Commit Graph

135 Commits

Author SHA1 Message Date
Leo Wang 1d4ad5158b Revert "Add an option to include a full bootloader in incremental OTA."
This reverts commit 46d5efcd0d.

Change-Id: Ibd347be362db50c0cdb34bf828718872bd74ad56
2015-09-15 04:03:20 +00:00
leozwang 46d5efcd0d Add an option to include a full bootloader in incremental OTA.
Bug: 23101469
Bug: 23999213

Change-Id: Id5ed748a5639663bb5df954f9375838fd9c295ca
2015-09-14 10:41:34 -07:00
Tao Bao 007979ee75 Add support for clobbered blocks
In ext4 filesystems, some blocks might be changed even being mounted
R/O, such as the superblock (block 0). We need to exclude such blocks
from integrity verification. Plus such blocks should always be
written to the target by copying instead of patching.

Bug: http://b/20939131
Change-Id: If9efab3d7a0071a87b4d4297daf7963c3b818afe
(cherry picked from commit ff7778166b)
2015-08-11 21:02:45 -07:00
Tao Bao daebaa6ed3 Restrict the verification in block-based incremental OTAs
BlockImageDiff has three versions. Only the incremental OTAs generated
with the latest version (3) can be re-applied to the system that's
already on the target build. Otherwise, operations like move will make
unconditional changes and damage the system. During the verification
phase, abort the OTA update if BlockImageDiff is less than 3 and it
doesn't match the checksum of the source build.

Change-Id: I3a776495b69e1d174fcb01b10e40c0e912914fd8
2015-03-12 13:47:04 -07:00
Justin Harrison 2de68bbbf4 Revert "Allow system images larger than 2GiB."
This reverts commit cd082d4bfe.

Change-Id: Ie63e1ba70d907d2849164871bc7ec71c245f7af9
2015-02-13 18:47:51 +00:00
Dan Albert cd082d4bfe Allow system images larger than 2GiB.
Python 2.7's zipfile implementation wrongly thinks that zip64 is
required for files larger than 2GiB. We can work around this by
adjusting their limit. Note that `zipfile.writestr()` will not work
for strings larger than 2GiB. The Python interpreter sometimes rejects
strings that large (though it isn't clear to me exactly what
circumstances cause this). `zipfile.write()` must be used directly to
work around this.

This mess can be avoided if we port to python3.

Bug: 18015246
Change-Id: I8a476d99c5efdef6ea408373b706e9fbd3a798be
2015-02-06 13:24:06 -08:00
Jesse Zhao 75bcea0267 verify system and vendor image together before patching.
Change-Id: Ia43657ed6cd8860b0edb78cc2dd6388c761e1f8b
Bug: 17919909
2015-01-07 21:44:09 +00:00
Michael Runge 63f01de818 Add post-install verification phase
Verify the SHA sum of all patched and extracted files after
a file system remount.

Bug: 18145574

Change-Id: I2f053d085543e10e39153a774542d37ee0a238bd
2014-10-29 02:54:51 +00:00
Michael Runge fb8886db68 get_stage in updater takes one param, not two.
Change-Id: I09a77eda5a1691080b1ae074d2e94d233eca7150
2014-10-23 13:51:04 -07:00
Michael Runge 7cd99bad21 Allow info_dict from target_files to specify mount options
This will allow safer mount options to be added per mount FS
type, to better ensure data is written during an OTA.
Bug: 18079773, 18092222

Change-Id: I1e3e4fd4639c6fd263e550b770cc3c858ef1e03b
2014-10-22 18:38:49 -07:00
Michael Runge 560569a617 If oem_fingerprint_props is empty, ignore.
There may be cases where there is an OEM partition
but it has no effect on the OTA itself.  In these
cases, ignore an empty value from the misc_info.txt

Change-Id: I5f467e873030765af12810a07ddd5f302ca8cc0b
2014-09-18 15:12:45 -07:00
Doug Zongker b34fcce08c explicitly check the superblock for differences
When generating incrementals for the system and vendor partitions,
check the first block (which contains the superblock) of the partition
to see if it's what we expect.  If this check fails, give an explicit
log message about the partition having been remounted R/W (the most
likely explanation) and the need to flash to get OTAs working again.

Bug: 17393999
Change-Id: Ifd2132b428dbc4907527291712690204a3664ac0
2014-09-11 09:38:01 -07:00
Doug Zongker ab7ca1d286 refactor BlockDifference into common
Move BlockDifference into common and make its script generation code
more complete, so that it can be use by releasetools.py to do diffs on
baseband images.

Bug: 16984795
Change-Id: Iba9afc1c7755458ce47468b5170672612b2cb4b3
2014-08-26 13:12:11 -07:00
Doug Zongker fc44a515d4 new block OTA system tools
Replace the xdelta/xz-based block OTA generation with a new system
based on the existing bsdiff/imgdiff tools.

Bug: 16984795
Change-Id: Ia9732516ffdfc12be86260b2cc4b1dd2d210e886
2014-08-26 13:10:25 -07:00
Doug Zongker f83400896d add 5 minute timeout on binary patch construction
When making bsdiff/imgdiff patches, give up after 5 minutes.  (On
certain large files it can take hours to build a patch, if it ever
even completes.)

Change-Id: I123c06f8194f85f6f4e640f7eb31c7746f76ba4d
2014-08-05 10:39:37 -07:00
Doug Zongker 56d91dd07f Merge "fall back to generating full OTA if incremental fails" into lmp-dev 2014-08-01 17:53:35 +00:00
Doug Zongker 62d4f18a30 fall back to generating full OTA if incremental fails
Block incremental OTA generation can currently fail on some
target-files pairs.  Fall back to generating a full OTA so that the
script succeeds rather than failing.

Change-Id: Ide70395d1f3759aa2076bd173836f6a5e5b397c0
2014-08-04 16:06:43 -07:00
Doug Zongker 3c84f56948 store images in target-files
Store sparse images in the target-files, and use those (when they're
available) for building block OTAs.

- New script add_img_to_target_files is added to make the images and
  add them to the IMAGES/ subdir in the target-files.  It gets run
  from the Makefile when building a target-files.

- img_from_target_files becomes mostly vestigial: it creates the
  img.zip by just copying the images out of the target-files.  (It
  still knows how to build images for use on older target-files.)

- ota_from_target_files uses images from the target-files in
  preference to rebuilding images from the source files.

- sign_apk_target_files builds images and includes them in its output
  target files (even if the input target-files didn't have them).

Bug: 16488065
Change-Id: I444e0d722d636978209467ffc01750a585c6db75
2014-07-31 11:06:30 -07:00
Ying Wang f5770d78da resolved conflicts for merge of 240e136e to master
Change-Id: Ic6e2cbe593914ddb613454581964c5d3d443b9d5
2014-06-19 10:32:35 -07:00
Doug Zongker c8b4e849f1 full support for OTA of vendor partitions
Make vendor partition a first-class member of the OTA system (for
target_files that contain a VENDOR/ subdirectory).

Build vendor images in a way that is compatible with block-based OTA.
Support updating the vendor partition in both full and incremental,
block and file OTAs.  In most cases this is handled by refactoring the
existing code to handle the system partition to handle either, and
then calling it twice.

Currently we don't support incremental OTAs from a target-files
without a VENDOR subdirectory to one with one, or vice versa.  To add
or remove a vendor partition a full OTA will need to be done.

Bug: 15544685
Change-Id: I9cb9a1267060bd9683a9bea19b43a26b5a43800d
2014-06-16 15:39:54 -07:00
Doug Zongker 1113e38195 test block patch more realistically
Read and write the same file when testing block patches, which can
turn up errors that don't show up otherwise.  (And will appear on the
device.)

Change-Id: Ic9b8d93ec980d13163b135f619af589f41433d7f
2014-06-13 10:38:32 -07:00
Martin Blumenstingl 374e114d16 Document the worker_threads option.
Change-Id: I44775493bedc0c7224c2c4ef06330bdb1430a1b6
2014-06-11 23:03:44 +02:00
Doug Zongker 4b9596fe00 configure progress bar during block OTA script generation
Emit script commands to produce a more accurate progress bar (for full
block OTAs) and a working progress bar (for incremental block OTAs) --
ones that are driven by the progress callback from the thing actually
writing the system image.

Change-Id: Ifca10be68cfdaab7135d23515bd0ae5be2f98a16
2014-06-09 14:15:45 -07:00
Doug Zongker 91a99c28e0 fix ota script to generate non-block commands correctly
If you had a target_files without a recovery patch and specified
--block (which should have no effect without a patch), it would have
omitted some necessary commands from the OTA script.

Change-Id: I96e79cd561ebf09cfe53792d1cc558cc71479869
2014-05-09 13:16:50 -07:00
Michael Runge c6e3afd26d Support block OTA + OEM partition
Change-Id: I9e662098569a43b05279908e6833e9552a7abe3a
2014-05-05 12:22:12 -07:00
Michael Runge 6e836116f7 Add support for verifying OEM properties.
A separate OEM file must be specified to provide the expected
values for these properties.  The list of properties comes from
the "oem_fingerprint_properties" list in misc_info.txt

Bug: b/13367676

Change-Id: I1a3eaf108492132cf6f595a5d1c9f7e0c3cb3142
2014-05-01 17:37:57 -07:00
Ying Wang c73e461537 Fix variable name.
Change-Id: Ie7439f71cf7fd2eeacd45a5d6625e610dad8bfbe
(cherry picked from commit 1a1dfcb5fcb6eda11d8dbf5df02f0083853dd5c1)
2014-04-15 22:31:54 +00:00
Doug Zongker 2a99239920 Merge "test block system image patch at build time" 2014-03-06 16:39:20 +00:00
Doug Zongker 922206ec2a move data wipe to end of OTA package
Now that OTA packages can be downloaded to /data, if they include a
data wipe we should do that last.

Change-Id: I75102fb2ff85d0f0110d55dfca06ec5f38104850
2014-03-04 13:16:24 -08:00
Doug Zongker 32b527d6cb test block system image patch at build time
After building a patch for the system image (for incremental block
OTAs), apply it to a local copy of the file and test that it succeeds.
This is an imperfect test as it's using the local client's
syspatch_host, which may differ from the syspatch library actually
used in the target build, but it's somewhat better than nothing.

Change-Id: Ic0001b0145881e2ebd4b5b36ce9b5bcebd76deb4
2014-03-04 10:03:02 -08:00
Doug Zongker 5fad2039bb handle don't care regions in the system image
The system partitions has regions that we shouldn't write and can't
depend on the contents of.  Adds a new script to generate a map of
these regions (using the sparse image as input), and include the map
in the package zip so it can be used when writing or patching the
system partition.

Also fixes a bug where the wrong SELinux file contexts are used when
generating incrementals.

Change-Id: Iaca5b967a3b7d1df843c7c21becc19b3f1633dad
2014-03-03 10:57:23 -08:00
Doug Zongker 25568486e5 add option to specify updater binary, for development
Change-Id: I5f239afff70c87fb16ddc4b8abefa7bbcda6040d
2014-03-03 10:21:27 -08:00
Doug Zongker 26e6619c37 add --block flag to ota_from_target_files
Add the --block flag to this script to control whether block-based OTA
packages are generated (defaults to off).  Make the full OTA package
produced by "make otapackage" continue to produce a block-based OTA.

Also fix a problem where block incremental OTAs didn't ever succeed,
and the --no_signing option never worked.

Change-Id: I610d0b4abed4b8b65fbe8ce0abaeec6cf52e14a1
2014-02-20 13:30:44 -08:00
Geremy Condra d75d7128ce Merge "Add support for block incremental OTAs" 2014-02-20 21:10:39 +00:00
Geremy Condra 36bd365625 Add support for block incremental OTAs
Change-Id: Ie72015e34ed8d7595a5c74c8df41cba73275afab
2014-02-20 12:54:17 -08:00
Doug Zongker cf6d5a9074 bump releasetools python requirement to 2.7
These scripts already use some post-2.4 features, so let's make it
official: Python 2.7 is needed to run them.

Change-Id: I256e9ed99b0b62abe4e22a7b1f811acb7419e88e
2014-02-18 10:57:07 -08:00
Doug Zongker 01ce19c95f make full OTAs block based
Instead of writing individual files and fixing up their metadata, make
full OTAs contain a system image and simply write it to the block
device.

This is only done for target-files that already contain the recovery
flashing information, older target-files still get a file-based full
OTA.

Bug: 12893978
Change-Id: If7586083c8f275e24fec49d260af5b5aff4a0a88
2014-02-04 14:04:42 -08:00
Doug Zongker c9253822ea add recovery update code to system images
Currently, the "img" zip files generated by the build system lack the
script and data needed to rewrite the recovery partition, while the
"ota" zip files do (when installed).

In order to move towards block-based OTAs, we want the result of
flashing an image and the result of installing the corresponding OTA
package to be identical.

Generate the recovery-from-boot patch and install script as part of
the process of building the target-files.  This requires breaking the
code to generate that out of ota_from_target_files into its own tool
that we can run from the Makefile.  (ota_from_target_files can still
do this, so it continues to work with older target-files.)

Bug: 12893978
Change-Id: I80e62268840780b81216e548be89b47baf81b4ac
2014-02-04 13:50:35 -08:00
Ying Wang eb18125f2f am 0064dceb: am a8d15474: am 04cff708: resolved conflicts for merge of 7382ec7d to klp-dev-plus-aosp
* commit '0064dceb198788e237bbc10931c54b9a35275976':
  ota_from_target_files: Add an option to not sign OTA packages
2014-01-28 00:13:04 +00:00
Ying Wang 04cff70804 resolved conflicts for merge of 7382ec7d to klp-dev-plus-aosp
Change-Id: Ic414d3ec8b52b1045125e1b76deae8a4a59a5e52
2014-01-27 15:56:45 -08:00
Doug Zongker eb0a78afc0 prefer releasetools.py from target_files zip
If the target_files zip for the target build contains a
META/releasetools.py (which it has since Nov 2013), prefer that over
using a releasetools.py from the local client.

Explicitly specifying the device-specific extensions path via
command-line options takes priority over both of the above mechanisms.

Change-Id: Ia068b0e2e06ede7da89ebe4315cdec592eb8995e
2014-01-27 10:03:23 -08:00
Takeshi Kanemoto e153b34643 ota_from_target_files: Add an option to not sign OTA packages
Sometimes it is useful to be able to tell ota_from_target_files
to not sign the output zip file. For instance, the private
release key may not be available when ota_from_target_files
is executed; similarly the release tools may not be available
or executable where the private key is stored.

This change adds an option, '--no_signing', to simply output the
unsigned OTA zip file, instead of spuriously signing it with the
test key even though the zip file would need to be re-signed later
with a different key.

Change-Id: I1f3c4dc8ffa35ce85478f848b147aff3d40fe283
2014-01-27 15:01:04 +09:00
Michael Runge 4038aa8fff Enabled incrementals to patch + rename moved files
Change-Id: I551fc5291847e3ace15361c203d86f566c26da97
2013-12-16 11:29:51 -08:00
Doug Zongker 9b23f2cd78 add option to generate two-step recovery files
When run with the -2 option, ota_from_target_files will generate a
package (full or incremental) that does some extra reboots in order to
install the new recovery first, so that the rest of the installation
is done with the new recovery.  This can be useful if (say) the
package installation needs some features from the newer kernel.

For incremental packages, the verification phase is still done with
the old recovery.

This is only supported on devices where the misc partition is EMMC
(not MTD).

Two-step packages are slower to install and possibly confusing to
users (they will see their device reboot four times instead of twice),
so only use this option if necessary.

Change-Id: I3267d905e5e8eb1a1eb61bf48255b8b24ffc4ad1
2013-11-27 11:27:55 -08:00
Michael Runge 90c60d3b92 Revert "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add."
This reverts commit 37335b4238.

Change-Id: I61cc125d3b08eaa300a7774b6607dbb43f0e7148
2013-11-22 00:52:51 +00:00
Michael Runge 37335b4238 Enable incremental builder to find files that moved, and
try to process them via patch + rename, instead of
delete + add.

b/11437930

Change-Id: Ie70632a2fa0a13d4bb259f61c620bb01812494e5
2013-11-07 11:36:03 -08:00
Nick Kralevich 0eb17d9447 Update OTA to understand SELinux labels and capabilities
Update the OTA generation script to understand SELinux file
labels and file capabilities.

Make fs_config aware of SELinux labels and file capabilities, and
optionally output those elements whenever we output the
UID / GID / file perms. The information is emitted as a key=value pair
to allow for future extensibility.

Pass the SELinux file label and capabilities to the newly created
set_metadata() and set_metadata_recursive() calls. When the OTA
script fixes up filesystem permissions, it will also fix up the SELinux
labels and file capabilities.

If no SELinux label and capabilities are available for the file, use
the old set_perm and set_perm_recursive calls.

Bug: 8985290
Bug: 10183961
Bug: 10186213
Change-Id: I4fcfb2c234dbfb965cee9e62f060092a4274d22d
2013-09-10 12:30:43 -07:00
Michael Runge fb9bb205fc Revert "Update OTA to understand SELinux filesystem labels"
This reverts commit fbbd79530a.

All incremental auto OTAs broken b/9964074

Change-Id: I500d2ac194804abd20a0e01d9862fd42e8f5d2de
2013-07-22 20:42:44 +00:00
Nick Kralevich fbbd79530a Update OTA to understand SELinux filesystem labels
Make fs_config aware of SELinux contexts, and output the context
whenever we output the UID / GID / file perms.

Pass the selinux context to the set_perm2() and set_perm2_recursive()
calls. When the OTA script fixes up filesystem permissions, it will
also fix up the SELinux context on the files.

Bug: 8985290
Change-Id: I6419b64c06309a93ac6b2f2cf9fc7f8815adeaf3
2013-07-18 15:04:22 -07:00
Doug Zongker 0d92f1f13a improve OTA failure messages
Replace OTA script constructs of the form:

   assert(foo);

with

   foo || abort("sensible message");

so that the log and the on-screen display is somewhat more accessible
to non-experts.  (assert() displays the source code of the false
expression 'foo'.)

Change-Id: Ic99448e4466561d305b167cd4d5c1f0f2dbadcce
2013-06-03 12:07:12 -07:00