If you had a target_files without a recovery patch and specified
--block (which should have no effect without a patch), it would have
omitted some necessary commands from the OTA script.
Change-Id: I96e79cd561ebf09cfe53792d1cc558cc71479869
Block OTAs don't have the system partition mounted and so can't use
file_getprop on the system partition. Make assertions look at the
recovery system finger/thumbprints, which should be the same as the
ones on the system partition (even for sprout devices).
Change-Id: Ie5d329d13beab4b428e37f75da9b9e1b8ceb35bc
Without this, system images will be built that do not contain the
necessary bits for verification.
Change-Id: Icaa636085dbfd386424c90dfbe404c5960df0fe4
A separate OEM file must be specified to provide the expected
values for these properties. The list of properties comes from
the "oem_fingerprint_properties" list in misc_info.txt
Bug: b/13367676
Change-Id: I1a3eaf108492132cf6f595a5d1c9f7e0c3cb3142
The C++ version avoids the need to unsparse the image to generate
the verity image, and is much faster for images with large regions
of don't care (treated as zeroes).
Change-Id: I8396b08a5fdb93f27d8c71c9c1ac23cb75cf1f7f
To build oem.img:
- You must define BOARD_OEMIMAGE_PARTITION_SIZE in your BoardConfig.mk
- The file system type will be the same as system.img and userdata.img.
- To install a module to oem.img, use "LOCAL_OEM_MODULE := true"
- run "make -j48 showcommands oem_image dist". By default it's not
built.
Bug: 13367676
Change-Id: I1a26d4d0c61b72ecffe60279667b1b3de050780d
Now that OTA packages can be downloaded to /data, if they include a
data wipe we should do that last.
Change-Id: I75102fb2ff85d0f0110d55dfca06ec5f38104850
After building a patch for the system image (for incremental block
OTAs), apply it to a local copy of the file and test that it succeeds.
This is an imperfect test as it's using the local client's
syspatch_host, which may differ from the syspatch library actually
used in the target build, but it's somewhat better than nothing.
Change-Id: Ic0001b0145881e2ebd4b5b36ce9b5bcebd76deb4
The system partitions has regions that we shouldn't write and can't
depend on the contents of. Adds a new script to generate a map of
these regions (using the sparse image as input), and include the map
in the package zip so it can be used when writing or patching the
system partition.
Also fixes a bug where the wrong SELinux file contexts are used when
generating incrementals.
Change-Id: Iaca5b967a3b7d1df843c7c21becc19b3f1633dad
Add the --block flag to this script to control whether block-based OTA
packages are generated (defaults to off). Make the full OTA package
produced by "make otapackage" continue to produce a block-based OTA.
Also fix a problem where block incremental OTAs didn't ever succeed,
and the --no_signing option never worked.
Change-Id: I610d0b4abed4b8b65fbe8ce0abaeec6cf52e14a1
These scripts already use some post-2.4 features, so let's make it
official: Python 2.7 is needed to run them.
Change-Id: I256e9ed99b0b62abe4e22a7b1f811acb7419e88e
The target_files zip should now contain the recovery-from-boot patch
and the script to install it. This means that sign_target_files_apks,
which generates a signed target_files from an unsigned target_files,
now needs to recompute the patch and script (taking into account the
key replacement, property changes, etc., that it does) so its output
contains the correct patch.
Change-Id: I18afd73864ba5c480b7ec11de19d1f5e7763a8c0
Instead of writing individual files and fixing up their metadata, make
full OTAs contain a system image and simply write it to the block
device.
This is only done for target-files that already contain the recovery
flashing information, older target-files still get a file-based full
OTA.
Bug: 12893978
Change-Id: If7586083c8f275e24fec49d260af5b5aff4a0a88
Currently, the "img" zip files generated by the build system lack the
script and data needed to rewrite the recovery partition, while the
"ota" zip files do (when installed).
In order to move towards block-based OTAs, we want the result of
flashing an image and the result of installing the corresponding OTA
package to be identical.
Generate the recovery-from-boot patch and install script as part of
the process of building the target-files. This requires breaking the
code to generate that out of ota_from_target_files into its own tool
that we can run from the Makefile. (ota_from_target_files can still
do this, so it continues to work with older target-files.)
Bug: 12893978
Change-Id: I80e62268840780b81216e548be89b47baf81b4ac
If the target_files zip for the target build contains a
META/releasetools.py (which it has since Nov 2013), prefer that over
using a releasetools.py from the local client.
Explicitly specifying the device-specific extensions path via
command-line options takes priority over both of the above mechanisms.
Change-Id: Ia068b0e2e06ede7da89ebe4315cdec592eb8995e
Sometimes it is useful to be able to tell ota_from_target_files
to not sign the output zip file. For instance, the private
release key may not be available when ota_from_target_files
is executed; similarly the release tools may not be available
or executable where the private key is stored.
This change adds an option, '--no_signing', to simply output the
unsigned OTA zip file, instead of spuriously signing it with the
test key even though the zip file would need to be re-signed later
with a different key.
Change-Id: I1f3c4dc8ffa35ce85478f848b147aff3d40fe283
In eng builds, ro.display.id has many space separated items and was
resulting in an error when trying to rewrite it as 'value' gets
turned into a list and never converted back to a string.
Change-Id: I6c8633ed2eb52c56a4097992a32d53d80df4f844
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This would cause an existing sparse image to be reused by a
subsequent build, leading to verity failures.
Change-Id: I2082df3dfba014515c9267e02189fe9987a56830
Pass the -T option to mkuserimg.sh to set all timestamps in the system
image (and any other ext4 image we build) to the value of
ro.build.date.utc for the build. This makes images produced from a
given target_files bit-identical.
Change-Id: Ibba5fa7a610f476209ef61708729cfd79dece0b6
When run with the -2 option, ota_from_target_files will generate a
package (full or incremental) that does some extra reboots in order to
install the new recovery first, so that the rest of the installation
is done with the new recovery. This can be useful if (say) the
package installation needs some features from the newer kernel.
For incremental packages, the verification phase is still done with
the old recovery.
This is only supported on devices where the misc partition is EMMC
(not MTD).
Two-step packages are slower to install and possibly confusing to
users (they will see their device reboot four times instead of twice),
so only use this option if necessary.
Change-Id: I3267d905e5e8eb1a1eb61bf48255b8b24ffc4ad1
* commit 'c3644114805150eef2f5035085878e5f860c7436':
Revert "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add."
* commit '8ea83e902d931591af37e747763e768e7a6990be':
Revert "Enable incremental builder to find files that moved, and try to process them via patch + rename, instead of delete + add."