Add the build property "build.version.incremental" of the source (if
present) and target files to the metadata of the ota update package.
Example of metadata:
....
post-build-incremental=2951741
post-timestamp=1465345123
pre-build-incremental=2943039
pre-device=bullhead
...
Bug: 28658632
Change-Id: I889e8ccf39633b1b35590751001a42d1b05d5514
am: 654e4fb023
* commit '654e4fb02368b05cbfba3246b4c634512fa84464':
Report error codes in the OTA update script
Change-Id: I333bd45886d5915858b762e086d8a263f81b26e2
am: 6a912c14dd
* commit '6a912c14ddc39e3ef70ba2b4b484ef080ef61d3b':
Report error codes in the OTA update script
Change-Id: I2fc44e04861523d21724d39ab7e5fa2c0d6a4af7
am: 654e4fb023
* commit '654e4fb02368b05cbfba3246b4c634512fa84464':
Report error codes in the OTA update script
Change-Id: Ic8d04a484bdf6d08af5109a71967c3d5f8f0be27
Modify the abort() function in the OTA update generation script to
report an error code. The recoveryimage will parse the code and write it
into last_install for further data analysis.
Bug: 28934032
Change-Id: I2d62f81fd352c3102fb84f054972ac0ecb965a21
am: a22d0a88ba
* commit 'a22d0a88ba74bba43a8683e542b5f46eb9afce22':
Include BRILLO_VENDOR_PARTITIONS in target zip generation
Change-Id: I44390a1512b24880183d40d35087409b9693435f
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
The target zip will include images in BRILLO_VENDOR_PARTITIONS if
defined, under VENDOR_IMAGES/ with path kept. Also any vendor partitions
defined in AB_OTA_PARTITIONS will be copied to IMAGES/ in the target zip.
BUG: 28623063
Change-Id: Ic479048dfb8ac506acf827865e784fcb0432a1d5
am: eb06b4d3b3
* commit 'eb06b4d3b3862759ca15e9c52802808debc0a295':
Include vendor partitions in target zip generation
Change-Id: I9646c90fbe5c57a1f8c6022b8aad03f4e19f56e7
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
BUG: 28623063
Change-Id: I6e0969c31c9ad2e8285c6f560825c160aa8c4d55
We used to erase all the unused blocks at the end of an update. In order
to work around the eMMC issue in b/28347095, we move part of the erase
commands, which won't be used during the update, to the beginning. The
reset would be erased at the end. This is in hopes of avoiding eMMC
getting starved for clean blocks which would otherwise fail an OTA.
Bug: 28347095
Change-Id: Ia96b06216b35d6700858687a66734af36d0ec213
commit f54216f292 packed the base_fs files
into target_files.zip and added assertion to ensure the existence of the
files. We don't want to fail the OTA generation for the target_files.zip
without the base_fs files. Change the assertion into warnings instead.
Bug: 28547368
Change-Id: I6fd758a0a4fdfff02d1640fa46cf43d971627e26
Pack the base_fs files ({system,vendor}.map) into target_files.zip,
which would be needed when rebuilding the images at signing.
Reset the base_fs paths to point to the files in META/.
Also add blk_alloc_to_base_fs into otatools.zip.
Bug: 27698960
Change-Id: If4eb274b3f3d839c4365624f46f0dc89bd2fa440
am: f31a6de
* commit 'f31a6deeeeb896cc516c2f2f91ceff1fd0702938':
target_files_diff: Fix the issue with file type change.
Change-Id: I4f13b01aa009d7f33692eb20d6ff2c6de241b728
When a file is switched from a regular file to a symlink, we should skip
the comparasion.
Bug: 28373409
Change-Id: I8fef00ab9f2d6f811fde1cadf595e8bd46af2dfd
(cherry picked from commit f31a6deeee)
When a file is switched from a regular file to a symlink, we should skip
the comparasion.
Bug: 28373409
Change-Id: I8fef00ab9f2d6f811fde1cadf595e8bd46af2dfd
am: 05ce0a9
* commit '05ce0a94a5a6eec3113b62a39f97401e6a3fb3a0':
Skip verifying the partition with no changed blocks.
Change-Id: I8a3a9f8fe7bcf25fd719940d883a22a7adcfdef9
For incremental BBOTAs, commit [1] changed to verify only the touched
blocks to reduce the update time. This CL fixes the bug when there's no
changed block between the two builds.
[1]: commit d522bdc9ed
Bug: 27813356
Bug: 28195498
Change-Id: Ia752d3cf034c544517458ed15df509d4596e21fa
(cherry picked from commit f9efe284a4)
For incremental BBOTAs, commit [1] changed to verify only the touched
blocks to reduce the update time. This CL fixes the bug when there's no
changed block between the two builds.
[1]: commit d522bdc9ed
Bug: 27813356
Bug: 28195498
Change-Id: Ia752d3cf034c544517458ed15df509d4596e21fa
am: 21528c5
* commit '21528c5e053e28cd52d603eded53ffaf36d22637':
releasetools: Only verify the blocks to be touched.
Change-Id: I053c7da789c44916456109c5153f6628fe38c849
For incremental BBOTAs, we used to verify the integrity of all the
blocks in the source partition. In order to reduce the time cost under
recovery, this CL changes to only verify the blocks that will be touched
in the given OTA package (BBOTA >= 3 only). This is a trade-off between
performance and reliability.
Bug: 27813356
Change-Id: I3975ae6f461f0f7e58d24f1df7df46a449d2988b
(cherry picked from commit d522bdc9ed)
After applying update_target_files_incr_ext4.sh, some files may end up
occupying unsorted block fragments. In one example, an apk file has the
block range [258768-259211,196604]. The monotonic flag in rangelib sets
incorrectly for this example and leads to a bad input file for imgdiff.
After fixing the flag, bsdiff is called instead of imgdiff and the
incremental OTA package generates successfully.
Bug:28053885
(cherry picked from commit cd1e16a761)
Change-Id: If286eb382e59b3084a8313ae853b807e4648e5a2
After applying update_target_files_incr_ext4.sh, some files may end up
occupying unsorted block fragments. In one example, an apk file has the
block range [258768-259211,196604]. The monotonic flag in rangelib sets
incorrectly for this example and leads to a bad input file for imgdiff.
After fixing the flag, bsdiff is called instead of imgdiff and the
incremental OTA package generates successfully.
Bug:28053885
Change-Id: Ib841bf449ff6a29314fc4a1b8fba941a6dc532ac
To generate partition tables in the Android build system, simply add
the path to a .bpt file to the BOARD_BPT_INPUT_FILES variable.
BOARD_BPT_INPUT_FILES += "hardware/bsp/vendor/soc/board/board-specific.bpt"
The variable BOARD_BPT_DISK_SIZE can be used to specify or override
the disk size, for example:
BOARD_BPT_DISK_SIZE := "10 GiB"
Additional arguments to 'bpttool make_table' can be specified in the
variable BOARD_BPT_MAKE_TABLE_ARGS.
If BOARD_BPT_INPUT_FILES is set, the build system generates two files
partition-table.img
partition-table.bpt
in ${ANDROID_PRODUCT_OUT} using 'bpttool make_table'. The former is
the binary partition tables generated using bptool's --output_gpt
option and the latter is a JSON file generated using the --output_json
option. These files will also be put in the IMAGES/ directory of
target-files.zip when running 'm dist'.
BUG=27831397
TEST=Manually tested.
Change-Id: Iedd15354afb2dd483dcb9bc001360b2a37fd6dc0
For incremental BBOTAs, we used to verify the integrity of all the
blocks in the source partition. In order to reduce the time cost under
recovery, this CL changes to only verify the blocks that will be touched
in the given OTA package (BBOTA >= 3 only). This is a trade-off between
performance and reliability.
Bug: 27813356
Change-Id: I3975ae6f461f0f7e58d24f1df7df46a449d2988b
post-install verification calls range_sha1() and checks if the given
partition has expected contents. It takes roughly 20 seconds on
angler with 2.8G system image. Remove it to speed up OTA update. Also
abort the update if block_image_update() fails, as we were relying on
post-install verification to capture block_image_update() failures.
cherry-picked from commit b2deb22033
Bug: 27729678
Change-Id: I8123cd8929295ec26df247acf6bb51df813771d9
post-install verification calls range_sha1() and checks if the given
partition has expected contents. It takes roughly 20 seconds on
angler with 2.8G system image. Remove it to speed up OTA update. Also
abort the update if block_image_update() fails, as we were relying on
post-install verification to capture block_image_update() failures.
Bug: 27729678
Change-Id: I8123cd8929295ec26df247acf6bb51df813771d9
We were using zipfile.write() to write system/etc/security/otacerts.zip
when signing for release. It led to unexpected timestamp change in the
generated otacerts.zip and non-idempotent signed images when signing the
same target_files.zip.
Replace with common.ZipWrite() to always use a fixed timestamp.
Bug: 28122968
Change-Id: Ia6cf4b7d380cbf72ed7050ebb60c932dc8826d87
(cherry picked from commit 7ee3a9678e)
We were using zipfile.write() to write system/etc/security/otacerts.zip
when signing for release. It led to unexpected timestamp change in the
generated otacerts.zip and non-idempotent signed images when signing the
same target_files.zip.
Replace with common.ZipWrite() to always use a fixed timestamp.
Bug: 28122968
Change-Id: Ia6cf4b7d380cbf72ed7050ebb60c932dc8826d87
The following variables are introduced
BOARD_BVB_ENABLE: can be set to true to build boot.img and system.img
files compatible with Brillo Verfied Boot.
BOARD_BVB_ROLLBACK_INDEX: can be set to an integer to use for the
rollback index.
BOARD_BVB_KEY_PATH, BOARD_BVB_ALGORITHM: If set, the former must be a
path to the private key used to sign the boot image and the latter must
be the algorithm to use. If unset, a test-key stored in the tree will
be used.
BOARD_BVB_MAKE_BOOT_IMAGE_ARGS: Extra options to pass to 'bvbtool
make_boot_image'.
BOARD_BVB_SIGN_BOOT_IMAGE_ARGS: Extra options to pass to 'bvbtool
sign_boot_image'.
BOARD_BVB_ADD_IMAGE_HASHES_ARGS: Extra options to pass to 'bvbtool
add_image_hashes'.
BOARD_CUSTOM_BVBTOOL: Can be set to specify what bvbtool program to
use.
The existing BOARD_KERNEL_CMDLINE variable is also used, as are existing
kernel and initrd-related variables. Therefore, simply adding
BOARD_BVB_ENABLE := true
to an existing Makefile should do the trick.
Bug: 26185038
TEST=Added 'BOARD_BVB_ENABLE := true' to hardware/bsp/intel/soc/edison/soc.mk
and built an image and then ran bvbtool's info_boot_image and
info_image_hashes commands on the resulting boot.img and system.img
files and verified that the information was correct. Also ran 'm dist'
and verified that the boot.img and system.img files in the resulting
target_files.zip file had similar information.
Change-Id: I08045ed8b0cbddc7c3acdd3a6f2c4bb75cb44bbc
This CL fixes the bug in [1] (copy-paste error) and reenables it.
We need to handle a special case that an OTA goes from a source build
without OEM properties to a target build with those properties (or vice
versa). Add support in OTA scripts to deal the case properly, by a)
using two oem_props variables to handle source and target builds
respectively; b) adjusting the fingerprint/thumbprint assertions to
allow a mix of both.
[1] commit c086370440
Change-Id: I98118d77d5a0ff694fa1ee33602b5ee5e048599b
We use a bitset for blocks in the target image to assert a block hasn't
been touched before reading. Skip checking the blocks that are in the
source image only.
Bug: 27556903
Change-Id: I3a77292da673c813bd20d8dc177ff36419d8ecae
(cherry picked from commit dca2200c8a)
We used to use the update-binary from the target build when creating
incremental OTAs. But for downgrade OTAs, we should use the one in the
source build instead, which is actually newer.
Bug: 27556903
Change-Id: Ib6415729b979dbffdebdda24902f7f560942801a
(cherry picked from commit 4996cf03d2)
We used to use the update-binary from the target build when creating
incremental OTAs. But for downgrade OTAs, we should use the one in the
source build instead, which is actually newer.
Bug: 27556903
Change-Id: Ib6415729b979dbffdebdda24902f7f560942801a
Add --downgrade flag to ota_from_target_files.py script. It allows
generating an incremental OTA that updates from a newer build to an
older one (based on timestamp comparison). "post-timestamp" line in the
metadata file will be replaced by "ota-downgrade=yes". A data wipe will
always be enforced, so "ota-wipe=yes" will also be included in the
metadata file.
Bug: 26883782
Change-Id: Iaa05f662d948b7ab632a9fbb7051cc3f8bf68c21
(cherry picked from commit 5d1825664a)
We need to handle a special case that an OTA goes from a source build
without OEM properties to a target build with those properties (or vice
versa). Add support in OTA scripts to deal the case properly, by a)
using two oem_props variables to handle source and target builds
respectively; b) adjusting the fingerprint/thumbprint assertions to
allow a mix of both.
Change-Id: Ib517c366730b967a974c89528df9d42887c92ec2
We use a bitset for blocks in the target image to assert a block hasn't
been touched before reading. Skip checking the blocks that are in the
source image only.
Change-Id: I3a77292da673c813bd20d8dc177ff36419d8ecae
The CL in [1] added support for --oem_no_mount. It missed one place that
guards the OEM mounting.
[1] commit 8608cde944
Change-Id: I6ecaa94cd0866e0fd4fc88cb0aa3ebf55cde2968
Allows passing the *.base_fs or *.map files for system and vendor in
INTERNAL_SYSTEM_BASE_FS_PATH and INTERNAL_VENDOR_BASE_FS_PATH variables
respectively.
Internal Design Doc: go/incremental-ext4
BUG: 26839493
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
Change-Id: Ie57ef6dbfa6084268b6535fe0a673a3b4aaa6e2f
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
We may have devices with OEM-specific properties but without an OEM
partition (e.g. the properties might be set by init based on hardware
SKUs). For such devices, we supply --oem_no_mount to skip mounting the
OEM partition in the updater-script. The option is only meaningful when
-o (--oem_settings) is specified.
Bug: 27359929
Change-Id: Ic08396e478a82be4188e980e704b33b4f704a8d7
(cherry picked from commit 8608cde944)
We may have devices with OEM-specific properties but without an OEM
partition (e.g. the properties might be set by init based on hardware
SKUs). For such devices, we supply --oem_no_mount to skip mounting the
OEM partition in the updater-script. The option is only meaningful when
-o (--oem_settings) is specified.
Bug: 27359929
Change-Id: Ic08396e478a82be4188e980e704b33b4f704a8d7
Add --downgrade flag to ota_from_target_files.py script. It allows
generating an incremental OTA that updates from a newer build to an
older one (based on timestamp comparison). "post-timestamp" line in the
metadata file will be replaced by "ota-downgrade=yes". A data wipe will
always be enforced, so "ota-wipe=yes" will also be included in the
metadata file.
Bug: 26883782
Change-Id: Iaa05f662d948b7ab632a9fbb7051cc3f8bf68c21
(cherry picked from commit 5d1825664a)
Add --downgrade flag to ota_from_target_files.py script. It allows
generating an incremental OTA that updates from a newer build to an
older one (based on timestamp comparison). "post-timestamp" line in the
metadata file will be replaced by "ota-downgrade=yes". A data wipe will
always be enforced, so "ota-wipe=yes" will also be included in the
metadata file.
Bug: 26883782
Change-Id: Iaa05f662d948b7ab632a9fbb7051cc3f8bf68c21
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
(cherry picked from commit 2cfd1d108c)
Change-Id: I38450d07ddc05c705de40313f843beada8db7d98
Pad the sparse image with a zero fill chunk to correctly position
verity and FEC metadata at the end of the partition.
Bug: 27073791
Change-Id: I9f70d579a42e5007d50e9c02a98a608d2815f0ed
(cherry picked from commit 6a8781a251)
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
Change-Id: I3f2faaf49c6fa392ffbf1ee9f30de476f9f73231
Pad the sparse image with a zero fill chunk to correctly position
verity and FEC metadata at the end of the partition.
Bug: 27073791
Change-Id: I9f70d579a42e5007d50e9c02a98a608d2815f0ed
Add "ota-required-cache" into the metadata file in an OTA package,
which shows the minimum free space on /cache to apply the update.
Add "ota-type" into the metadata file, which shows the OTA type for
this package (i.e. one of FILE, BLOCK and AB).
Also add the cache free space check into updater-script when generating
block-based incremental OTAs (we only had such lines for file-based
incrementals before).
Bug: 26731903
Change-Id: Id6ff0fc4cdfb1443636b0b3800b0f8bddb5bb1d0
(cherry picked from commit d8d14bec0d)
Substantially improves the performance of some BlockImageDiff steps on
large images. GenerateDigraph and AssertSequenceGood are now linear in
the number of blocks in the target image rather than quadratic in the
size of the partition. FindVertexSequence tracks the score of each
vertex, the set of sources and sinks, and maintains a heap for finding
the best vertex to use for the greedy step, instead of repeatedly
re-scanning the set of remaining vertexes.
Change-Id: Ifeea5053d80ef4f06a5aa239c9a1797dd5e47841
(cherry picked from commit 2d2dd1526d)
Substantially improves the performance of some BlockImageDiff steps on
large images. GenerateDigraph and AssertSequenceGood are now linear in
the number of blocks in the target image rather than quadratic in the
size of the partition. FindVertexSequence tracks the score of each
vertex, the set of sources and sinks, and maintains a heap for finding
the best vertex to use for the greedy step, instead of repeatedly
re-scanning the set of remaining vertexes.
Change-Id: Ifeea5053d80ef4f06a5aa239c9a1797dd5e47841
The bug has been fixed, .odex files are deterministic.
This reverts commit c4438d3d29.
Bug: 26956807
Change-Id: Iaa42dfba5cf79ee64ac20cf4f1f3a4598f4275f4
Add "ota-required-cache" into the metadata file in an OTA package,
which shows the minimum free space on /cache to apply the update.
Add "ota-type" into the metadata file, which shows the OTA type for
this package (i.e. one of FILE, BLOCK and AB).
Also add the cache free space check into updater-script when generating
block-based incremental OTAs (we only had such lines for file-based
incrementals before).
Bug: 26731903
Change-Id: Id6ff0fc4cdfb1443636b0b3800b0f8bddb5bb1d0
When building an A/B OTA package, include the payload.bin properties as
a key-value pairs text file, so it can easily be passed to
update_engine during payload application.
Bug: 26991255
TEST=`ota_from_target_files out/dist/${BOARD}-target_files.zip full-ota.zip` includes the properties.
Change-Id: I445c8a8e412a8e16b48b6ee626db8e27d48a38a9
They still are not deterministic -- only the boot images were made
deterministic (.oat/.art).
Bug: 26956807
Change-Id: I2e00bb6662b4c8d184c48ef9aa34b39142c94893
This also whitelists the ro.build.user property, which may change based
on host username.
Bug: 26687569
Change-Id: I8f3244c2325dd80a7961c474655f0c50670d1b46
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
(cherry picked from commit de5bc04717)
Change-Id: I4b100750e47788ab6ed897a0a5abfd33542e8676
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
Change-Id: I058393e0971d0d6559dbd69ea902754c6c7cab14
(cherry picked from commit de5bc04717)
This reverts commit de5bc04717 because it's breaking some builds. Turns out some APKs have multiple sdkVersion attributes returned by aapt.
Change-Id: I013d6ef5eac473dd3900e0b9edf4c32cdc838bab
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
Change-Id: I048393e0971d0d6559dbd69ea902754c6c7cab14
It calls brillo_update_payload to generate the payload for A/B update.
And packages the payload according to Android OTA package format.
Note that it only supports generating full/incremental OTAs with this
CL. Signing for release may not work properly at the moment.
Bug: 25715402
Change-Id: I4ac8505bacad28a572a9320dc8b52dd0f1ce47f5
Modify the number of max blocks per transfer to reduce splitting of
large files during patch generation. This will reduce the size of
final incremental OTA updater package. In specific, the size limit
for each file to transfer is set to 1/8 cachesize instead of a fix
number.
Bug: 26472126
Change-Id: Iffb135e378c4c7a91640f2fc4c40e9e93d1fe4bb
With BOARD_USES_RECOVERY_AS_BOOT = true, we skip building the
non-ramdisk boot.img but building the recovery image as boot.img. It
contains recovery's ramdisk (e.g. with /sbin/recovery). It depends on
the bootloader parameter (skip_initramfs) to determine the actual mode
to boot into.
Change-Id: Id6e2d0a2b94383944ca8f35bba688c6401745622
(cherry picked from commit d80bef2b9e)
Add a function check_first_block to read block0 and output a message
on screen if the device has been remounted. The function is called
for version >= 4 only; it executes after a failing block verification
and before recovery attempts.
Bug: 21124327
Change-Id: I49dc0b861c702698896a2495ca094215705d4650
(cherry picked from commit 9dac797013)
append2simg can be slow, so generate error correction data before verity
data is appended, and append all metadata to the image at the same time.
Needs matching changes from
I09349368925e5e2f2a7961a712a1e933eb0b9ec8
Bug: 26251929
Change-Id: Iea8cee0aee353b4d029d9581e8fbd68ec7b7dd4b
append2simg on a large image is fairly slow, so append verity metadata to
the hash tree to avoid two calls.
Bug: 26251929
Change-Id: I5ec84dcd6e8500e990af13b1f9cef5e809b41605
This makes the signapk tool use Conscrypt (where possible) instead of
the platform-default JCA providers and the Bouncy Castle JCA provider.
This speeds up (by 10-30%) APK and OTA update signing because
Conscrypt's crypto primitives are backed by BoringSSL.
Previously, the signapk tool consisted only of the signapk.jar.
Because Conscrypt is backed by native code, signapk now consists of
signapk.jar and crypto_openjdk_jni shared library. This requires that
users of the tool be updated to provide a suitable -Djava.library.path
argument to the Java runtime. This change updates all known users of
the tool inside the Android source tree to do so.
Bug: 26097626
Change-Id: I8411b37d7f771ed99269751a3007dff103083552
We used to silently ignore the return value from apply_patch() even if
it had failed. It gives us more trouble to investigate the failure when
the affected file/partition gets touched in subsequent OTAs. This CL
adds the checking of the return value and aborts the update accordingly.
Bug: 25893277
Change-Id: Ie5e1c563576e503343e6a5b28ed4d7039f6f919c
Add an option "--log_diff <filename>" to ota_from_target_files.py
script. When enabled, it logs the differences between the source
and target builds into <filename> when generating incremental OTAs.
Also move target_files_diff.py into releasetools/ so that it can be
packed into otatools.zip.
Bug: 25372309
Change-Id: Ifd4ed0f2f12ef040ee377621ec8c35a873cec34f
The packaging script is broken when we set TARGET_NO_RECOVERY and
SYSTEM_ROOT_IMAGE both. With TARGET_NO_RECOVERY set, we don't have
RECOVERY/RAMDISK/etc/recovery.fstab. It thus fails the assertion in
common.LoadRecoveryFSTab() that "/" must exist in fstab when enabling
SYSTEM_ROOT_IMAGE.
Change-Id: Id509d724f18be7cf7389dd786924ead894ac0cc1
Vendor-specific images (radio, bootloader and etc) used to stay in
RADIO/ in target_files zip. A/B updater expects them to be available
under IMAGES/. Make a copy for such images when calling
add_img_to_target_files.py.
We cannot move them directly from RADIO/ to IMAGES/, because we will
delete everything under IMAGES/ when signing for release.
Bug: 25674625
Change-Id: I977c879d0ff7e45c83b3f5c63844a5b135caa383
We can generate a special OTA package that verifies all the partitions
(boot, recovery, system, vendor and etc) on a device. It also calls
device-specific script to verify bootloader and radio images. This
ensures a flashed device contains all the desired images faithfully.
Usage:
ota_from_target_files.py --gen_verify target_files.zip output.zip
Bug: 24679956
Change-Id: Ib3091d98c4b17a6fad305b3edf16d09efbda5c38
Factor out some common lines between generating incremental and full
OTAs. Remove the outer while loop for cleaner logic.
Change-Id: I0a4d44a4a59b488748222c2031bd63f67d45e0b5
Don't generate recovery.img when calling 'make dist' if
TARGET_NO_RECOVERY is set. The build system passes the flag to the
packaging script which then generates recovery.img conditionally.
Bug: 25329471
Change-Id: Ifbc999300d5c31e897878f81e231ae7dd2aca660
To accommodate new changes (such as error correction in [1]) to BBOTA
in N release. We bump up the version to keep the OTA script backward
compatible.
Needs the matching CL in commit
1fdec8685af858c5ff4f45d2e3059186ab5ed2ab.
[1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca
Change-Id: Ib9158b455cd5905fe2d4742ce81feb1b7583054f
CL in [1] added an assertion to make sure an empty RangeSet cannot call
RangeSet.to_raw_string(). However, we may unintentionally hit that when
generating BBOTA v1 script (e.g. for "new" commands that always have
empty src_ranges).
[1] commit e8f756137c
Change-Id: I1723606967f354ace9286d2b888fdbc80ba10e39
When building incremental packages, the info_dict from the source build
should be the one in use. We have done that for most of the partitions
(system and etc.), and should pass that to vendor's script as well.
Also includes the CL in commit aac4ad56b6
that fixes a bug in commit 6f0b219ac5.
Bug: 24898607
Change-Id: I4ea6037dad7061e1683661fc4c394fa3a7a7c5cd
(cherry picked from commit 6f0b219ac5)
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.
This moves verity metadata to be after the hash tree, and requires
matching changes from
Ide48f581bbba77aed6132f77b309db71630d81ed
Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
When building incremental packages, the info_dict from the source build
should be the one in use. We have done that for most of the partitions
(system and etc.), and should pass that to vendor's script as well.
Bug: 24898607
Change-Id: Ie2973d41b905637862616286663baf80df83bd88
This CL changes to use a fixed timestamp only when packaging
into the target_files zip.
Bug: 24377993
Change-Id: I01d136f4b99e1eff80c559192d93db83a3c5c0a4
(cherry picked from commit 822f5840c0)
[1] changed to use a fixed timestamp for all the generated images
(either the one under $ANDROID_PRODUCT_OUT/ or the one added into the
target_files zip). It makes 'adb sync' after 'fastboot flashall' to
resync all the files. This CL changes to use a fixed timestamp only when
packaging into the target_files zip.
[1]: commit 052ae3542b
Bug: 24377993
Bug: 24536411
Change-Id: I209318966109fd4902468dfe96caf777464f9fe1
ro.bootimage.build.fingerprint should be updated when signing.
Bug: 22720426
Bug: 24009888
Change-Id: Ib246a257581fd31f90ad6b3d21f39d1a2de24ba8
(cherry picked from commit 265d9aeb62)
The signing process requires the boot and recovery images be signed
by CROS-Signer, which is done after a signed_target_files.zip is
available. Once the boot/recovery images are signed, we need
to insert it back into signed_target_files.zip and regenerate the
system.map and verity tree. The script (add_img_to_target_files) does
this operation and needs to be aware of verity specific flags.
Bug: 23831896
Change-Id: Id24e878161052c768b74da1231b97eb0574b4c8b
With the change in [1], it zeroes out extra blocks that might be read
by dm-verity. We should update the expected number of blocks that get
touched.
[1] commit e9b619108d.
Bug: 23786644
Change-Id: I7a7c3531e5af6bf381d3a14832e77abfa9a8efce
For a DataImage, we may have no mapping of ZERO or NONZERO blocks. Don't
write those groups if they are empty.
Bug: 19024504
Change-Id: I1e921effcdbf0661d4f4b541c104dd456ac0c582
In BBOTAs if the last block of a DataImage is padded, we should always
write the whole block even for incremental OTAs. Because otherwise the
last block may be skipped if unchanged, but would fail the post-install
verification if it has non-zero contents in the padding bytes.
Bug: 23828506
Change-Id: I6f6789eec568ed0b808b9e425f5ecdbea1bdf446
(cherry picked from commit 7589e961a7)
In BBOTAs if the last block of a DataImage is padded, we should always
write the whole block even for incremental OTAs. Because otherwise the
last block may be skipped if unchanged, but would fail the post-install
verification if it has non-zero contents in the padding bytes.
Bug: 23828506
Change-Id: I4b0af7344d18261258cd48d18c029c089d6ff365
For file-based OTAs, we used to remove unneeded files in ascending
order, which failed to delete non-empty directories. Reverse the order
to fix the issue.
For example, now we have the following in our generated script:
delete("/system/app/Calculator/arm/Calculator.odex",
"/system/app/Calculator/arm/",
"/system/app/Calculator/Calculator.apk",
"/system/app/Calculator/");
Bug: 22960996
Change-Id: I0d36d29b7862fb53bf55bf5685a990180f9c0b3b
For file-based OTAs, symlinks in the source build but not in the target
build will be deleted. However, if a symlink is replaced by a regular
file in the target build, the file will be accidentally deleted when
applying (resuming) the same package again.
Verify the checksum of a symlink that will be unpacked or renamed to.
Delete the file only if it doesn't have the target checksum.
Bug: 23646151
Change-Id: I77bae035e39f2e0be25f7f6d71c5882464e3d50f
(cherry picked from commit 84006eacd0)
For file-based OTAs, symlinks in the source build but not in the target
build will be deleted. However, if a symlink is replaced by a regular
file in the target build, the file will be accidentally deleted when
applying (resuming) the same package again.
Verify the checksum of a symlink that will be unpacked or renamed to.
Delete the file only if it doesn't have the target checksum.
Bug: 23646151
Change-Id: Ie322abb6022b6fa812c6b36a3127872d9614fc3b
* commit 'e337093e6c5d502f0f4094639b41c001b3048d0f':
Split large files for BBOTA v3.
Revise stash for BBOTAs when needed.
Assert the stash size when generating OTAs.
Changes in [1] break the backward compatibility of the OTA scripts. Fix
the issue by extracting the file basename from the info dict in
META/misc_info.txt.
[1] commit d3a803e668
Bug: 23620049
Change-Id: I40a5625bbe0beb295f34b2328906a4a4283fe59b
RangeSet("2-10").monotonic gives a wrong result of "False". Fix the bug
and add more tests into test_rangelib.py.
Change-Id: I04780571b45ecafd34040f405756b9745a9e21a5
Separate the test cases in rangelib.py comments into a python unittest
file.
To invoke:
$ python -m unittest test_rangelib
Change-Id: I59e4ce0aaccc83bcbb42fee15775683dcd559d99
For BBOTA v3, we need to stash source blocks to support resumable
feature. However, with the growth of file size and the shrink of the
cache size, source blocks that represent a file are too large to be
stashed as a whole. CL in [1] solves the issue by replacing the diff
command with a "new" command. However, it may increase the generated
package size substantially (e.g. from ~100MB to ~400MB).
With this CL, if a file spans too many blocks, we split it into smaller
pieces by generating multiple commands. For the same case above, it
reduces the package size to ~150MB.
One potential downside is that after splitting, files like .jar,
.apk and .zip can no longer use imgdiff. We may lose the potential
benefit of using imgdiff for patch size reduction.
[1] commit 82c47981bd
Bug: 22430577
Change-Id: Iee1ad6543f3d40368e079e418cc31728e1ab3f48
(cherry picked from commit 9a5caf2c30)
When generating incremental BBOTAs (v2 and above), we need to ensure
that the needed runtime stash is below the given threshold. If it's
running out of space on /cache, we replace the command that uses a
stash with a "new" command instead.
This may increase the OTA package size, since it is carrying more full
blocks instead of patches. It gets even worse for large files that span
a number of blocks, because currently we will store all the blocks for
the file as "new" blocks if stashing cannot be satisfied. We may further
optimize by splitting them into smaller chunks so that most of them can
still be stashed.
Bug: 22430577
Change-Id: Ieae5243d461e3f899f613f76a380f6f7c3edb356
(cherry picked from commit 82c47981bd)
With block-based OTA v2 and v3, it requires stash space on the /cache
partition to back up blocks during an update. We need to ensure that
it doesn't exceed the partition size. Since there might be other files
on /cache as well, we use cache_size * threshold as the maximum allowed
size. The threshold defaults to 0.8, which can be overridden by command
line option '--stash_threshold'.
Change-Id: Ieee5d373c9bfb2ea401d85ca8a3adb491579de76
(cherry picked from commit 23ac404212)
For BBOTA v3, we need to stash source blocks to support resumable
feature. However, with the growth of file size and the shrink of the
cache size, source blocks that represent a file are too large to be
stashed as a whole. CL in [1] solves the issue by replacing the diff
command with a "new" command. However, it may increase the generated
package size substantially (e.g. from ~100MB to ~400MB).
With this CL, if a file spans too many blocks, we split it into smaller
pieces by generating multiple commands. For the same case above, it
reduces the package size to ~150MB.
One potential downside is that after splitting, files like .jar,
.apk and .zip can no longer use imgdiff. We may lose the potential
benefit of using imgdiff for patch size reduction.
[1] commit 82c47981bd
Bug: 22430577
Change-Id: I5684fab0ac41c8d94fe18f52a34cef77e06f741c
Tianjie Xu