Merge "Remove the obsolete location check for install-recovery.sh"
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000..89b446a
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,2 @@
+ccross@android.com
+dwillemsen@google.com
diff --git a/core/Makefile b/core/Makefile
index f666bce..b6a9780 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -567,25 +567,25 @@
else ifeq (true,$(BOARD_AVB_ENABLE)) # TARGET_BOOTIMAGE_USE_EXT2 != true
-$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES)
+$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH)
$(call pretty,"Target boot image: $@")
$(hide) $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $@
$(hide) $(call assert-max-image-size,$@,$(BOARD_BOOTIMAGE_PARTITION_SIZE))
$(hide) $(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
- --partition_name boot $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
.PHONY: bootimage-nodeps
-bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL)
+bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH)
@echo "make $@: ignoring dependencies"
$(hide) $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(INSTALLED_BOOTIMAGE_TARGET)
$(hide) $(call assert-max-image-size,$(INSTALLED_BOOTIMAGE_TARGET),$(BOARD_BOOTIMAGE_PARTITION_SIZE))
$(hide) $(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
- --partition_name boot $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
else ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER)) # BOARD_AVB_ENABLE != true
@@ -866,6 +866,10 @@
endif
endif
+ifeq ($(BOARD_AVB_ENABLE),true)
+INTERNAL_USERIMAGES_DEPS += $(AVBTOOL)
+endif
+
ifneq (true,$(TARGET_USERIMAGES_SPARSE_SQUASHFS_DISABLED))
INTERNAL_USERIMAGES_SPARSE_SQUASHFS_FLAG := -s
endif
@@ -940,12 +944,21 @@
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_subkey=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VBOOT_SIGNING_SUBKEY)" >> $(1))
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "futility=$(notdir $(FUTILITY))" >> $(1))
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_signer_cmd=$(VBOOT_SIGNER)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_signing_args=$(INTERNAL_AVB_SIGNING_ARGS)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_avbtool=$(notdir $(AVBTOOL))" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),\
+ $(if $(BOARD_AVB_SYSTEM_KEY_PATH),\
+ $(hide) echo "avb_system_key_path=$(BOARD_AVB_SYSTEM_KEY_PATH)" >> $(1)
+ $(hide) echo "avb_system_algorithm=$(BOARD_AVB_SYSTEM_ALGORITHM)" >> $(1)
+ $(hide) echo "avb_system_rollback_index_location=$(BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION)" >> $(1)))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),\
+ $(if $(BOARD_AVB_VENDOR_KEY_PATH),\
+ $(hide) echo "avb_vendor_key_path=$(BOARD_AVB_VENDOR_KEY_PATH)" >> $(1)
+ $(hide) echo "avb_vendor_algorithm=$(BOARD_AVB_VENDOR_ALGORITHM)" >> $(1)
+ $(hide) echo "avb_vendor_rollback_index_location=$(BOARD_AVB_VENDOR_ROLLBACK_INDEX_LOCATION)" >> $(1)))
$(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)),\
$(hide) echo "recovery_as_boot=true" >> $(1))
$(if $(filter true,$(BOARD_BUILD_SYSTEM_ROOT_IMAGE)),\
@@ -1149,7 +1162,7 @@
$(hide) $(AVBTOOL) add_hash_footer \
--image $(1) \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
- --partition_name boot $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS))
$(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \
$(hide) $(call assert-max-image-size,$(1),$(BOARD_BOOTIMAGE_PARTITION_SIZE)), \
@@ -1165,7 +1178,7 @@
$(INSTALLED_BOOTIMAGE_TARGET) : $(VBOOT_SIGNER)
endif
ifeq (true,$(BOARD_AVB_ENABLE))
-$(INSTALLED_BOOTIMAGE_TARGET) : $(AVBTOOL)
+$(INSTALLED_BOOTIMAGE_TARGET) : $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH)
endif
$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \
$(INSTALLED_RAMDISK_TARGET) \
@@ -1235,7 +1248,6 @@
$(PDK_FUSION_SYSIMG_FILES) \
$(RECOVERY_RESOURCE_ZIP))
-
FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS)
# ASAN libraries in the system image - add dependency.
@@ -1357,6 +1369,9 @@
endif
endif
+.PHONY: sync
+sync: $(INTERNAL_SYSTEMIMAGE_FILES)
+
#######
## system tarball
define build-systemtarball-target
@@ -1739,6 +1754,8 @@
vendorimage-nodeps vnod: | $(INTERNAL_USERIMAGES_DEPS) $(DEPMOD)
$(build-vendorimage-target)
+sync: $(INTERNAL_VENDORIMAGE_FILES)
+
else ifdef BOARD_PREBUILT_VENDORIMAGE
INSTALLED_VENDORIMAGE_TARGET := $(PRODUCT_OUT)/vendor.img
$(eval $(call copy-one-file,$(BOARD_PREBUILT_VENDORIMAGE),$(INSTALLED_VENDORIMAGE_TARGET)))
@@ -1750,12 +1767,12 @@
INSTALLED_DTBOIMAGE_TARGET := $(PRODUCT_OUT)/dtbo.img
ifeq ($(BOARD_AVB_ENABLE),true)
-$(INSTALLED_DTBOIMAGE_TARGET): $(BOARD_PREBUILT_DTBOIMAGE) $(AVBTOOL)
+$(INSTALLED_DTBOIMAGE_TARGET): $(BOARD_PREBUILT_DTBOIMAGE) $(AVBTOOL) $(BOARD_AVB_DTBO_KEY_PATH)
cp $(BOARD_PREBUILT_DTBOIMAGE) $@
$(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_DTBOIMG_PARTITION_SIZE) \
- --partition_name dtbo $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name dtbo $(INTERNAL_AVB_DTBO_SIGNING_ARGS) \
$(BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS)
else
$(INSTALLED_DTBOIMAGE_TARGET): $(BOARD_PREBUILT_DTBOIMAGE)
@@ -1764,44 +1781,109 @@
endif
+# Convert to lower case without requiring a shell, which isn't cacheable.
+to-lower = $(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,\
+$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,\
+$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,\
+$(subst X,x,$(subst Y,y,$(subst Z,z,$1))))))))))))))))))))))))))
+
# -----------------------------------------------------------------
# vbmeta image
ifeq ($(BOARD_AVB_ENABLE),true)
BUILT_VBMETAIMAGE_TARGET := $(PRODUCT_OUT)/vbmeta.img
+AVB_CHAIN_KEY_DIR := $(TARGET_OUT_INTERMEDIATES)/avb_chain_keys
-INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS := \
- --include_descriptors_from_image $(INSTALLED_BOOTIMAGE_TARGET) \
- --include_descriptors_from_image $(INSTALLED_SYSTEMIMAGE) \
+ifdef BOARD_AVB_KEY_PATH
+$(if $(BOARD_AVB_ALGORITHM),,$(error BOARD_AVB_ALGORITHM is not defined))
+else
+# If key path isn't specified, use the 4096-bit test key.
+BOARD_AVB_ALGORITHM := SHA256_RSA4096
+BOARD_AVB_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
+endif
+
+INTERNAL_AVB_SIGNING_ARGS := \
+ --algorithm $(BOARD_AVB_ALGORITHM) --key $(BOARD_AVB_KEY_PATH)
+
+BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS
+DTBO_FOOTER_ARGS := BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS
+SYSTEM_FOOTER_ARGS := BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS
+VENDOR_FOOTER_ARGS := BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS
+
+# Check and set required build variables for a chain partition.
+# $(1): the partition to enable AVB chain, e.g., BOOT or SYSTEM.
+define check-and-set-avb-chain-args
+$(eval PART := $(1))
+$(eval part=$(call to-lower,$(PART)))
+
+$(eval _key_path := BOARD_AVB_$(PART)_KEY_PATH)
+$(eval _signing_algorithm := BOARD_AVB_$(PART)_ALGORITHM)
+$(eval _rollback_index := BOARD_AVB_$(PART)_ROLLBACK_INDEX)
+$(eval _rollback_index_location := BOARD_AVB_$(PART)_ROLLBACK_INDEX_LOCATION)
+$(if $($(_key_path)),,$(error $(_key_path) is not defined))
+$(if $($(_signing_algorithm)),,$(error $(_signing_algorithm) is not defined))
+$(if $($(_rollback_index)),,$(error $(_rollback_index) is not defined))
+$(if $($(_rollback_index_location)),,$(error $(_rollback_index_location) is not defined))
+
+# Set INTERNAL_AVB_(PART)_SIGNING_ARGS
+$(eval _signing_args := INTERNAL_AVB_$(PART)_SIGNING_ARGS)
+$(eval $(_signing_args) := \
+ --algorithm $($(_signing_algorithm)) --key $($(_key_path)))
+
+$(eval INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --chain_partition $(part):$($(_rollback_index_location)):$(AVB_CHAIN_KEY_DIR)/$(part).avbpubkey)
+
+# Set rollback_index via footer args
+$(eval _footer_args := $(PART)_FOOTER_ARGS)
+$(eval $($(_footer_args)) += --rollback_index $($(_rollback_index)))
+endef
+
+ifdef BOARD_AVB_BOOT_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,BOOT))
+else
+INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --include_descriptors_from_image $(INSTALLED_BOOTIMAGE_TARGET)
+endif
+
+ifdef BOARD_AVB_SYSTEM_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,SYSTEM))
+else
+INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --include_descriptors_from_image $(INSTALLED_SYSTEMIMAGE)
+endif
ifdef INSTALLED_VENDORIMAGE_TARGET
+ifdef BOARD_AVB_VENDOR_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,VENDOR))
+else
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
--include_descriptors_from_image $(INSTALLED_VENDORIMAGE_TARGET)
endif
+endif
ifdef INSTALLED_DTBOIMAGE_TARGET
+ifdef BOARD_AVB_DTBO_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,DTBO))
+else
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
--include_descriptors_from_image $(INSTALLED_DTBOIMAGE_TARGET)
endif
+endif
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --padding_size 4096
+# Add kernel cmdline descriptor for kernel to mount system.img as root with
+# dm-verity. This works when system.img is either chained or not-chained:
+# - chained: The --setup_as_rootfs_from_kernel option will add dm-verity kernel
+# cmdline descriptor to system.img
+# - not-chained: The --include_descriptors_from_image option for make_vbmeta_image
+# will include the kernel cmdline descriptor from system.img into vbmeta.img
ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
-INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --setup_rootfs_from_kernel $(BUILT_SYSTEMIMAGE)
+BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += --setup_as_rootfs_from_kernel
endif
ifdef BOARD_AVB_ROLLBACK_INDEX
-INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --rollback_index $(BOARD_AVB_ROLLBACK_INDEX)
-endif
-
-ifndef BOARD_AVB_KEY_PATH
-# If key path isn't specified, use the 4096-bit test key.
-INTERNAL_AVB_SIGNING_ARGS := \
- --algorithm SHA256_RSA4096 \
- --key external/avb/test/data/testkey_rsa4096.pem
-else
-INTERNAL_AVB_SIGNING_ARGS := \
- --algorithm $(BOARD_AVB_ALGORITHM) --key $(BOARD_AVB_KEY_PATH)
+BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --rollback_index $(BOARD_AVB_ROLLBACK_INDEX)
endif
ifndef BOARD_BOOTIMAGE_PARTITION_SIZE
@@ -1812,26 +1894,42 @@
$(error BOARD_SYSTEMIMAGE_PARTITION_SIZE must be set for BOARD_AVB_ENABLE)
endif
+# $(1): the directory to extract public keys to
+define extract-avb-chain-public-keys
+ $(if $(BOARD_AVB_BOOT_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_BOOT_KEY_PATH) \
+ --output $(1)/boot.avbpubkey)
+ $(if $(BOARD_AVB_SYSTEM_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_SYSTEM_KEY_PATH) \
+ --output $(1)/system.avbpubkey)
+ $(if $(BOARD_AVB_VENDOR_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_VENDOR_KEY_PATH) \
+ --output $(1)/vendor.avbpubkey)
+ $(if $(BOARD_AVB_DTBO_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_DTBO_KEY_PATH) \
+ --output $(1)/dtbo.avbpubkey)
+endef
+
define build-vbmetaimage-target
$(call pretty,"Target vbmeta image: $(INSTALLED_VBMETAIMAGE_TARGET)")
+ $(hide) mkdir -p $(AVB_CHAIN_KEY_DIR)
+ $(call extract-avb-chain-public-keys, $(AVB_CHAIN_KEY_DIR))
$(hide) $(AVBTOOL) make_vbmeta_image \
$(INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS) \
$(INTERNAL_AVB_SIGNING_ARGS) \
$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS) \
--output $@
+ $(hide) rm -rf $(AVB_CHAIN_KEY_DIR)
endef
INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_VBMETAIMAGE_TARGET)
-$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE) $(INSTALLED_VENDORIMAGE_TARGET) $(INSTALLED_DTBOIMAGE_TARGET)
+$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE) $(INSTALLED_VENDORIMAGE_TARGET) $(INSTALLED_DTBOIMAGE_TARGET) $(BOARD_AVB_KEY_PATH)
$(build-vbmetaimage-target)
.PHONY: vbmetaimage-nodeps
vbmetaimage-nodeps:
$(build-vbmetaimage-target)
-# We need $(AVBTOOL) for system.img generation.
-FULL_SYSTEMIMAGE_DEPS += $(AVBTOOL)
-
endif # BOARD_AVB_ENABLE
# -----------------------------------------------------------------
@@ -2234,11 +2332,17 @@
$(hide) echo "full_recovery_image=true" >> $(zip_root)/META/misc_info.txt
endif
ifeq ($(BOARD_AVB_ENABLE),true)
- $(hide) echo "board_avb_enable=true" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_rollback_index=$(BOARD_AVB_ROLLBACK_INDEX)" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_boot_add_hash_footer_args=$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_make_vbmeta_image_args=$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS)" >> $(zip_root)/META/misc_info.txt
-endif
+ $(hide) echo "avb_enable=true" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_vbmeta_key_path=$(BOARD_AVB_KEY_PATH)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_vbmeta_algorithm=$(BOARD_AVB_ALGORITHM)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_vbmeta_args=$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_boot_add_hash_footer_args=$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt
+ifdef BOARD_AVB_BOOT_KEY_PATH
+ $(hide) echo "avb_boot_key_path=$(BOARD_AVB_BOOT_KEY_PATH)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_boot_algorithm=$(BOARD_AVB_BOOT_ALGORITHM)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_boot_rollback_index_location=$(BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION)" >> $(zip_root)/META/misc_info.txt
+endif # BOARD_AVB_BOOT_KEY_PATH
+endif # BOARD_AVB_ENABLE
ifdef BOARD_BPT_INPUT_FILES
$(hide) echo "board_bpt_enable=true" >> $(zip_root)/META/misc_info.txt
$(hide) echo "board_bpt_make_table_args=$(BOARD_BPT_MAKE_TABLE_ARGS)" >> $(zip_root)/META/misc_info.txt
@@ -2296,10 +2400,15 @@
$(hide) echo "has_dtbo=true" >> $(zip_root)/META/misc_info.txt
ifeq ($(BOARD_AVB_ENABLE),true)
$(hide) echo "dtbo_size=$(BOARD_DTBOIMG_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_dtbo_add_hash_footer_args=$(BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS)" \
+ $(hide) echo "avb_dtbo_add_hash_footer_args=$(BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt
+ifdef BOARD_AVB_DTBO_KEY_PATH
+ $(hide) echo "avb_dtbo_key_path=$(BOARD_AVB_DTBO_KEY_PATH)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_dtbo_algorithm=$(BOARD_AVB_DTBO_ALGORITHM)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_dtbo_rollback_index_location=$(BOARD_AVB_DTBO_ROLLBACK_INDEX_LOCATION)" \
>> $(zip_root)/META/misc_info.txt
-endif
-endif
+endif # BOARD_AVB_DTBO_KEY_PATH
+endif # BOARD_AVB_ENABLE
+endif # BOARD_PREBUILT_DTBOIMAGE
@# Run fs_config on all the system, vendor, boot ramdisk,
@# and recovery ramdisk files in the zip, and save the output
$(hide) $(call fs_config,$(zip_root)/SYSTEM,system/) > $(zip_root)/META/filesystem_config.txt
diff --git a/core/base_rules.mk b/core/base_rules.mk
index c327d2c..07d1cd9 100644
--- a/core/base_rules.mk
+++ b/core/base_rules.mk
@@ -243,6 +243,18 @@
intermediates.COMMON := $(call local-intermediates-dir,COMMON)
generated_sources_dir := $(call local-generated-sources-dir)
+ifneq ($(LOCAL_OVERRIDES_MODULES),)
+ ifeq ($(LOCAL_MODULE_CLASS),EXECUTABLES)
+ ifndef LOCAL_IS_HOST_MODULE
+ EXECUTABLES.$(LOCAL_MODULE).OVERRIDES := $(strip $(LOCAL_OVERRIDES_MODULES))
+ else
+ $(call pretty-error,host modules cannot use LOCAL_OVERRIDES_MODULES)
+ endif
+ else
+ $(call pretty-error,LOCAL_MODULE_CLASS := $(LOCAL_MODULE_CLASS) cannot use LOCAL_OVERRIDES_MODULES)
+ endif
+endif
+
###########################################################
# Pick a name for the intermediate and final targets
###########################################################
diff --git a/core/clang/OWNERS b/core/clang/OWNERS
new file mode 100644
index 0000000..d41d3fc
--- /dev/null
+++ b/core/clang/OWNERS
@@ -0,0 +1,4 @@
+chh@google.com
+pirama@google.com
+srhines@google.com
+yikong@google.com
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index a865597..4556fde 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -171,6 +171,7 @@
LOCAL_ODM_MODULE:=
LOCAL_OEM_MODULE:=
LOCAL_OVERRIDES_PACKAGES:=
+LOCAL_OVERRIDES_MODULES:=
LOCAL_PACKAGE_NAME:=
LOCAL_PACKAGE_SPLITS:=
LOCAL_PACK_MODULE_RELOCATIONS:=
diff --git a/core/local_vndk.mk b/core/local_vndk.mk
index 5ac5f26..640aac7 100644
--- a/core/local_vndk.mk
+++ b/core/local_vndk.mk
@@ -3,7 +3,7 @@
#If LOCAL_SDK_VERSION is set, thats a more restrictive set, so they dont need LOCAL_USE_VNDK
ifndef LOCAL_IS_HOST_MODULE
ifndef LOCAL_SDK_VERSION
- ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_OEM_MODULE)))
+ ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_OEM_MODULE) $(LOCAL_PROPRIETARY_MODULE)))
LOCAL_USE_VNDK:=true
else
ifneq (,$(filter $(TARGET_OUT_VENDOR)%,$(LOCAL_MODULE_PATH) $(LOCAL_MODULE_PATH_32) $(LOCAL_MODULE_PATH_64)))
diff --git a/core/main.mk b/core/main.mk
index bc4ed04..ea72a9a 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -768,6 +768,9 @@
# Filter out the overridden packages before doing expansion
product_MODULES := $(filter-out $(foreach p, $(product_MODULES), \
$(PACKAGES.$(p).OVERRIDES)), $(product_MODULES))
+ # Filter out executables as well
+ product_MODULES := $(filter-out $(foreach m, $(product_MODULES), \
+ $(EXECUTABLES.$(m).OVERRIDES)), $(product_MODULES))
# Resolve the :32 :64 module name
modules_32 := $(patsubst %:32,%,$(filter %:32, $(product_MODULES)))
diff --git a/core/tasks/tools/build_custom_image.mk b/core/tasks/tools/build_custom_image.mk
index 8c098d6..702d8b3 100644
--- a/core/tasks/tools/build_custom_image.mk
+++ b/core/tasks/tools/build_custom_image.mk
@@ -144,3 +144,9 @@
# Archive the built image.
$(call dist-for-goals, $(my_custom_image_name) custom_images,$(my_installed_custom_image))
+
+my_staging_dir :=
+my_built_modules :=
+my_copy_dest :=
+my_copy_pairs :=
+my_pickup_files :=
diff --git a/core/tasks/tools/package-modules.mk b/core/tasks/tools/package-modules.mk
index 63fab63..629a9b2 100644
--- a/core/tasks/tools/package-modules.mk
+++ b/core/tasks/tools/package-modules.mk
@@ -4,6 +4,7 @@
# Input variables:
# my_modules: a list of module names
# my_package_name: the name of the output zip file.
+# my_copy_pairs: a list of extra files to install (in src:dest format)
# Output variables:
# my_package_zip: the path to the output zip file.
#
@@ -11,8 +12,8 @@
my_makefile := $(lastword $(filter-out $(lastword $(MAKEFILE_LIST)),$(MAKEFILE_LIST)))
my_staging_dir := $(call intermediates-dir-for,PACKAGING,$(my_package_name))
-my_built_modules :=
-my_copy_pairs :=
+my_built_modules := $(foreach p,$(my_copy_pairs),$(call word-colon,1,$(p)))
+my_copy_pairs := $(foreach p,$(my_copy_pairs),$(call word-colon,1,$(p)):$(my_staging_dir)/$(call word-colon,2,$(p)))
my_pickup_files :=
# Iterate over the modules and include their direct dependencies stated in the
@@ -67,3 +68,12 @@
$(hide) $(foreach f, $(PRIVATE_PICKUP_FILES),\
cp -RfL $(f) $(dir $@) && ) true
$(hide) cd $(dir $@) && zip -rqX $(notdir $@) *
+
+my_makefile :=
+my_staging_dir :=
+my_built_modules :=
+my_copy_dest :=
+my_copy_pairs :=
+my_pickup_files :=
+my_missing_files :=
+my_modules_and_deps :=
diff --git a/tools/OWNERS b/tools/OWNERS
new file mode 100644
index 0000000..7a23adc
--- /dev/null
+++ b/tools/OWNERS
@@ -0,0 +1,2 @@
+per-file warn.py = chh@google.com
+per-file checkowners.py = chh@google.com
diff --git a/tools/releasetools/OWNERS b/tools/releasetools/OWNERS
new file mode 100644
index 0000000..39448cf
--- /dev/null
+++ b/tools/releasetools/OWNERS
@@ -0,0 +1 @@
+tbao@google.com
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 0d77be1..ff7109a 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -191,14 +191,14 @@
shutil.copy(dtbo_prebuilt_path, img.name)
# AVB-sign the image as needed.
- if OPTIONS.info_dict.get("board_avb_enable") == "true":
+ if OPTIONS.info_dict.get("avb_enable") == "true":
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
part_size = OPTIONS.info_dict["dtbo_size"]
# The AVB hash footer will be replaced if already present.
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "dtbo"]
- cmd.extend(shlex.split(OPTIONS.info_dict["avb_signing_args"]))
- args = OPTIONS.info_dict.get("board_avb_dtbo_add_hash_footer_args")
+ common.AppendAVBSigningArgs(cmd, "dtbo")
+ args = OPTIONS.info_dict.get("avb_dtbo_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = common.Run(cmd, stdout=subprocess.PIPE)
@@ -270,7 +270,7 @@
# by the avb tool.
is_verity_partition = "verity_block_device" in image_props
verity_supported = (image_props.get("verity") == "true" or
- image_props.get("board_avb_enable") == "true")
+ image_props.get("avb_enable") == "true")
is_avb_enable = image_props.get("avb_hashtree_enable") == "true"
if verity_supported and (is_verity_partition or is_avb_enable):
adjusted_blocks_value = image_props.get("partition_size")
@@ -333,25 +333,51 @@
img.Write()
+def AppendVBMetaArgsForPartition(cmd, partition, img_path, public_key_dir):
+ if not img_path:
+ return
+
+ # Check if chain partition is used.
+ key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path")
+ if key_path:
+ # extract public key in AVB format to be included in vbmeta.img
+ avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
+ public_key_path = os.path.join(public_key_dir, "%s.avbpubkey" % partition)
+ p = common.Run([avbtool, "extract_public_key", "--key", key_path,
+ "--output", public_key_path],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ p.communicate()
+ assert p.returncode == 0, \
+ "avbtool extract_public_key fail for partition: %r" % partition
+
+ rollback_index_location = OPTIONS.info_dict[
+ "avb_" + partition + "_rollback_index_location"]
+ cmd.extend(["--chain_partition", "%s:%s:%s" % (
+ partition, rollback_index_location, public_key_path)])
+ else:
+ cmd.extend(["--include_descriptors_from_image", img_path])
+
+
def AddVBMeta(output_zip, boot_img_path, system_img_path, vendor_img_path,
dtbo_img_path, prefix="IMAGES/"):
"""Create a VBMeta image and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
- cmd = [avbtool, "make_vbmeta_image",
- "--output", img.name,
- "--include_descriptors_from_image", boot_img_path,
- "--include_descriptors_from_image", system_img_path]
- if vendor_img_path is not None:
- cmd.extend(["--include_descriptors_from_image", vendor_img_path])
- if dtbo_img_path is not None:
- cmd.extend(["--include_descriptors_from_image", dtbo_img_path])
- if OPTIONS.info_dict.get("system_root_image") == "true":
- cmd.extend(["--setup_rootfs_from_kernel", system_img_path])
- cmd.extend(shlex.split(OPTIONS.info_dict["avb_signing_args"]))
- args = OPTIONS.info_dict.get("board_avb_make_vbmeta_image_args")
+ cmd = [avbtool, "make_vbmeta_image", "--output", img.name]
+ common.AppendAVBSigningArgs(cmd, "vbmeta")
+
+ public_key_dir = tempfile.mkdtemp(prefix="avbpubkey-")
+ OPTIONS.tempfiles.append(public_key_dir)
+
+ AppendVBMetaArgsForPartition(cmd, "boot", boot_img_path, public_key_dir)
+ AppendVBMetaArgsForPartition(cmd, "system", system_img_path, public_key_dir)
+ AppendVBMetaArgsForPartition(cmd, "vendor", vendor_img_path, public_key_dir)
+ AppendVBMetaArgsForPartition(cmd, "dtbo", dtbo_img_path, public_key_dir)
+
+ args = OPTIONS.info_dict.get("avb_vbmeta_args")
if args and args.strip():
cmd.extend(shlex.split(args))
+
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
@@ -556,7 +582,7 @@
banner("dtbo")
dtbo_img_path = AddDtbo(output_zip)
- if OPTIONS.info_dict.get("board_avb_enable") == "true":
+ if OPTIONS.info_dict.get("avb_enable") == "true":
banner("vbmeta")
boot_contents = boot_image.WriteToTemp()
AddVBMeta(output_zip, boot_contents.name, system_img_path,
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index de75a6b..6de9763 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -109,18 +109,19 @@
Returns:
The maximum image size or 0 if an error occurred.
"""
- cmdline = "%s add_%s_footer " % (avbtool, footer_type)
- cmdline += "--partition_size %d " % partition_size
- cmdline += "--calc_max_image_size "
- cmdline += additional_args
- (output, exit_code) = RunCommand(shlex.split(cmdline))
+ cmd =[avbtool, "add_%s_footer" % footer_type,
+ "--partition_size", partition_size, "--calc_max_image_size"]
+ cmd.extend(shlex.split(additional_args))
+
+ (output, exit_code) = RunCommand(cmd)
if exit_code != 0:
return 0
else:
return int(output)
def AVBAddFooter(image_path, avbtool, footer_type, partition_size,
- partition_name, signing_args, additional_args):
+ partition_name, key_path, algorithm,
+ additional_args):
"""Adds dm-verity hashtree and AVB metadata to an image.
Args:
@@ -129,19 +130,24 @@
footer_type: 'hash' or 'hashtree' for generating footer.
partition_size: The size of the partition in question.
partition_name: The name of the partition - will be embedded in metadata.
- signing_args: Arguments for signing the image.
+ key_path: Path to key to use or None.
+ algorithm: Name of algorithm to use or None.
additional_args: Additional arguments to pass to 'avbtool
add_hashtree_image'.
Returns:
True if the operation succeeded.
"""
- cmdline = "%s add_%s_footer " % (avbtool, footer_type)
- cmdline += "--partition_size %d " % partition_size
- cmdline += "--partition_name %s " % partition_name
- cmdline += "--image %s " % image_path
- cmdline += signing_args + " "
- cmdline += additional_args
- (_, exit_code) = RunCommand(shlex.split(cmdline))
+ cmd =[avbtool, "add_%s_footer" % footer_type,
+ "--partition_size", partition_size,
+ "--partition_name", partition_name,
+ "--image", image_path]
+
+ if key_path and algorithm:
+ cmd.extend(["--key", key_path, "--algorithm", algorithm])
+
+ cmd.extend(shlex.split(additional_args))
+
+ (_, exit_code) = RunCommand(cmd)
return exit_code == 0
def AdjustPartitionSizeForVerity(partition_size, fec_supported):
@@ -420,8 +426,8 @@
avb_footer_type = 'hashtree'
if avb_footer_type:
- avbtool = prop_dict.get("avb_avbtool")
- partition_size = int(prop_dict.get("partition_size"))
+ avbtool = prop_dict["avb_avbtool"]
+ partition_size = prop_dict["partition_size"]
# avb_add_hash_footer_args or avb_add_hashtree_footer_args.
additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"]
max_image_size = AVBCalcMaxImageSize(avbtool, avb_footer_type, partition_size,
@@ -429,7 +435,7 @@
if max_image_size == 0:
return False
prop_dict["partition_size"] = str(max_image_size)
- prop_dict["original_partition_size"] = str(partition_size)
+ prop_dict["original_partition_size"] = partition_size
if fs_type.startswith("ext"):
build_command = [prop_dict["ext_mkuserimg"]]
@@ -572,14 +578,16 @@
# Add AVB HASH or HASHTREE footer (metadata).
if avb_footer_type:
- avbtool = prop_dict.get("avb_avbtool")
- original_partition_size = int(prop_dict.get("original_partition_size"))
+ avbtool = prop_dict["avb_avbtool"]
+ original_partition_size = prop_dict["original_partition_size"]
partition_name = prop_dict["partition_name"]
- signing_args = prop_dict["avb_signing_args"]
+ # key_path and algorithm are only available when chain partition is used.
+ key_path = prop_dict.get("avb_key_path")
+ algorithm = prop_dict.get("avb_algorithm")
# avb_add_hash_footer_args or avb_add_hashtree_footer_args
additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"]
if not AVBAddFooter(out_file, avbtool, avb_footer_type, original_partition_size,
- partition_name, signing_args, additional_args):
+ partition_name, key_path, algorithm, additional_args):
return False
if run_fsck and prop_dict.get("skip_fsck") != "true":
@@ -624,8 +632,7 @@
"verity_key",
"verity_signer_cmd",
"verity_fec",
- "board_avb_enable",
- "avb_signing_args",
+ "avb_enable",
"avb_avbtool"
)
for p in common_props:
@@ -633,6 +640,11 @@
d["mount_point"] = mount_point
if mount_point == "system":
+ copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")
+ copy_prop("avb_system_add_hashtree_footer_args",
+ "avb_add_hashtree_footer_args")
+ copy_prop("avb_system_key_path", "avb_key_path")
+ copy_prop("avb_system_algorithm", "avb_algorithm")
copy_prop("fs_type", "fs_type")
# Copy the generic system fs type first, override with specific one if
# available.
@@ -650,13 +662,15 @@
copy_prop("system_squashfs_block_size", "squashfs_block_size")
copy_prop("system_squashfs_disable_4k_align", "squashfs_disable_4k_align")
copy_prop("system_base_fs_file", "base_fs_file")
- copy_prop("system_avb_hashtree_enable", "avb_hashtree_enable")
- copy_prop("system_avb_add_hashtree_footer_args",
- "avb_add_hashtree_footer_args")
copy_prop("system_extfs_inode_count", "extfs_inode_count")
elif mount_point == "system_other":
# We inherit the selinux policies of /system since we contain some of its files.
d["mount_point"] = "system"
+ copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")
+ copy_prop("avb_system_add_hashtree_footer_args",
+ "avb_add_hashtree_footer_args")
+ copy_prop("avb_system_key_path", "avb_key_path")
+ copy_prop("avb_system_algorithm", "avb_algorithm")
copy_prop("fs_type", "fs_type")
copy_prop("system_fs_type", "fs_type")
copy_prop("system_size", "partition_size")
@@ -667,9 +681,6 @@
copy_prop("system_squashfs_compressor_opt", "squashfs_compressor_opt")
copy_prop("system_squashfs_block_size", "squashfs_block_size")
copy_prop("system_base_fs_file", "base_fs_file")
- copy_prop("system_avb_hashtree_enable", "avb_hashtree_enable")
- copy_prop("system_avb_add_hashtree_footer_args",
- "avb_add_hashtree_footer_args")
copy_prop("system_extfs_inode_count", "extfs_inode_count")
elif mount_point == "data":
# Copy the generic fs type first, override with specific one if available.
@@ -682,6 +693,11 @@
copy_prop("cache_fs_type", "fs_type")
copy_prop("cache_size", "partition_size")
elif mount_point == "vendor":
+ copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable")
+ copy_prop("avb_vendor_add_hashtree_footer_args",
+ "avb_add_hashtree_footer_args")
+ copy_prop("avb_vendor_key_path", "avb_key_path")
+ copy_prop("avb_vendor_algorithm", "avb_algorithm")
copy_prop("vendor_fs_type", "fs_type")
copy_prop("vendor_size", "partition_size")
copy_prop("vendor_journal_size", "journal_size")
@@ -692,9 +708,6 @@
copy_prop("vendor_squashfs_block_size", "squashfs_block_size")
copy_prop("vendor_squashfs_disable_4k_align", "squashfs_disable_4k_align")
copy_prop("vendor_base_fs_file", "base_fs_file")
- copy_prop("vendor_avb_hashtree_enable", "avb_hashtree_enable")
- copy_prop("vendor_avb_add_hashtree_footer_args",
- "avb_add_hashtree_footer_args")
copy_prop("vendor_extfs_inode_count", "extfs_inode_count")
elif mount_point == "oem":
copy_prop("fs_type", "fs_type")
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index a9a004b..c721a24 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -345,6 +345,15 @@
print("%-25s = (%s) %s" % (k, type(v).__name__, v))
+def AppendAVBSigningArgs(cmd, partition):
+ """Append signing arguments for avbtool."""
+ # e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096"
+ key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path")
+ algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm")
+ if key_path and algorithm:
+ cmd.extend(["--key", key_path, "--algorithm", algorithm])
+
+
def _BuildBootableImage(sourcedir, fs_config_file, info_dict=None,
has_ramdisk=False, two_step_image=False):
"""Build a bootable image from the specified sourcedir.
@@ -480,13 +489,13 @@
img_keyblock.close()
# AVB: if enabled, calculate and add hash to boot.img.
- if info_dict.get("board_avb_enable", None) == "true":
+ if info_dict.get("avb_enable") == "true":
avbtool = os.getenv('AVBTOOL') or info_dict["avb_avbtool"]
part_size = info_dict["boot_size"]
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "boot"]
- cmd.extend(shlex.split(info_dict["avb_signing_args"]))
- args = info_dict.get("board_avb_boot_add_hash_footer_args")
+ AppendAVBSigningArgs(cmd, "boot")
+ args = info_dict.get("avb_boot_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = Run(cmd, stdout=subprocess.PIPE)
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 1c8fe65..1b0f68b 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -1168,7 +1168,7 @@
# into A/B OTA package.
target_zip = zipfile.ZipFile(target_file, "r")
if (OPTIONS.info_dict.get("verity") == "true" or
- OPTIONS.info_dict.get("board_avb_enable") == "true"):
+ OPTIONS.info_dict.get("avb_enable") == "true"):
care_map_path = "META/care_map.txt"
namelist = target_zip.namelist()
if care_map_path in namelist:
diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py
index a861346..36f256d 100644
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -14,12 +14,14 @@
# limitations under the License.
#
import os
+import shutil
import tempfile
import time
import unittest
import zipfile
import common
+import validate_target_files
def random_string_with_holes(size, block_size, step_size):
@@ -295,3 +297,55 @@
expected_mode=0o400)
finally:
os.remove(zip_file_name)
+
+class InstallRecoveryScriptFormatTest(unittest.TestCase):
+ """Check the format of install-recovery.sh
+
+ Its format should match between common.py and validate_target_files.py."""
+
+ def setUp(self):
+ self._tempdir = tempfile.mkdtemp()
+ # Create a dummy dict that contains the fstab info for boot&recovery.
+ self._info = {"fstab" : {}}
+ dummy_fstab = \
+ ["/dev/soc.0/by-name/boot /boot emmc defaults defaults",
+ "/dev/soc.0/by-name/recovery /recovery emmc defaults defaults"]
+ self._info["fstab"] = common.LoadRecoveryFSTab(lambda x : "\n".join(x),
+ 2, dummy_fstab)
+
+ def _out_tmp_sink(self, name, data, prefix="SYSTEM"):
+ loc = os.path.join(self._tempdir, prefix, name)
+ if not os.path.exists(os.path.dirname(loc)):
+ os.makedirs(os.path.dirname(loc))
+ with open(loc, "w+") as f:
+ f.write(data)
+
+ def test_full_recovery(self):
+ recovery_image = common.File("recovery.img", "recovery");
+ boot_image = common.File("boot.img", "boot");
+ self._info["full_recovery_image"] = "true"
+
+ common.MakeRecoveryPatch(self._tempdir, self._out_tmp_sink,
+ recovery_image, boot_image, self._info)
+ validate_target_files.ValidateInstallRecoveryScript(self._tempdir,
+ self._info)
+
+ def test_recovery_from_boot(self):
+ recovery_image = common.File("recovery.img", "recovery");
+ self._out_tmp_sink("recovery.img", recovery_image.data, "IMAGES")
+ boot_image = common.File("boot.img", "boot");
+ self._out_tmp_sink("boot.img", boot_image.data, "IMAGES")
+
+ common.MakeRecoveryPatch(self._tempdir, self._out_tmp_sink,
+ recovery_image, boot_image, self._info)
+ validate_target_files.ValidateInstallRecoveryScript(self._tempdir,
+ self._info)
+ # Validate 'recovery-from-boot' with bonus argument.
+ self._out_tmp_sink("etc/recovery-resource.dat", "bonus", "SYSTEM")
+ common.MakeRecoveryPatch(self._tempdir, self._out_tmp_sink,
+ recovery_image, boot_image, self._info)
+ validate_target_files.ValidateInstallRecoveryScript(self._tempdir,
+ self._info)
+
+ def tearDown(self):
+ shutil.rmtree(self._tempdir)
diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py
index 1dd3159..8ac3322 100755
--- a/tools/releasetools/validate_target_files.py
+++ b/tools/releasetools/validate_target_files.py
@@ -26,6 +26,7 @@
import common
import logging
import os.path
+import re
import sparse_img
import sys
@@ -43,13 +44,38 @@
return sparse_img.SparseImage(path, mappath, clobbered_blocks)
-def ValidateFileConsistency(input_zip, input_tmp):
- """Compare the files from image files and unpacked folders."""
+def _CalculateFileSha1(file_name, unpacked_name, round_up=False):
+ """Calculate the SHA-1 for a given file. Round up its size to 4K if needed."""
def RoundUpTo4K(value):
rounded_up = value + 4095
return rounded_up - (rounded_up % 4096)
+ assert os.path.exists(unpacked_name)
+ with open(unpacked_name, 'r') as f:
+ file_data = f.read()
+ file_size = len(file_data)
+ if round_up:
+ file_size_rounded_up = RoundUpTo4K(file_size)
+ file_data += '\0' * (file_size_rounded_up - file_size)
+ return common.File(file_name, file_data).sha1
+
+
+def ValidateFileAgainstSha1(input_tmp, file_name, file_path, expected_sha1):
+ """Check if the file has the expected SHA-1."""
+
+ logging.info('Validating the SHA-1 of {}'.format(file_name))
+ unpacked_name = os.path.join(input_tmp, file_path)
+ assert os.path.exists(unpacked_name)
+ actual_sha1 = _CalculateFileSha1(file_name, unpacked_name, False)
+ assert actual_sha1 == expected_sha1, \
+ 'SHA-1 mismatches for {}. actual {}, expected {}'.format(
+ file_name, actual_sha1, expected_sha1)
+
+
+def ValidateFileConsistency(input_zip, input_tmp):
+ """Compare the files from image files and unpacked folders."""
+
def CheckAllFiles(which):
logging.info('Checking %s image.', which)
image = _GetImage(which, input_tmp)
@@ -66,12 +92,7 @@
# The filename under unpacked directory, such as SYSTEM/bin/sh.
unpacked_name = os.path.join(
input_tmp, which.upper(), entry[(len(prefix) + 1):])
- with open(unpacked_name) as f:
- file_data = f.read()
- file_size = len(file_data)
- file_size_rounded_up = RoundUpTo4K(file_size)
- file_data += '\0' * (file_size_rounded_up - file_size)
- file_sha1 = common.File(entry, file_data).sha1
+ file_sha1 = _CalculateFileSha1(entry, unpacked_name, True)
assert blocks_sha1 == file_sha1, \
'file: %s, range: %s, blocks_sha1: %s, file_sha1: %s' % (
@@ -89,6 +110,78 @@
# Not checking IMAGES/system_other.img since it doesn't have the map file.
+def ValidateInstallRecoveryScript(input_tmp, info_dict):
+ """Validate the SHA-1 embedded in install-recovery.sh.
+
+ install-recovery.sh is written in common.py and has the following format:
+
+ 1. full recovery:
+ ...
+ if ! applypatch -c type:device:size:SHA-1; then
+ applypatch /system/etc/recovery.img type:device sha1 size && ...
+ ...
+
+ 2. recovery from boot:
+ ...
+ applypatch [-b bonus_args] boot_info recovery_info recovery_sha1 \
+ recovery_size patch_info && ...
+ ...
+
+ For full recovery, we want to calculate the SHA-1 of /system/etc/recovery.img
+ and compare it against the one embedded in the script. While for recovery
+ from boot, we want to check the SHA-1 for both recovery.img and boot.img
+ under IMAGES/.
+ """
+
+ script_path = 'SYSTEM/bin/install-recovery.sh'
+ if not os.path.exists(os.path.join(input_tmp, script_path)):
+ logging.info('{} does not exist in input_tmp'.format(script_path))
+ return
+
+ logging.info('Checking {}'.format(script_path))
+ with open(os.path.join(input_tmp, script_path), 'r') as script:
+ lines = script.read().strip().split('\n')
+ assert len(lines) >= 6
+ check_cmd = re.search(r'if ! applypatch -c \w+:.+:\w+:(\w+);',
+ lines[1].strip())
+ expected_recovery_check_sha1 = check_cmd.group(1)
+ patch_cmd = re.search(r'(applypatch.+)&&', lines[2].strip())
+ applypatch_argv = patch_cmd.group(1).strip().split()
+
+ full_recovery_image = info_dict.get("full_recovery_image") == "true"
+ if full_recovery_image:
+ assert len(applypatch_argv) == 5
+ # Check we have the same expected SHA-1 of recovery.img in both check mode
+ # and patch mode.
+ expected_recovery_sha1 = applypatch_argv[3].strip()
+ assert expected_recovery_check_sha1 == expected_recovery_sha1
+ ValidateFileAgainstSha1(input_tmp, 'recovery.img',
+ 'SYSTEM/etc/recovery.img', expected_recovery_sha1)
+ else:
+ # We're patching boot.img to get recovery.img where bonus_args is optional
+ if applypatch_argv[1] == "-b":
+ assert len(applypatch_argv) == 8
+ boot_info_index = 3
+ else:
+ assert len(applypatch_argv) == 6
+ boot_info_index = 1
+
+ # boot_info: boot_type:boot_device:boot_size:boot_sha1
+ boot_info = applypatch_argv[boot_info_index].strip().split(':')
+ assert len(boot_info) == 4
+ ValidateFileAgainstSha1(input_tmp, file_name='boot.img',
+ file_path='IMAGES/boot.img', expected_sha1=boot_info[3])
+
+ recovery_sha1_index = boot_info_index + 2
+ expected_recovery_sha1 = applypatch_argv[recovery_sha1_index]
+ assert expected_recovery_check_sha1 == expected_recovery_sha1
+ ValidateFileAgainstSha1(input_tmp, file_name='recovery.img',
+ file_path='IMAGES/recovery.img',
+ expected_sha1=expected_recovery_sha1)
+
+ logging.info('Done checking {}'.format(script_path))
+
+
def main(argv):
def option_handler():
return True
@@ -112,11 +205,12 @@
ValidateFileConsistency(input_zip, input_tmp)
+ info_dict = common.LoadInfoDict(input_tmp)
+ ValidateInstallRecoveryScript(input_tmp, info_dict)
+
# TODO: Check if the OTA keys have been properly updated (the ones on /system,
# in recovery image).
- # TODO(b/35411009): Verify the contents in /system/bin/install-recovery.sh.
-
logging.info("Done.")