Do not copy the "META/care_map.txt" from the source zipfile when
signing the target files with sign_target_files_apks. Because we'll
generate a new care_map after rebuilding the system/vendor images;
and we'll write the new "META/care_map.txt" to the signed-target-file.
Change-Id: I6919cfdf8314a4084b5f612a9c89469f391486a4
Test: Run sign_target_files_apks locally, and the entry is updated.
Bug: 30812253
On A/B devices (i.e. system_root_image="true"), /default.prop is
packaged at ROOT/default.prop (as opposed to BOOT/RAMDISK/default.prop
for non-A/B devices). Update the path so that we handle properties like
ro.bootimage.build.fingerprint properly.
The one for recovery is not affected, which stays at
BOOT/RAMDISK/default.prop for A/B devices and gets updated correctly.
Bug: 30811237
Test: Verify the property in the generated signed-TF.zip.
Change-Id: Id201a042d7ea988a64f89c6d04f43326a9851e27
The update-payload-key is used by update_engine_sideload from recovery
to verify an update payload.
Bug: 27178350
Change-Id: I7a0a307ae565e5e9cbf2c9b58fbcc055e87771ce
We were using the package name as the key to index APKs. APKs from the
same package got messed up and gave wrong signature summary. Switch to
using the package filename as the key, which is identical in a given build.
Also fix the trailing space when printing the signature summary.
Bug: 30418268
Test: Run with a target_files.zip that has multiple APKs from the same package.
Change-Id: I6317e8c05e987c5690915e05c294153d10e2f0ab
We should disable using imgdiff if *any* of the source and target
partitions uses squashfs.
Bug: 30004734
Test: Create an incremental with two builds with one of them uses squashfs.
Change-Id: I826cd13d7b852c548e4b45e61f5ae00f6407cac3
(cherry picked from commit f8acad1480)
We use imgdiff to handle files in zip format (e.g. jar/zip/apk) for
higher compression ratio.
For system/vendor in squashfs, a) all files are compressed in LZ4
format; b) we use 4096-byte block size in their sparse images, but the
files in squashfs may not be laid out as 4K-aligned. So the blocks for
a given file as listed in block map may not form a valid zip file, which
may fail the patch generation with imgdiff.
Disable using imgdiff for squashfs images, and use bsdiff instead.
Bug: 22322817
Change-Id: Ie76aa4cece5c9d38cb1d1a34c505a4a8f37512d3
(cherry picked from commit 293fd135c7)
Generate a new file containing care_data of system (and vendor)
partition, and add it under META/ of target file package. For
A/B update, copy this file to OTA package for later use by
update_verifier.
Bug: 27175949
Change-Id: I90bb972703afaeb94bc3efe718fd81b1cfbcabcc
update_engine expects the extracted public key instead of the
certificate.
Bug: 28701652
Change-Id: I292d39da9e039f96d01a4214226aeb46f8cb881d
(cherry picked from commit afaf295cb8)
We should disable using imgdiff if *any* of the source and target
partitions uses squashfs.
Bug: 30004734
Test: Create an incremental with two builds with one of them uses squashfs.
Change-Id: I826cd13d7b852c548e4b45e61f5ae00f6407cac3
add_img_to_target_files.py has an option of "-a" to add missing
images only. Under this option, the script should skip copying
the radio images for A/B devices when given image exists already
under "IMAGES/".
Test: Run the command on an A/B device, the existing radio images under "IMAGES/" don't get overwritten; and missing images are added correctly.
Bug: 29608905
Change-Id: Ie034b85a5d777d53e367f99470cea4d19cb1aaaf
For AB devices, support flashing two system partitions for factory use.
The normal system image on one partition, but without dex preopt. And a
system_other image that just contains the odex files. The dex files will
not be stripped out of the system image, in case the second system
partition is wiped.
Setting BOARD_USES_SYSTEM_OTHER_ODEX := true in the BoardConfig.mk
enables this behavior.
One can control which directories are placed in system_other by the
SYSTEM_OTHER_ODEX_FILTER configuration variable. Currently we default
to only copying only app and priv-app odexs.
Bug: 29278988
Change-Id: I7f4e87da919e7dc6a89fd8c668193cd4e98631bc
system_root_image expects the key at ROOT/verity_key as opposed to
BOOT/verity_key. Also refactor the verity key replacement lines.
Bug: 29397395
Test: 'sign_target_files_apks.py --replace_verity_private_key newkey --replace_verity_public_key newkey.pub target_files.zip signed-target_files.zip' and verify the replaced key in boot.img.
Change-Id: I58a5defff4be008ad55d4b5a5b7148569c3b8d66
(cherry picked from commit e0ee794fa1)
For A/B OTAs, by default it calls 'openssl pkeyutl' to sign the payload
and metadata with the package private key. If the private key cannot be
accessed directly, a payload signer that knows how to do that should be
supplied via "--payload_signer <signer>".
The signer will be called with "-inkey <path_to_private_key>",
"-in <input_file>" and "-out <output_file>" parameters.
Test: Use a dummy signer, call 'ota_from_target_files.py --payload_signer <signer> <target_files.zip> <ota.zip>' and verify the signatures in the generated package.
Bug: 28701652
Change-Id: I26cfdd3fdba6fc90799221741b75426988e46fd3
(cherry picked from commit dea0f8bfed)
Replace verity keyid with the keyid extracted from cert
passed through --replace_verity_keyid. The veritykeyid in the
BOOT/cmdline of input target files is replaced with keyid
extracted from --replace_verity_keyid and written to the
output target files.
BUG: 28384658
Change-Id: Ic683f36f543c4fcd94b6f95e40f01200fbf45ee1
(cherry picked from commit b58d23fe00)
It replaces the package verification key (change of path due to
system_root_image flag), as well as the payload verification key.
Bug: 29397395
Change-Id: I10435072aaf4356f2d8b5e1b6e82eb9cead7ad62
(cherry picked from commit 24a7206430)
Limit the number of blocks in each 'new' command to 1024. This should
decrease the chance of fsync error during an OTA update, similiar to
what we have done in b/29535618.
Bug: 29607757
Change-Id: I89f0a845d71eb810766e39860ab667c61b61a417
system_root_image expects the key at ROOT/verity_key as opposed to
BOOT/verity_key. Also refactor the verity key replacement lines.
Bug: 29397395
Test: 'sign_target_files_apks.py --replace_verity_private_key newkey --replace_verity_public_key newkey.pub target_files.zip signed-target_files.zip' and verify the replaced key in boot.img.
Change-Id: I58a5defff4be008ad55d4b5a5b7148569c3b8d66
Limit the number of blocks in command zero to 1024 blocks. This
prevents the target size of one command from being too large and
might help to avoid fsync errors during the OTA update.
Bug: 29535618
Change-Id: Ic630cea2599138516162bd0029e2e4b2af75bf4f
(cherry picked from commit bb848c54a7)
Limit the number of blocks in command zero to 1024 blocks. This
prevents the target size of one command from being too large and
might help to avoid fsync errors during the OTA update.
Bug: 29535618
Change-Id: Ic630cea2599138516162bd0029e2e4b2af75bf4f
For A/B OTAs, by default it calls 'openssl pkeyutl' to sign the payload
and metadata with the package private key. If the private key cannot be
accessed directly, a payload signer that knows how to do that should be
supplied via "--payload_signer <signer>".
The signer will be called with "-inkey <path_to_private_key>",
"-in <input_file>" and "-out <output_file>" parameters.
Test: Use a dummy signer, call 'ota_from_target_files.py --payload_signer <signer> <target_files.zip> <ota.zip>' and verify the signatures in the generated package.
Bug: 28701652
Change-Id: I26cfdd3fdba6fc90799221741b75426988e46fd3
Replace verity keyid with the keyid extracted from cert
passed through --replace_verity_keyid. The veritykeyid in the
BOOT/cmdline of input target files is replaced with keyid
extracted from --replace_verity_keyid and written to the
output target files.
BUG: 28384658
Change-Id: Ic683f36f543c4fcd94b6f95e40f01200fbf45ee1
It replaces the package verification key (change of path due to
system_root_image flag), as well as the payload verification key.
Bug: 29397395
Change-Id: I10435072aaf4356f2d8b5e1b6e82eb9cead7ad62
update_engine now accepts POWERWASH=1 to schedule a factory reset in
the post-install phase. Hook up with the --wipe_user_data flag in the
OTA script.
Bug: 28700985
Change-Id: Ie73876a61db90d124d2af588d674757376e9aabc
(cherry picked from commit 38ca0be399)
update_engine now accepts POWERWASH=1 to schedule a factory reset in
the post-install phase. Hook up with the --wipe_user_data flag in the
OTA script.
Bug: 28700985
Change-Id: Ie73876a61db90d124d2af588d674757376e9aabc
We use imgdiff to handle files in zip format (e.g. jar/zip/apk) for
higher compression ratio.
For system/vendor in squashfs, a) all files are compressed in LZ4
format; b) we use 4096-byte block size in their sparse images, but the
files in squashfs may not be laid out as 4K-aligned. So the blocks for
a given file as listed in block map may not form a valid zip file, which
may fail the patch generation with imgdiff.
Disable using imgdiff for squashfs images, and use bsdiff instead.
Bug: 22322817
Change-Id: Ie76aa4cece5c9d38cb1d1a34c505a4a8f37512d3
Needed to generate image.map and to optimize the OTA size
BUG: 22322817
Change-Id: I7802f4dbb9116a94ea99a00b68c3a7ff180ef08a
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
This patch uses subprocess.communicate instead of subprocess.wait to
prevent deadlock if any of the child processes outputs too much data,
and redirects the subprocess output to stdout when running in verbose
mode.
With this patch `ota_from_target_files -v` prints the delta_generator
output in stdout, and no output if '-v' is not passed.
Bug: None
TEST=ota_from_target_files -v ...
Change-Id: Id66e4f3360a6f91d61a3ce96d53afbccdaa19da5
Add the build property "build.version.incremental" of the source (if
present) and target files to the metadata of the ota update package.
Example of metadata:
....
post-build-incremental=2951741
post-timestamp=1465345123
pre-build-incremental=2943039
pre-device=bullhead
...
Bug: 28658632
Change-Id: I889e8ccf39633b1b35590751001a42d1b05d5514
am: 654e4fb023
* commit '654e4fb02368b05cbfba3246b4c634512fa84464':
Report error codes in the OTA update script
Change-Id: I333bd45886d5915858b762e086d8a263f81b26e2
am: 6a912c14dd
* commit '6a912c14ddc39e3ef70ba2b4b484ef080ef61d3b':
Report error codes in the OTA update script
Change-Id: I2fc44e04861523d21724d39ab7e5fa2c0d6a4af7
am: 654e4fb023
* commit '654e4fb02368b05cbfba3246b4c634512fa84464':
Report error codes in the OTA update script
Change-Id: Ic8d04a484bdf6d08af5109a71967c3d5f8f0be27
Modify the abort() function in the OTA update generation script to
report an error code. The recoveryimage will parse the code and write it
into last_install for further data analysis.
Bug: 28934032
Change-Id: I2d62f81fd352c3102fb84f054972ac0ecb965a21
am: a22d0a88ba
* commit 'a22d0a88ba74bba43a8683e542b5f46eb9afce22':
Include BRILLO_VENDOR_PARTITIONS in target zip generation
Change-Id: I44390a1512b24880183d40d35087409b9693435f
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
The target zip will include images in BRILLO_VENDOR_PARTITIONS if
defined, under VENDOR_IMAGES/ with path kept. Also any vendor partitions
defined in AB_OTA_PARTITIONS will be copied to IMAGES/ in the target zip.
BUG: 28623063
Change-Id: Ic479048dfb8ac506acf827865e784fcb0432a1d5
am: eb06b4d3b3
* commit 'eb06b4d3b3862759ca15e9c52802808debc0a295':
Include vendor partitions in target zip generation
Change-Id: I9646c90fbe5c57a1f8c6022b8aad03f4e19f56e7
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
BUG: 28623063
Change-Id: I6e0969c31c9ad2e8285c6f560825c160aa8c4d55
We used to erase all the unused blocks at the end of an update. In order
to work around the eMMC issue in b/28347095, we move part of the erase
commands, which won't be used during the update, to the beginning. The
reset would be erased at the end. This is in hopes of avoiding eMMC
getting starved for clean blocks which would otherwise fail an OTA.
Bug: 28347095
Change-Id: Ia96b06216b35d6700858687a66734af36d0ec213
commit f54216f292 packed the base_fs files
into target_files.zip and added assertion to ensure the existence of the
files. We don't want to fail the OTA generation for the target_files.zip
without the base_fs files. Change the assertion into warnings instead.
Bug: 28547368
Change-Id: I6fd758a0a4fdfff02d1640fa46cf43d971627e26
Pack the base_fs files ({system,vendor}.map) into target_files.zip,
which would be needed when rebuilding the images at signing.
Reset the base_fs paths to point to the files in META/.
Also add blk_alloc_to_base_fs into otatools.zip.
Bug: 27698960
Change-Id: If4eb274b3f3d839c4365624f46f0dc89bd2fa440
am: f31a6de
* commit 'f31a6deeeeb896cc516c2f2f91ceff1fd0702938':
target_files_diff: Fix the issue with file type change.
Change-Id: I4f13b01aa009d7f33692eb20d6ff2c6de241b728
When a file is switched from a regular file to a symlink, we should skip
the comparasion.
Bug: 28373409
Change-Id: I8fef00ab9f2d6f811fde1cadf595e8bd46af2dfd
(cherry picked from commit f31a6deeee)
When a file is switched from a regular file to a symlink, we should skip
the comparasion.
Bug: 28373409
Change-Id: I8fef00ab9f2d6f811fde1cadf595e8bd46af2dfd
am: 05ce0a9
* commit '05ce0a94a5a6eec3113b62a39f97401e6a3fb3a0':
Skip verifying the partition with no changed blocks.
Change-Id: I8a3a9f8fe7bcf25fd719940d883a22a7adcfdef9
For incremental BBOTAs, commit [1] changed to verify only the touched
blocks to reduce the update time. This CL fixes the bug when there's no
changed block between the two builds.
[1]: commit d522bdc9ed
Bug: 27813356
Bug: 28195498
Change-Id: Ia752d3cf034c544517458ed15df509d4596e21fa
(cherry picked from commit f9efe284a4)
For incremental BBOTAs, commit [1] changed to verify only the touched
blocks to reduce the update time. This CL fixes the bug when there's no
changed block between the two builds.
[1]: commit d522bdc9ed
Bug: 27813356
Bug: 28195498
Change-Id: Ia752d3cf034c544517458ed15df509d4596e21fa
am: 21528c5
* commit '21528c5e053e28cd52d603eded53ffaf36d22637':
releasetools: Only verify the blocks to be touched.
Change-Id: I053c7da789c44916456109c5153f6628fe38c849
For incremental BBOTAs, we used to verify the integrity of all the
blocks in the source partition. In order to reduce the time cost under
recovery, this CL changes to only verify the blocks that will be touched
in the given OTA package (BBOTA >= 3 only). This is a trade-off between
performance and reliability.
Bug: 27813356
Change-Id: I3975ae6f461f0f7e58d24f1df7df46a449d2988b
(cherry picked from commit d522bdc9ed)
After applying update_target_files_incr_ext4.sh, some files may end up
occupying unsorted block fragments. In one example, an apk file has the
block range [258768-259211,196604]. The monotonic flag in rangelib sets
incorrectly for this example and leads to a bad input file for imgdiff.
After fixing the flag, bsdiff is called instead of imgdiff and the
incremental OTA package generates successfully.
Bug:28053885
(cherry picked from commit cd1e16a761)
Change-Id: If286eb382e59b3084a8313ae853b807e4648e5a2
After applying update_target_files_incr_ext4.sh, some files may end up
occupying unsorted block fragments. In one example, an apk file has the
block range [258768-259211,196604]. The monotonic flag in rangelib sets
incorrectly for this example and leads to a bad input file for imgdiff.
After fixing the flag, bsdiff is called instead of imgdiff and the
incremental OTA package generates successfully.
Bug:28053885
Change-Id: Ib841bf449ff6a29314fc4a1b8fba941a6dc532ac
To generate partition tables in the Android build system, simply add
the path to a .bpt file to the BOARD_BPT_INPUT_FILES variable.
BOARD_BPT_INPUT_FILES += "hardware/bsp/vendor/soc/board/board-specific.bpt"
The variable BOARD_BPT_DISK_SIZE can be used to specify or override
the disk size, for example:
BOARD_BPT_DISK_SIZE := "10 GiB"
Additional arguments to 'bpttool make_table' can be specified in the
variable BOARD_BPT_MAKE_TABLE_ARGS.
If BOARD_BPT_INPUT_FILES is set, the build system generates two files
partition-table.img
partition-table.bpt
in ${ANDROID_PRODUCT_OUT} using 'bpttool make_table'. The former is
the binary partition tables generated using bptool's --output_gpt
option and the latter is a JSON file generated using the --output_json
option. These files will also be put in the IMAGES/ directory of
target-files.zip when running 'm dist'.
BUG=27831397
TEST=Manually tested.
Change-Id: Iedd15354afb2dd483dcb9bc001360b2a37fd6dc0
For incremental BBOTAs, we used to verify the integrity of all the
blocks in the source partition. In order to reduce the time cost under
recovery, this CL changes to only verify the blocks that will be touched
in the given OTA package (BBOTA >= 3 only). This is a trade-off between
performance and reliability.
Bug: 27813356
Change-Id: I3975ae6f461f0f7e58d24f1df7df46a449d2988b
post-install verification calls range_sha1() and checks if the given
partition has expected contents. It takes roughly 20 seconds on
angler with 2.8G system image. Remove it to speed up OTA update. Also
abort the update if block_image_update() fails, as we were relying on
post-install verification to capture block_image_update() failures.
cherry-picked from commit b2deb22033
Bug: 27729678
Change-Id: I8123cd8929295ec26df247acf6bb51df813771d9
post-install verification calls range_sha1() and checks if the given
partition has expected contents. It takes roughly 20 seconds on
angler with 2.8G system image. Remove it to speed up OTA update. Also
abort the update if block_image_update() fails, as we were relying on
post-install verification to capture block_image_update() failures.
Bug: 27729678
Change-Id: I8123cd8929295ec26df247acf6bb51df813771d9
We were using zipfile.write() to write system/etc/security/otacerts.zip
when signing for release. It led to unexpected timestamp change in the
generated otacerts.zip and non-idempotent signed images when signing the
same target_files.zip.
Replace with common.ZipWrite() to always use a fixed timestamp.
Bug: 28122968
Change-Id: Ia6cf4b7d380cbf72ed7050ebb60c932dc8826d87
(cherry picked from commit 7ee3a9678e)
We were using zipfile.write() to write system/etc/security/otacerts.zip
when signing for release. It led to unexpected timestamp change in the
generated otacerts.zip and non-idempotent signed images when signing the
same target_files.zip.
Replace with common.ZipWrite() to always use a fixed timestamp.
Bug: 28122968
Change-Id: Ia6cf4b7d380cbf72ed7050ebb60c932dc8826d87
Tianjie Xu