-Id: I5935f67684d2486bb5f00d67ce4bc756589a56ed
This CL detects incomplete block ranges (e.g. due to the holes in
mke2fs created images). Such block ranges will be tagged, so we won't
attempt to imgdiff those files. Note that the change to blockimgdiff.py,
which uses the tag info, will come in a separate CL.
An 'extra' attribute is added to RangeSet class, which defaults to an
empty dict. An 'incomplete' tag will be added into the dict by the
caller of the class. Not adding this tag as an immediate attribute,
because it is not a property regarding the ranges being represented, but
rather some storage space for the caller.
This CL also refactors GetSparseImage and RoundUpTo4K into common.py, so
the same code can be called from both of ota_from_target_files.py and
validate_target_files.py. Not able to add unittests for
GetSparseImage(), as SparseImage requires data in specific format.
Bug: 68016761
Test: Run validate_target_files.py on target-files.zip. It skips
validating files with missing holes as before.
Test: Run ota_from_target_files.py on angler target-files.zip. It gives
identical packages w/ and w/o the CL.
Test: pylint on changed files. There're warnings with common.py, but
unrelated to this change.
Change-Id: I126ccfea13c0d5ebcc8c1b4ff1a4f9200e97423a
C: 73, 0: Wrong hanging indentation (add 4 spaces).
file_name, actual_sha1, expected_sha1)
^ | (bad-continuation)
C:171, 0: Wrong continued indentation (add 20 spaces).
'SYSTEM/etc/recovery.img', expected_recovery_sha1)
^ | (bad-continuation)
C:185, 0: Wrong continued indentation (add 20 spaces).
file_path='IMAGES/boot.img', expected_sha1=boot_info[3])
^ | (bad-continuation)
C:191, 0: Wrong continued indentation (add 20 spaces).
file_path='IMAGES/recovery.img',
^ | (bad-continuation)
C:192, 0: Wrong continued indentation (add 20 spaces).
expected_sha1=expected_recovery_sha1)
^ | (bad-continuation)
W: 67,15: Use % formatting in logging functions and pass the % parameters as arguments (logging-format-interpolation)
W:150,17: Use % formatting in logging functions and pass the % parameters as arguments (logging-format-interpolation)
W:153,15: Use % formatting in logging functions and pass the % parameters as arguments (logging-format-interpolation)
W:194,15: Use % formatting in logging functions and pass the % parameters as arguments (logging-format-interpolation)
C: 27, 0: standard import "import logging" comes before "import common" (wrong-import-order)
C: 28, 0: standard import "import os.path" comes before "import common" (wrong-import-order)
C: 29, 0: standard import "import re" comes before "import common" (wrong-import-order)
C: 31, 0: standard import "import sys" comes before "import common" (wrong-import-order)
Test: pylint --rcfile=pylintrc validate_target_files.py
Test: Run validate_target_files.py with a target-files.zip.
Change-Id: Ie64acdb4cee4326938c4ad5a34b575d7b82478c0
core_current is a pseudo SDK version which is a core Java API subset of
the Android API. It is expected to be mainly used for external Java
projects which are agnostic to Android; such as junit, guava, etc.
A module built with this SDK version can only link to java modules of
the same kind. It can't depend on modules built with LOCAL_SDK_VERSION
:= current or without LOCAL_SDK_VERSION.
Bug: 72206056
Test: m -j
Change-Id: I34a9696393aa6704fd6684a40ea5b05d3fb46b23
We used to do this in add_img_to_target_files.AddImagesToTargetFiles(),
which didn't cover the path when calling from make_recovery_patch. As a
result, /system/bin/install-recovery.sh contains different SHA values
from the actual images.
Test: Set up aosp_bullhead to use AVB. `m dist`, then run the following
command to verify the generated install-recovery.sh.
$ ./build/make/tools/releasetools/validate_target_files.py \
out/dist/aosp_bullhead-target_files-eng.zip
Change-Id: Id7be8fb17072252fcd4d08db2057b8c4af053376
CPU/ABIs related information is already in system/build.prop. It
should also be included in the vendor image so it can still be
examined outside of a device, build environment, or $OUT directory,
by a standalone utility to check its basic characteristics and if
it's compatible with some specific system image (usually GSI).
Bug: 72079894
Test: Built and verified aosp_x86(_64):
# On host
$ grep ro.vendor.product.cpu $OUT/vendor/build.prop
# On device
$ getprop | grep ro.vendor.product
$ su
# grep ro.vendor.product /vendor/build.prop
Change-Id: Ic9ac8065d5983710840e33a805f982de75d86ce3
This reverts commit 4a2926a44e.
Reason for revert: The original CL caused two issues:
1) Increased app startup because `profman` failed to verify boot
jars and created an empty profile for the boot image. All methods
in the framework therefore ran interpreted/JITed. New flag
"--skip-apk-verification" has been added to `profman` to fix
the issue in CL Iad614e47feada293218c11cff985a8012ca49a0f.
2) Caused a crash in Mockito CTS tests because jvmti did not
remove hiddenapi access flags from boot jars before using them.
This has been fixed with CL Ibc9a96a6b541c06844f276db009ac29514f7a3bb.
Bug: 64382372
Bug: 72550707
Test: make test-art-host
Change-Id: Ie8c58714455662f042f56b2977b01b75c5ec7d2f
TARGET_SUPPORTS_32_BIT_APPS and TARGET_SUPPORTS_64_BIT_APPS should
be board config variables. Move them to
target/board/treble_common_64.mk
Bug: 70951849
Test: lunch aosp_arm64_ab-userdebug; make -j
Change-Id: Ia3f6d5db1a7edc956597ab34c2feed088ecc6062
Kati has a `--warn` option that adds some extra Kati-specific warnings
-- like using undefined make functions, undefined user functions, likely
bad variable lookups, etc. Some of these are bugs, others are fine doing
nothing. This fixes up all of them in the core build system.
It also complains about $(eval) usage in a recipe not being recommended.
Those aren't handled as part of this change.
Bug: 72661763
Test: build-aosp_arm.ninja is identical before and after
Change-Id: I8e00af142a7745236d3ad4efc9e91ec3ce71a511
Bug: http://b/72642679
Store missing profile files and the modules that refer to them, passed
via SOONG_MODULES_MISSING_PGO_PROFILE_FILE variable, to
$DIST_DIR/pgo_profile_file_missing.txt as part of the 'dist' target.
Test: 'm dist' and verify creation of pgo_profile_file_missing.txt.
Change-Id: I4ac0a1f413cbb99b33ad1903aeebd3ebcf3b9f59
The generator function is not thread safe and is prone to race
conditions. This CL uses a lock to protect this generator and loose the
locks elsewhere, e.g. 'WriteRangeDataToFd()'.
Bug: 71908713
Test: Generate an incremental package several times for angler 4208095 to 4442250.
Change-Id: I9e6f0a182a1ba7904a597f403f2b12fe05016513
Check that the Sha1 for src&tgt ranges are correct before computing
patches. This adds ~6 seconds overhead for ~2400 commands.
Bug: 71908713
Test: Generate an incremental package from angler 4208095 to 4442250.
Change-Id: I8cf8ce132fb09a22f7d6689274ddb4a27770be76
Fixes lots of warnings of the form:
build/make/core/base_rules.mk:606: warning: overriding commands for target `out/target/product/generic_arm64/testcases/simpleperf_unit_test/testdata/perf.data'
build/make/core/base_rules.mk:606: warning: ignoring old commands for target `out/target/product/generic_arm64/testcases/simpleperf_unit_test/testdata/perf.data'
Test: lunch aosp_arm64-eng; m device-tests
Change-Id: I32575d25f3aef1d4000fcb63d6ffc025ad21f937
This reverts commit b7f00ed2af.
Bug: 72550707
Bug: 64382372
Test: atest CtsInlineMockingTestCases
Reason for revert: Causing invalid dex files to be passed to jvmti
agents. This causes CtsInlineMockingTestCases and
other tests to fail.
Change-Id: I50129e94791b9e2bef919fe398b4250ae461195b
Just like visual warnings about improper use of native libraries,
warnings about the usage of hidden APIs will be displayed in non-
final, non-user builds only.
Bug: 64382372
Test: make
Change-Id: Id0a4200f912ac3303026cb26b6d8974c47332828
ART buildbots are broken because they build against a pinned commit of
the framework and thus lack the build rules to generate hidden API lists
We aim to fix this by generating dummy API lists in the build folder.
This patch changes the location of the blacklist and dark greylist from
frameworks/base/config/ to ${TARGET_COMMON_OUT_INTERMEDIATES}/... . On
normal builds, the framework will copy its text files into the build
folder.
Test: make
Bug: 64382372
Change-Id: I9b55d2865599e367d9c4be4f834182f5c084c3bf
When building with OpenJDK 9's javac with -source 1.9 -target 1.9,
a runtime image (with system modules) is used via the --system
command line flag, instead of --bootclasspath.
The runtime image only contains the default libraries (libcore)
but is missing other libraries that might be on the bootclasspath
for a particular build target.
This CL fixes compilation for this case by adding the missing
jars onto the classpath instead.
This already used to work but was broken by CL [1]. I attempted
to conditionally revert some of that CL's changes to java_common.mk
for the case of language level 1.9, but couldn't get it to work.
Therefore this CL follows a different approach.
[1] http://r.android.com/519552
Bug: 38177569
Test: Treehugger
Test: Ran "EXPERIMENTAL_USE_OPENJDK9=true make checkbuild docs"
and spot-checked some javac invocations to confirm that the
system modules libs were not included in the bootclasspath,
but other libs were.
Change-Id: I48fd11aac9b310bfa58dee0f9cfb3ef33f10bca8
Bowgo Tsai