This makes the signapk tool use Conscrypt (where possible) instead of
the platform-default JCA providers and the Bouncy Castle JCA provider.
This speeds up (by 10-30%) APK and OTA update signing because
Conscrypt's crypto primitives are backed by BoringSSL.
Previously, the signapk tool consisted only of the signapk.jar.
Because Conscrypt is backed by native code, signapk now consists of
signapk.jar and crypto_openjdk_jni shared library. This requires that
users of the tool be updated to provide a suitable -Djava.library.path
argument to the Java runtime. This change updates all known users of
the tool inside the Android source tree to do so.
Bug: 26097626
Change-Id: I8411b37d7f771ed99269751a3007dff103083552
libext2_uuid_host was renamed to libext2_uuid-host to match the
"-host" suffix used in most libraries.
Bug: 24619596
TEST=make dist
(cherry picked from commit 41ac44ed2b)
Change-Id: I07e3a5e896230ed3ce1c102c607cbd1aa02c67e0
libext2_uuid_host was renamed to libext2_uuid-host to match the
"-host" suffix used in most libraries.
Bug: 24619596
TEST=make dist
Change-Id: Ic5faccb4d5fdbbf3d3bba6f4a35cf99d4961bb54
the value of USER is dependent from the compilation environment,so
when compiling one same device project, the BUILD_FINGERPRINT may
exceed 91 characters because ${USER} is long, but with short ${USER}
the compilation can pass.
Signed-off-by: wei qiao <qiaowei224@gmail.com>
Change-Id: Ia0f7dfa9cf7d605f1f2603f70dd0e6877482eb8a
Set ro.build.ab_update if AB_OTA_UPDATER is true. Device will depend on
this property to call the proper update API.
Change-Id: I5916ef5b30ea3351d323382f7ce83a17df2b0a70
For system images that contain the root directory, "adb shell" in
recovery stops working if the image is mounted at "/system", because
sh now locates at /system/system/bin/sh. We fix the issue by mounting
the image on /system_root and create a symlink to /system_root/system
for /system.
Bug: 22855115
Change-Id: Ia6b257b75aeb67687c3909063d1725a23a5ccd60
If system image contains the root directory
(BOARD_BUILD_SYSTEM_ROOT_IMAGE == "true"), we package the root directory
into ROOT/ instead of BOOT/RAMDISK/ in the target_files zip.
Change-Id: I817776ca97194991308b2131d0e34ab136283464
If BOARD_USES_FULL_RECOVERY_IMAGE == true, a full copy of recovery
image will be carried as /system/etc/recovery.img instead of a patch
at /system/recovery_from_boot.p.
Bug: 22641135
Change-Id: Ie271d3e2d55d7b003f667ac5b44203d69b23c63b
(cherry picked from commit 8beab69bd5)
Now that symlinks are created at build time, the rsync while
making recovery runs into issues around the etc symlink
Change-Id: Ie781507b22e4661629840075b274eaab2f712de6
Don't generate recovery.img when calling 'make dist' if
TARGET_NO_RECOVERY is set. The build system passes the flag to the
packaging script which then generates recovery.img conditionally.
Bug: 25329471
Change-Id: Ia7f08943834ee39e781d7e9b5beb1b31d95a73d9
(cherry picked from commit db45efa647)
The config file will be passed to delta_generator to add the postinstall
field in the update payload.
Bug: 24537566
Change-Id: I06b8d9d0b2c37f9a3e7a844ac4d9e2eead8cd4d2
TEST: make dist
check_prereq is a tool for recovery API v2, which has been obselete
since we moved to v3 in [1].
[1] commit e08991e02a7d678f2574e85289a34b2a9a537c82
Bug: 24621915
Change-Id: Ie96348fb56c5a3e029cac2417b59d8eb62dc085b
The build requires LINUX_KERNEL_COPYING when building
the notices. Change from depending on a file in
prebuilds/qemu-kernel to one in /build/core.
This is required as Brillo does not have the qemu-kernel
in its checkout.
BUG=25578534
Change-Id: Ieff6970035d27884c0769106e507284c1096c33f
For AB builds, add the build type to META/build_type.txt so the
server can easily determine user, userdebug, and eng builds
from each other.
Bug: 25420005
Change-Id: I6e4de2ba36a6fd1208c65a434d4725bb93d2cee6
ziptime fails on zip file larger than 2GB.
These zip files won't installed on device and we don't care that much
about their reprodudcibility across builds.
Change-Id: I47062928d075a59eda92dd5333e59502f490d1cb
Pass -X to zip so that Unix UID/GID and extra timestamps aren't
saved into the zip files.
Add a new tool, ziptime, that uses a very stripped down copy of
zipalign. It no longer depends on libandroidfw, and now rewrites the
timestamps in place instead of making a copy of the zipfile. This should
improve speed and reduce disk requirements, especially with the large
packaging zip files.
Bug: 24201956
Change-Id: I50f68669f659da1b4393e964ad40b6aafb00c1e7
Specifically, do not error out if no installable apps are found.
- When creating an archive of all the apps, and if no apps exist
for the target, generate an empty archive file.
- If building for a target with no installable jar(s) or apk(s),
generate an empty package stats file.
The former is just an output artifact. The latter is used
by the upload_pkg_stats.py script which correctly handles
an empty input file.
BUG: 23421592
Change-Id: I48db9f9e1f61914d8fd938130e09b41849685450
This reverts commit 3c2c064c87.
zipalign depends on libandroidfw, and some setups don't include frameworks/base.
Bug: 24201956
Change-Id: I48ee95808924f6b2221f0a49ab205c2565096b1f
Pass -X to zip so that Unix UID/GID and extra timestamps aren't
saved into the zip files.
Add a new option to zipalign, -t, to replace all timestamps with static
timestamps (2008 Jan 1 00:00:00). Use this for all non-APK zip files.
APK zip timestamps are set based on the certificate date in SignApk.
Bug: 24201956
Change-Id: Ifb619fc499ba9d99fc624f2acd5f8de36d78ef8e
- For unmodified "make product-graph" and "make dump-products",
load only the current product configuration makefiles. This is much
faster than loading all product makefiles.
- For "make product-graph ANDROID_PRODUCT_GRAPH=--all",
"make dump-products ANDROID_DUMP_PRODUCTS=all", load all product
makefiles.
- Move product-graph.mk out of build tasks, so we can skip loading all
the Android.mks, which takes long and we don't really need them.
More importantly, with all product makefiles loaded, modules in
Android.mks are prone to clash (if they are conditionally included
by variables set up in product makefiles) and lead to parse-time
error.
Change-Id: Idc1d6b0c23eb2c8bb34fdd7a1fa4d56171768d21
Don't generate recovery.img when calling 'make dist' if
TARGET_NO_RECOVERY is set. The build system passes the flag to the
packaging script which then generates recovery.img conditionally.
Bug: 25329471
Change-Id: Ifbc999300d5c31e897878f81e231ae7dd2aca660
To accommodate new changes (such as error correction in [1]) to BBOTA
in N release. We bump up the version to keep the OTA script backward
compatible.
Needs the matching CL in commit
1fdec8685af858c5ff4f45d2e3059186ab5ed2ab.
[1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca
Change-Id: Ib9158b455cd5905fe2d4742ce81feb1b7583054f
In order to have all the A/B updater variables in the same AB_OTA_
namespace we rename UPDATE_AB_PARTITIONS to AB_OTA_PARTITIONS.
Bug: None
Test: `make dist` includes the partitions.txt file if properly configured.
Change-Id: Ied4faabd7e2f0ab8a5007afb44ad2f38df8d630d
When using the A/B updater, include the product id string to
target_files.zip.
This is needed by the Omaha backend.
Bug: 24946811
Change-Id: I2ce5f6cffe440c29a1820348ee215c71cec07861
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
When using the A/B updater, include the product version string to
target_files.zip.
This is needed by the Omaha backend.
BUG: 24743570
Change-Id: Idaba06624c1de452b1e1f9d3ebec851229af987a
The OTA/bin tools are not needed in the target files zip when using
the A/B OTA updater.
Bug: 24577767
Change-Id: I7938a906e4d73709aaa944e8065f922536072e27
The list of A/B partitions updated is product-specific. Normally you
would update boot and system, but the product could require to update
other partitions during a system update. This patch packages the list
of A/B partitions configured to be updated when using the A/B updater.
The list can be set in the product makefile by setting the make
variable UPDATE_AB_PARTITIONS.
Bug: 24387863
Test: `make dist` creates the META/ab_partitions.txt in the target_files.zip
Change-Id: I4226ab05c7c7cd74721b06f1da64c6cf4d0e52ac
This config file pulled directly from the source specifies the update
payload version supported by the code. When generating an incremental
update payload for the A/B updater, the generated payload format will
match the version supported by the old version.
Bug: 24406755
Test: `make dist` on Brillo.
Change-Id: Ib7ac6828d0d34eb31e786dbaae5d59ecf26c3576
This is to support the change to bsdiff which depends on
libdivsufsort.so and libdivsufsort64.so now.
Bug: 24332905
Change-Id: I232fc1b2abda67456f012a83fa4f69a99bc6ea14
When BREAKPAD_GENERATE_SYMBOLS is set to true, package the breakpad
symbols into the target files zip thats generated with `make dist`.
Bug: 24165970
Change-Id: I11c0d9a9d9e159475bfdb7bc338f9e9ac60aeada
Similar to installed-files.txt, installed-files-vendor.txt lists the
content of vendor.img.
Bug: 24009297
Change-Id: Ib8112b19cc9f54d0c0d6a829063e4fe72d8ce664
This reverts commit d07bfc5196.
Real fixes [1][2][3] are ready to merge. Time to revert the workaround.
[1] commit d47d8e1488
[2] commit 1fc67631ee
[3] commit 937847ae49
Bug: 22430577
Change-Id: Icd6623e8717c93ad1f12cd1ba43db5e006e928ad
Add a target to zip up all the otatools and releasetools, for easy
copying to the OTA builder machine.
Change-Id: I55a6d93c1de75ac936d941c0e3ae72897407f563
(cherry picked from commit f22b0f43ef)
This moves all of the date references under build/ to using a single
datetime that can be set manually using BUILD_DATETIME.
It also adds an option, OVERRIDE_C_DATE_TIME, that if set to true, will
redefine __DATE__ and __TIME__ for all C/C++ files so that it matches
BUILD_DATETIME.
Bug: 23117013
Change-Id: I7c17a32b794a5adf40b9cd69136fb0ff9f6084ec
This moves all of the date references under build/ to using a single
datetime that can be set manually using BUILD_DATETIME.
It also adds an option, OVERRIDE_C_DATE_TIME, that if set to true, will
redefine __DATE__ and __TIME__ for all C/C++ files so that it matches
BUILD_DATETIME.
Bug: 23117013
Change-Id: I880ef103a26bca86bd7bf42d58e62e740a6228c8
Also removed the unneeded variable DISTTOOLS
and the unnecessary dependency of otapackage/updatepackage on DISTTOOLS.
Bug: 23085297
Change-Id: I6b269003a72bb48eda1260c8d9b4bd88974bcde9
Set TARGET_PRIVATE_RES_DIRS in your BoardConfig.mk to specify custom
private recovery resource directories.
With this change you can share the same recovery resource dir for more
than one device; Also you can specify more than one directories.
Change-Id: Ieeb18f5ac11c98b6f08d0ab6fb4e0d9aa72b27e7
Currently, the keyblock was being generated using
data_key.vbprivk. However, we need to use kernel_subkey.vbprivk for
kernel keyblock generation. This did not create any issues until now
because dev-mode just throws a message saying that keyblock is
invalid. But, normal-mode does not boot if keyblock is
invalid. Add extra parameter for passing in kernel subkey to
vboot_signer script.
TEST="make bootimage-nodeps" generates correctly signed
boot.img. Verified that the image boots fine in normal mode.
Change-Id: I0fc2183b466e34ddf1d98c9532072548504fcec4
Signed-off-by: Furquan Shaikh <furquan@google.com>
If system image contains the root directory
(BOARD_BUILD_SYSTEM_ROOT_IMAGE == "true"), we package the root directory
into ROOT/ instead of BOOT/RAMDISK/ in the target_files zip.
Change-Id: I817776ca97194991308b2131d0e34ab136283464
Change all uses of the file_contexts file to use the
file_contexts.bin file instead.
Depends on
I75a781100082c23536f70ce3603f7de42408b5ba
I43806d564b83d57f05f5c36c8eba7b1ff4831b04
Id560d093440a2aba99cef28c20133b35feebf950
I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400
Change-Id: Iaf8c4b2e420f610425a07f48db7af32bda3f5b3a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Now that symlinks are created at build time, the rsync while
making recovery runs into issues around the etc symlink
Change-Id: Ie781507b22e4661629840075b274eaab2f712de6
For system images that contain the root directory, "adb shell" in
recovery stops working if the image is mounted at "/system", because
sh now locates at /system/system/bin/sh. We fix the issue by mounting
the image on /system_root and create a symlink to /system_root/system
for /system.
Bug: 22855115
Change-Id: Ia6b257b75aeb67687c3909063d1725a23a5ccd60
If BOARD_USES_FULL_RECOVERY_IMAGE == true, a full copy of recovery
image will be carried as /system/etc/recovery.img instead of a patch
at /system/recovery_from_boot.p.
Bug: 22641135
Change-Id: Ie271d3e2d55d7b003f667ac5b44203d69b23c63b
(cherry picked from commit 8beab69bd5)
If BOARD_USES_FULL_RECOVERY_IMAGE == true, a full copy of recovery
image will be carried as /system/etc/recovery.img instead of a patch
at /system/recovery_from_boot.p.
Bug: 22641135
Change-Id: I4acaca86c22bca55c2b936a820edf1f333615609
Using $(BUILD_NUMBER) inside a rule causes odd behavior, as the rule
is different every time make is run, but since make doesn't depend
on the command line it only ends up being built with the new value
if some other dependency has changed.
To allow ninja, which does depend on the command line, to provide the
same behavior, store the build number in out/build_number.txt, and
use a shell expansion to cat the file in rules that use it. This will
cause the rule command to stay identical between builds, while still
getting the new build number if the rule is rerun for a dependency.
Also use the same trick for BUILD_FINGERPRINT, and the date in
droiddoc rules.
Change-Id: I6c5e6b6b3ef4c613563d7f5604df0e401575ba5f
angler and bullhead have smaller cache partiton (~100MB) and hit issue
with incremental OTA (such as MDA09B to MDA12) that requires more stash
space with BBOTA v3. Temporarily use v2 as a workaround, until we come
up with a real fix. Note that BBOTA v2 still uses some stash space, but
should be much smaller than v3.
Bug: 22430577
Change-Id: Ic4c05f3609732e7d5140703062da9fe11df5c6d3
file_contexts (specified by SELINUX_FC) is needed both when building
and (re)packaging. We used to use the copy in out/ when building, and
looked for the copy in BOOT/RAMDISK/ when packaging from target_files
zip. With system_root_image enabled, the file_contexts needed for
building and packaging might be different from the one on device. So
we explicitly pack the file as META/file_contexts in target_files zip.
Also refactor out the overriding of selinux_fc property into
common.LoadInfoDict().
Change-Id: I94f9ea6671b3792c12c1c21573840743d63da39a
(cherry picked from commit aa7318c384)
fs_config function from libcutils, in order to properly set the xattr FS
used to define device specific uid, gid, permissions and capabilities,
now needs TARGET_OUT make variable to be passed explicitly to all tools
using it:
fs_config
fs_get_stats used by mktarball.sh
make_ext4fs used by mkuserimg.sh
mksquashfs used by mksquashfsimage.sh
Bug: 21989305
Bug: 22048934
Change-Id: I6caf9cf870882fce2ead93027767092c29b75ded
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
It amends the last attemp in [1]. Now it computes the used blocks from the
make_ext4fs output, instead of altering its argument.
[1]: commit efbb5d2e69.
Bug: 21522719
Bug: 22023465
Bug: 22174684
Change-Id: Iaae6507f6de68a5892f2e3035d330039287b4492
(cherry picked from commit c7a6f1e4f8)
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
It amends the last attemp in [1]. Now it computes the used blocks from the
make_ext4fs output, instead of altering its argument.
[1]: commit efbb5d2e69.
Bug: 21522719
Bug: 22023465
Bug: 22174684
Change-Id: I9783a51abe6581ff5c75db81e78ac606d0f32c4c
We should not change the parameter to mkfs_ext4. Bug filed at
b/22174684. Will come up with a new CL.
This reverts commit efbb5d2e69.
Change-Id: I15f7a9a07a65a936ba186d2ce672ec4832ed3e17
Due to the change in https://lwn.net/Articles/546473/, kernel reserves a
few extra blocks (lesser of 2% and 4096 blocks) on ext4 FS which leads to
OTA update failures. Adjust the size computation if the device has
BOARD_HAS_EXT4_RESERVED_BLOCKS := true.
Bug: 21522719
Bug: 22023465
Change-Id: I49f16adbf2dedc5279fbb8622bf99ef71dcc494f
Set the initial (version 1!) value for the preview SDK version
readable by apps. If we're on a release version, force it to be 0.
Change-Id: Ib3e6cad1f59cea8e4a781827d4a35dd3620b90f1
shamu has a 560dpi density, which is between xxhdpi and xxxhdpi. It
deserves the large font (18x32), otherwise it falls back to use the
small one and makes it mostly unreadable under recovery mode. Amend
the list to include 560dpi and 400dpi that are higher than xhdpi.
Ideally we should map string formats back to numbers for easy
comparison (and to handle any high but odd density values).
Change-Id: Ie08d9ce5e1c8850ff30a79bcbfd1b89e971b7e07
With this, you can easily add more executables, jars or shared libraries
to the package. Also now it automatically takes care of
32-bit-v.s.-64-bit library issue.
Change-Id: I5afe00fadc978d0da229b192eca1a4b1c149764e
Allow dm-verity to be enabled without boot and recovery images being
signed. This makes it possible to enable only dm-verity to detect
corruption without confusing bootloaders that do not understand signed
images.
Bug: 19985143
Change-Id: Ie52c6ff595faa7a5c1f1bc1b37f6899c4d0c7001
Add vboot properties to the dictionary file, which will be packed into
the target_files zip. Add support in packaging and OTA scripts to
sign the generated bootable images (boot.img and recovery.img) when
vboot is enabled.
Change-Id: I08758ced03d173219415bca762bbdb66c464a9f5
(cherry picked from commit 5d5a3bd9e8d8b14b71d1b2105417a2958d13d3d2)
Added support to build system.img that combines contents of /system and
the ramdisk, and can be mounted at the root of the file system.
To enable this feature, define BoardConfig.mk variable:
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
Ideally we would just change TARGET_OUT (the path of the staging system
directory) to under TARGET_ROOT_OUT. But at this point many places in
the build system assume TARGET_OUT is independent of TARGET_ROOT_OUT and
we can't make it easily configurable.
Instead this implementation takes the least intrusive approach:
We don't change TARGET_OUT or TARGET_ROOT_OUT. We just assemble a
temporary staging directory that contains contents of both TARGET_OUT
and TARGET_ROOT_OUT, in build_image.BuildImage() of
tools/releasetools/build_image.py.
When build_image.py is directly called from the makefile, we pass in the
parameters from the global dictionary; when build_image.BuildImage() is
called from add_img_to_target_files.py, we need to override values to
point to files extracted from the target_files zip file.
We need to combine the fs_config files of both /system and ramdisk,
when fs_config is enabled.
Also this change refactored build_image.BuildImage() by moving the extra
parameters to the image property dictionary.
(cherry-picked from commit 0eabd4f2c5)
Bug:19868522
Change-Id: Iafc467a0e3427b0d6ad3b575abcc98ddcc9ea0f1
The change follows the patten found in "Package OTA" and other places
to allow for overriding the mkbootimg command.
Now pass MKBOOTIMG variable to get make_recovery_patch and add_image_to_target
to use the tool set in BOARD_CUSTOM_MKBOOTIMG for boot/recovery image
generation.
Change-Id: I78533c25e87c2750eb24ac1bf39e4b7ca321a441
Added support to build system.img that combines contents of /system and
the ramdisk, and can be mounted at the root of the file system.
To enable this feature, define BoardConfig.mk variable:
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
Ideally we would just change TARGET_OUT (the path of the staging system
directory) to under TARGET_ROOT_OUT. But at this point many places in
the build system assume TARGET_OUT is independent of TARGET_ROOT_OUT and
we can't make it easily configurable.
Instead this implementation takes the least intrusive approach:
We don't change TARGET_OUT or TARGET_ROOT_OUT. We just assemble a
temporary staging directory that contains contents of both TARGET_OUT
and TARGET_ROOT_OUT, in build_image.BuildImage() of
tools/releasetools/build_image.py.
When build_image.py is directly called from the makefile, we pass in the
parameters from the global dictionary; when build_image.BuildImage() is
called from add_img_to_target_files.py, we need to override values to
point to files extracted from the target_files zip file.
We need to combine the fs_config files of both /system and ramdisk,
when fs_config is enabled.
Also this change refactored build_image.BuildImage() by moving the extra
parameters to the image property dictionary.
Bug:19868522
Change-Id: Iafc467a0e3427b0d6ad3b575abcc98ddcc9ea0f1
Some releasetools python sripts rely on $PATH to search for the
executables. With this change, you don't need to run lunch even after you
change the build system variable OUT_DIR.
Bug: 19320328
Change-Id: Ia44b11084fb1bdcceb60b1d33cb7e460c9b705a8
(cherry picked from commit 9d252e1009)
Add a target to zip up all the otatools and releasetools, for easy
copying to the OTA builder machine.
Change-Id: If14b4afefcc1a20ea19dfca3f3b9f9fae73189a6
(cherry picked from commit f22b0f43ef)
"cp -Rf" fails on Mac OS when some broken symlinks exist in the dest
dir.
Also switch to better shell error handling when copying
init.recovery.*.rc.
Change-Id: Idd05f7604736b234619f62be12dd108fac91fed1
"cp -Rf" fails on Mac OS when some broken symlinks exist in the dest
dir.
Also switch to better shell error handling when copying
init.recovery.*.rc.
Change-Id: Idd05f7604736b234619f62be12dd108fac91fed1
Todd Poynor