For non-A/B, you must supply the --system-item-list, --other-item-list, and
--system-misc-info-keys parameters approrpriate for merging two partial target
files. Additionally, you must supply the --rebuild-recovery option to correctly
generate the filesystem config and file contexts. With all of these parameters,
the script will generate a merged target files containing the correct recovery
files.
Also fix the --keep-tmp option to be consistent with the other options.
Bug: 122813742
Test: verify that merged target image boots and can perform OTA.
Change-Id: I5a942ac0cd9924fec419a686794a2340304594c8
This reverts commit 9788b4ed31. All the
blocking issues have been addressed.
Fixes: 120517892
Test: Run validate_target_files.py on crosshatch signed
target_files.zip.
Change-Id: I95de241e159998e002dedddafea65953b1a1b263
Previously it was following a wrong order by doing `zipalign` after
calling SignApk, which effectively compromised the signature. This CL
corrects the logic, and follows the same flow as in build system:
- Pack APEX file;
- `zipalign -f 4096`;
- Call SignApk to sign the container with `-a 4096` flag.
Bug: 129148142
Test: Run sign_target_files_apks.py on taimen target_files.zip. Boot the
image after signing.
Change-Id: I91bd3dce4f45c1891c5e122212a699f4808618fa
(cherry picked from commit 0e06cb0a8b)
To build a complete list of the dynamic partitions and partitions
groups, we need to merge the contribution from the system and other
target files.
Bug: 127687287
Test: Running merge_target_files.py and observing partition lists are
merged as expected.
Change-Id: I5bb9bd0e3179d48c9bfacdb3aca8253158f61cf6
For PRESIGNED APEXes, we should keep carrying the matching public keys
at /system/etc/security/apex.
Bug: 129148142
Test: Run sign_target_files_apks.py on a target_files.zip with presigned
APEXes. Check the output zip.
Change-Id: I2e941fd9b10e99d2db9df1e5308cbbe8c760177b
(cherry picked from commit bf3fb024cd)
This change changes auto-generated RROs from DEVICE_PACKAGE_OVERLAYS
to be generated in the vendor partition, as opposed to /product where
they were generated in the past.
Note that PRODUCT_PACKAGE_OVERLAYS continue generating RRO packages
to /product, which means that a single app can be overlayed from
different partitions. These RROs have been given module and package
names based on their location.
Bug: 127758779
Test: verify noop on presubmit targets
Change-Id: I5cee70e28e3969e67b2d83eaf25d9c6e3a11102d
This reverts commit 5516d37f41.
The previous issue in unzipping non-matching files has been addressed
with commit a49054ca2f2959f50f3188914ec0faebc90ebcbe. This CL rolls
forward to allow dumping container certifcates for APEXes.
Bug: 128848294
Test: Run check_target_files_signatures.py on target_files.zips w/ and
w/o APEX files.
Change-Id: I662aab3d96fc40ac8e5e206e32b73ac763220b70
common.UnzipTemp() calls `unzip` to do the unzipping, which will
complain if there's non-existent names in the given list. Prior to this
CL, callers had to do the work to remove non-existent entries. This CL
filters out the given patterns in common.UnzipTemp()/common.UnzipToDir()
to make callers' works easier.
Bug: 128848294
Test: `m dist` with aosp_taimen-userdebug (which calls
ota_from_target_files.py on a target_files.zip that doesn't
contain RADIO/*).
Test: `python -m unittest test_common.CommonZipTest`
Change-Id: I5e741c27ea8d0b8126c398a7e1b56a8deb4a3d7f
When TARGET_VNDK_USE_CORE_VARIANT is set to true, the vendor variant of
VNDK libraries are by default not installed. Instead, the core variant
will be used by vendor binaries at runtime.
To ensure the core variant of VNDK libraries are installed, we also add
a flag LOCAL_VNDK_DEPEND_ON_CORE_VARIANT to indicate that the vendor
variant module depends on the core variant module. This flag should be
set by Soong for all VNDK libraries without the vendor variant
installed. When the flag is set, the vendor variant binary is also
compared against the core variant binary to ensure they are
functionally identical.
As we are merging the two variants for some libraries, we need a new
link type to denote a module is usable as both native:vndk and
native:platform. We add native:platform_vndk for this.
Bug: 119423884
Test: With the corresponding Soong change, build with
TARGET_VNDK_USE_CORE_VARIANT set to true.
Test: Add a dummy VNDK library and a dummy vendor binary that depends
on it. Build with no-vendor-variant VNDK and check the core
variant is installed.
Test: Add conditional compilation based on __ANDROID_VNDK__ in the
dummy VNDK library and check build fails.
Change-Id: I40000f2728e8193212113c1ee950e9d697f2d40d
Currently system_other AVB public key is placed in system.img.
However, this makes it's harder to have a *generic* system.img
across different product configs. Moving the key to /product
partition to allow more product-specific AVB keys.
Device board config can add /product/etc/fstab.postinstall,
to mount system_other with this key in /product. It can specify
different mount options, file systems, verity settings, etc., in
this product-specific fstab as well.
Bug: 123611926
Test: `make productimage` checks the following is generated.
$OUT/product/etc/security/avb/system_other.avbpubkey
Also checks it's included in $OUT/installed-files-product.{json, txt}
Test: run the following command and checks that
PRODUCT/etc/security/avb/system_other.avbpubkey is updated:
./build/tools/releasetools/sign_target_files_apks \
--avb_system_other_algorithm SHA256_RSA2048 \
--avb_system_other_key external/avb/test/data/testkey_rsa2048.pem \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: I6804f29941bec54375d80bd68a5aedb5c23b842e
This commit updates how `check_elf_file.py` parses the symbol name
because the `llvm-readobj` (from clang-r353983) does not print "@" if
the symbol is not versioned.
See also. https://reviews.llvm.org/D56319
Bug: 128959554
Test: CHECK_ELF_FILES=true make check-elf-files
Change-Id: I0dee5e505225e57750a2c86cf0d25a151c218eb1
This CL adds support that allows treating an APEX as pre-signed. We can
skip signing an APEX with `-e <apex-name>=` and
`--extra_apex_payload_key <apex-name>=`. Note that the payload_key and
container_key must be in consistent state - either they're both
PRESIGNED or none of them is. CheckApkAndApexKeysAvailable() has been
updated to perform the sanity check.
Bug: 123716522
Test: Run sign_target_files_apks.py with the above flags.
Test: python -m unittest test_sign_target_files_apks
Change-Id: Id1e2f3f2facd4a97a385983cc9b78c028f7e7e73
This validation is to help ensure that any usage of custom merge config
files does not accidentally exclude any item that has been added to the
default config lists.
Bug: 124197349
Test: Run merge_target_files with custom merge config files.
Change-Id: I34c51cb75212368146a2944d37621f311060d24d
This reverts commit d8469727bc. The script
is broken on target_files.zip that don't contain any APEX.
Bug: 128848294
Test: Run check_target_files_signatures.py on target_files.zip w/o APEX.
Tao Bao