We used to silently ignore the return value from apply_patch() even if
it had failed. It gives us more trouble to investigate the failure when
the affected file/partition gets touched in subsequent OTAs. This CL
adds the checking of the return value and aborts the update accordingly.
Bug: 25893277
Change-Id: Ie5e1c563576e503343e6a5b28ed4d7039f6f919c
Add an option "--log_diff <filename>" to ota_from_target_files.py
script. When enabled, it logs the differences between the source
and target builds into <filename> when generating incremental OTAs.
Also move target_files_diff.py into releasetools/ so that it can be
packed into otatools.zip.
Bug: 25372309
Change-Id: Ifd4ed0f2f12ef040ee377621ec8c35a873cec34f
The packaging script is broken when we set TARGET_NO_RECOVERY and
SYSTEM_ROOT_IMAGE both. With TARGET_NO_RECOVERY set, we don't have
RECOVERY/RAMDISK/etc/recovery.fstab. It thus fails the assertion in
common.LoadRecoveryFSTab() that "/" must exist in fstab when enabling
SYSTEM_ROOT_IMAGE.
Change-Id: Id509d724f18be7cf7389dd786924ead894ac0cc1
Vendor-specific images (radio, bootloader and etc) used to stay in
RADIO/ in target_files zip. A/B updater expects them to be available
under IMAGES/. Make a copy for such images when calling
add_img_to_target_files.py.
We cannot move them directly from RADIO/ to IMAGES/, because we will
delete everything under IMAGES/ when signing for release.
Bug: 25674625
Change-Id: I977c879d0ff7e45c83b3f5c63844a5b135caa383
We can generate a special OTA package that verifies all the partitions
(boot, recovery, system, vendor and etc) on a device. It also calls
device-specific script to verify bootloader and radio images. This
ensures a flashed device contains all the desired images faithfully.
Usage:
ota_from_target_files.py --gen_verify target_files.zip output.zip
Bug: 24679956
Change-Id: Ib3091d98c4b17a6fad305b3edf16d09efbda5c38
Factor out some common lines between generating incremental and full
OTAs. Remove the outer while loop for cleaner logic.
Change-Id: I0a4d44a4a59b488748222c2031bd63f67d45e0b5
Don't generate recovery.img when calling 'make dist' if
TARGET_NO_RECOVERY is set. The build system passes the flag to the
packaging script which then generates recovery.img conditionally.
Bug: 25329471
Change-Id: Ifbc999300d5c31e897878f81e231ae7dd2aca660
To accommodate new changes (such as error correction in [1]) to BBOTA
in N release. We bump up the version to keep the OTA script backward
compatible.
Needs the matching CL in commit
1fdec8685af858c5ff4f45d2e3059186ab5ed2ab.
[1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca
Change-Id: Ib9158b455cd5905fe2d4742ce81feb1b7583054f
CL in [1] added an assertion to make sure an empty RangeSet cannot call
RangeSet.to_raw_string(). However, we may unintentionally hit that when
generating BBOTA v1 script (e.g. for "new" commands that always have
empty src_ranges).
[1] commit e8f756137c
Change-Id: I1723606967f354ace9286d2b888fdbc80ba10e39
When building incremental packages, the info_dict from the source build
should be the one in use. We have done that for most of the partitions
(system and etc.), and should pass that to vendor's script as well.
Also includes the CL in commit aac4ad56b6
that fixes a bug in commit 6f0b219ac5.
Bug: 24898607
Change-Id: I4ea6037dad7061e1683661fc4c394fa3a7a7c5cd
(cherry picked from commit 6f0b219ac5)
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
When building incremental packages, the info_dict from the source build
should be the one in use. We have done that for most of the partitions
(system and etc.), and should pass that to vendor's script as well.
Bug: 24898607
Change-Id: Ie2973d41b905637862616286663baf80df83bd88
This CL changes to use a fixed timestamp only when packaging
into the target_files zip.
Bug: 24377993
Change-Id: I01d136f4b99e1eff80c559192d93db83a3c5c0a4
(cherry picked from commit 822f5840c0)
[1] changed to use a fixed timestamp for all the generated images
(either the one under $ANDROID_PRODUCT_OUT/ or the one added into the
target_files zip). It makes 'adb sync' after 'fastboot flashall' to
resync all the files. This CL changes to use a fixed timestamp only when
packaging into the target_files zip.
[1]: commit 052ae3542b
Bug: 24377993
Bug: 24536411
Change-Id: I209318966109fd4902468dfe96caf777464f9fe1
ro.bootimage.build.fingerprint should be updated when signing.
Bug: 22720426
Bug: 24009888
Change-Id: Ib246a257581fd31f90ad6b3d21f39d1a2de24ba8
(cherry picked from commit 265d9aeb62)
The signing process requires the boot and recovery images be signed
by CROS-Signer, which is done after a signed_target_files.zip is
available. Once the boot/recovery images are signed, we need
to insert it back into signed_target_files.zip and regenerate the
system.map and verity tree. The script (add_img_to_target_files) does
this operation and needs to be aware of verity specific flags.
Bug: 23831896
Change-Id: Id24e878161052c768b74da1231b97eb0574b4c8b
With the change in [1], it zeroes out extra blocks that might be read
by dm-verity. We should update the expected number of blocks that get
touched.
[1] commit e9b619108d.
Bug: 23786644
Change-Id: I7a7c3531e5af6bf381d3a14832e77abfa9a8efce
For a DataImage, we may have no mapping of ZERO or NONZERO blocks. Don't
write those groups if they are empty.
Bug: 19024504
Change-Id: I1e921effcdbf0661d4f4b541c104dd456ac0c582
In BBOTAs if the last block of a DataImage is padded, we should always
write the whole block even for incremental OTAs. Because otherwise the
last block may be skipped if unchanged, but would fail the post-install
verification if it has non-zero contents in the padding bytes.
Bug: 23828506
Change-Id: I6f6789eec568ed0b808b9e425f5ecdbea1bdf446
(cherry picked from commit 7589e961a7)
In BBOTAs if the last block of a DataImage is padded, we should always
write the whole block even for incremental OTAs. Because otherwise the
last block may be skipped if unchanged, but would fail the post-install
verification if it has non-zero contents in the padding bytes.
Bug: 23828506
Change-Id: I4b0af7344d18261258cd48d18c029c089d6ff365
For file-based OTAs, we used to remove unneeded files in ascending
order, which failed to delete non-empty directories. Reverse the order
to fix the issue.
For example, now we have the following in our generated script:
delete("/system/app/Calculator/arm/Calculator.odex",
"/system/app/Calculator/arm/",
"/system/app/Calculator/Calculator.apk",
"/system/app/Calculator/");
Bug: 22960996
Change-Id: I0d36d29b7862fb53bf55bf5685a990180f9c0b3b
For file-based OTAs, symlinks in the source build but not in the target
build will be deleted. However, if a symlink is replaced by a regular
file in the target build, the file will be accidentally deleted when
applying (resuming) the same package again.
Verify the checksum of a symlink that will be unpacked or renamed to.
Delete the file only if it doesn't have the target checksum.
Bug: 23646151
Change-Id: I77bae035e39f2e0be25f7f6d71c5882464e3d50f
(cherry picked from commit 84006eacd0)
For file-based OTAs, symlinks in the source build but not in the target
build will be deleted. However, if a symlink is replaced by a regular
file in the target build, the file will be accidentally deleted when
applying (resuming) the same package again.
Verify the checksum of a symlink that will be unpacked or renamed to.
Delete the file only if it doesn't have the target checksum.
Bug: 23646151
Change-Id: Ie322abb6022b6fa812c6b36a3127872d9614fc3b
* commit 'e337093e6c5d502f0f4094639b41c001b3048d0f':
Split large files for BBOTA v3.
Revise stash for BBOTAs when needed.
Assert the stash size when generating OTAs.
Changes in [1] break the backward compatibility of the OTA scripts. Fix
the issue by extracting the file basename from the info dict in
META/misc_info.txt.
[1] commit d3a803e668
Bug: 23620049
Change-Id: I40a5625bbe0beb295f34b2328906a4a4283fe59b
RangeSet("2-10").monotonic gives a wrong result of "False". Fix the bug
and add more tests into test_rangelib.py.
Change-Id: I04780571b45ecafd34040f405756b9745a9e21a5
Separate the test cases in rangelib.py comments into a python unittest
file.
To invoke:
$ python -m unittest test_rangelib
Change-Id: I59e4ce0aaccc83bcbb42fee15775683dcd559d99
For BBOTA v3, we need to stash source blocks to support resumable
feature. However, with the growth of file size and the shrink of the
cache size, source blocks that represent a file are too large to be
stashed as a whole. CL in [1] solves the issue by replacing the diff
command with a "new" command. However, it may increase the generated
package size substantially (e.g. from ~100MB to ~400MB).
With this CL, if a file spans too many blocks, we split it into smaller
pieces by generating multiple commands. For the same case above, it
reduces the package size to ~150MB.
One potential downside is that after splitting, files like .jar,
.apk and .zip can no longer use imgdiff. We may lose the potential
benefit of using imgdiff for patch size reduction.
[1] commit 82c47981bd
Bug: 22430577
Change-Id: Iee1ad6543f3d40368e079e418cc31728e1ab3f48
(cherry picked from commit 9a5caf2c30)
When generating incremental BBOTAs (v2 and above), we need to ensure
that the needed runtime stash is below the given threshold. If it's
running out of space on /cache, we replace the command that uses a
stash with a "new" command instead.
This may increase the OTA package size, since it is carrying more full
blocks instead of patches. It gets even worse for large files that span
a number of blocks, because currently we will store all the blocks for
the file as "new" blocks if stashing cannot be satisfied. We may further
optimize by splitting them into smaller chunks so that most of them can
still be stashed.
Bug: 22430577
Change-Id: Ieae5243d461e3f899f613f76a380f6f7c3edb356
(cherry picked from commit 82c47981bd)
With block-based OTA v2 and v3, it requires stash space on the /cache
partition to back up blocks during an update. We need to ensure that
it doesn't exceed the partition size. Since there might be other files
on /cache as well, we use cache_size * threshold as the maximum allowed
size. The threshold defaults to 0.8, which can be overridden by command
line option '--stash_threshold'.
Change-Id: Ieee5d373c9bfb2ea401d85ca8a3adb491579de76
(cherry picked from commit 23ac404212)
For BBOTA v3, we need to stash source blocks to support resumable
feature. However, with the growth of file size and the shrink of the
cache size, source blocks that represent a file are too large to be
stashed as a whole. CL in [1] solves the issue by replacing the diff
command with a "new" command. However, it may increase the generated
package size substantially (e.g. from ~100MB to ~400MB).
With this CL, if a file spans too many blocks, we split it into smaller
pieces by generating multiple commands. For the same case above, it
reduces the package size to ~150MB.
One potential downside is that after splitting, files like .jar,
.apk and .zip can no longer use imgdiff. We may lose the potential
benefit of using imgdiff for patch size reduction.
[1] commit 82c47981bd
Bug: 22430577
Change-Id: I5684fab0ac41c8d94fe18f52a34cef77e06f741c
For squashfs, we currently don't have a system.map. So the whole system
image will be treated as a single file. But for some unknown bug, the
updater will be killed due to OOM when writing back the patched image to
flash (observed on lenok-userdebug MEA49). Prior to getting a real fix,
we evenly divide the non-zero blocks into smaller groups (currently 1024
blocks or 4MB per group).
Bug: 23227672
Change-Id: Ifeddd8d802f01f8cd2a743a1d1217a284fb6e182
When generating incremental BBOTAs (v2 and above), we need to ensure
that the needed runtime stash is below the given threshold. If it's
running out of space on /cache, we replace the command that uses a
stash with a "new" command instead.
This may increase the OTA package size, since it is carrying more full
blocks instead of patches. It gets even worse for large files that span
a number of blocks, because currently we will store all the blocks for
the file as "new" blocks if stashing cannot be satisfied. We may further
optimize by splitting them into smaller chunks so that most of them can
still be stashed.
Bug: 22430577
Change-Id: I5a49e361adc7d3d41de2e9c08ee9b08c1e6c091a
In BBOTA v2, the stash size computation is inaccurate. A stash will be
used only once, so we deduct its size from stashed_blocks right after
its use. However, the stash doesn't actually get freed until being
overwritten by another stash or destroyed at the end of an update. This
leads to OTA failures due to insufficient space on /cache. This CL
changes the BBOTA v2 script to generate an explicit free right after
its use.
Bug: 23119955
Change-Id: Icdd8352bb0ff778945937c870990a888c7a4d38b
In ext4 filesystems, some blocks might be changed even being mounted
R/O, such as the superblock (block 0). We need to exclude such blocks
from integrity verification. Plus such blocks should always be
written to the target by copying instead of patching.
Bug: http://b/20939131
Change-Id: If9efab3d7a0071a87b4d4297daf7963c3b818afe
(cherry picked from commit ff7778166b)
With the change in vboot_signer (CL:744257), an additional parameter
is required to vboot_signer script. This change adds the required
parameter to releasetools as well.
BUG=23076037
Change-Id: Ice5329578b3a9bc459e278a9d404a1981b35ca88
Signed-off-by: Furquan Shaikh <furquan@google.com>
For some old builds, we may not define cache partition size. Change the
exception into a warning to make the script backward compatible.
Change-Id: Ie94c7fbb1a9f3a7db3f16e8d845e493a534aac5b
For system images that contain the root directory, we need to find the
root directory at ROOT/ instead of BOOT/RAMDISK/.
Change-Id: Ica345c8b1b03475f8ac6c44fd576045fcf17c882
Change all uses of the file_contexts file to use the
file_contexts.bin file instead.
Depends on
I75a781100082c23536f70ce3603f7de42408b5ba
I43806d564b83d57f05f5c36c8eba7b1ff4831b04
Id560d093440a2aba99cef28c20133b35feebf950
I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400
Change-Id: Iaf8c4b2e420f610425a07f48db7af32bda3f5b3a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When the root directory is included in system, the assumption that
system is mounted at /system breaks down. Redirect /system to /
in that case.
Change-Id: I8031b32d7cb9ca699c1cc22939e28afce9d1c847
When creating incremental OTAs, we should always use the fstab from the
source build instead of the target.
Bug: 21948974
Change-Id: I8b6a18f64b412f782184f9d382544ed0ce093fb4
(cherry picked from commit dd24da9ec9)
When creating incremental OTAs, we should always use the fstab from the
source build instead of the target.
Bug: 21948974
Change-Id: Iff44130f88a679b253ea1adcfac4ed8566ce9cc7
If BOARD_USES_FULL_RECOVERY_IMAGE == true, a full copy of recovery
image will be carried as /system/etc/recovery.img instead of a patch
at /system/recovery_from_boot.p.
Bug: 22641135
Change-Id: Ie271d3e2d55d7b003f667ac5b44203d69b23c63b
(cherry picked from commit 8beab69bd5)
A few properties are stored as links to the files in the out/
directory, which are no longer available when (re)packing from
target_files zip. Redirect those properties to the actual files in
the unzipped directory when repacking.
Change-Id: I18e930cbea224ab9c6db8d4e721b1c266a671db6
Tao Bao