Merge "Don't strip for eng builds."
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 7e23ee0..5ab64b3 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -456,6 +456,13 @@
$(call add-clean-step, rm -rf $(HOST_OUT_COMMON_INTERMEDIATES)/*/*_intermediates/with-local/)
$(call add-clean-step, rm -rf $(HOST_OUT_COMMON_INTERMEDIATES)/*/*_intermediates/no-local/)
+# Remove legacy VINTF metadata files
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/manifest.xml)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/vendor/manifest.xml)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/manifest.xml)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/vendor/compatibility_matrix.xml)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/compatibility_matrix.xml)
+
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/build-system.html b/core/build-system.html
index c7938cc..3d86e24 100644
--- a/core/build-system.html
+++ b/core/build-system.html
@@ -762,6 +762,19 @@
Dialer, Contacts, etc. This will probably change or go away when we switch
to an ant-based build system for the apps.</p>
+<h4>LOCAL_PATCH_MODULE (experimental option)</h4>
+<p>As of January 2018, you almost certainly don't need this option, so please
+ask and only use it if you understand what you're doing. This feature is
+experimental and may go away in future.</p>
+<p>
+When compiling language level 9+ .java code in packages that are part of a
+a system module, <code>LOCAL_PATCH_MODULE</code> names the module that your
+sources and dependencies should be patched into. The Android runtime currently
+(Jan 2018) doesn't implement the JEP 261 module system so this option is only
+supported at compile time. It should only be needed to compile tests in packages
+that exist in libcore and which are inconvenient to move elsewhere.
+</p>
+
<h4>LOCAL_PATH</h4>
<p>The directory your Android.mk file is in. You can set it by putting the
following as the first line in your Android.mk:</p>
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index b2522ee..5101e73 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -182,6 +182,7 @@
LOCAL_PACKAGE_NAME:=
LOCAL_PACKAGE_SPLITS:=
LOCAL_PACK_MODULE_RELOCATIONS:=
+LOCAL_PATCH_MODULE:=
LOCAL_PICKUP_FILES:=
LOCAL_POST_INSTALL_CMD:=
LOCAL_POST_LINK_CMD:=
diff --git a/core/config.mk b/core/config.mk
index 255c848..b11e9fd 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -742,6 +742,19 @@
APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)"
+# Boolean variable determining if the whitelist for compatible properties is enabled
+PRODUCT_COMPATIBLE_PROPERTY := false
+ifneq ($(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE),)
+ PRODUCT_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE)
+else ifeq ($(PRODUCT_SHIPPING_API_LEVEL),)
+ #$(warning no product shipping level defined)
+else ifneq ($(call math_lt,27,$(PRODUCT_SHIPPING_API_LEVEL)),)
+ PRODUCT_COMPATIBLE_PROPERTY := true
+endif
+
+.KATI_READONLY := \
+ PRODUCT_COMPATIBLE_PROPERTY
+
# Boolean variable determining if Treble is fully enabled
PRODUCT_FULL_TREBLE := false
ifneq ($(PRODUCT_FULL_TREBLE_OVERRIDE),)
@@ -918,8 +931,12 @@
TARGET_SDK_VERSIONS_WITHOUT_JAVA_19_SUPPORT := $(call numbers_less_than,27,$(TARGET_AVAILABLE_SDK_VERSIONS))
INTERNAL_PLATFORM_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/public_api.txt
+INTERNAL_PLATFORM_PRIVATE_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/private.txt
+INTERNAL_PLATFORM_PRIVATE_DEX_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/private-dex.txt
INTERNAL_PLATFORM_REMOVED_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/removed.txt
INTERNAL_PLATFORM_SYSTEM_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-api.txt
+INTERNAL_PLATFORM_SYSTEM_PRIVATE_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-private.txt
+INTERNAL_PLATFORM_SYSTEM_PRIVATE_DEX_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-private-dex.txt
INTERNAL_PLATFORM_SYSTEM_REMOVED_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-removed.txt
INTERNAL_PLATFORM_SYSTEM_EXACT_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/system-exact.txt
INTERNAL_PLATFORM_TEST_API_FILE := $(TARGET_OUT_COMMON_INTERMEDIATES)/PACKAGING/test-api.txt
diff --git a/core/definitions.mk b/core/definitions.mk
index a20bf44..1236bf5 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -2245,6 +2245,9 @@
$(addprefix -bootclasspath ,$(strip \
$(call normalize-path-list,$(PRIVATE_BOOTCLASSPATH)) \
$(PRIVATE_EMPTY_BOOTCLASSPATH)))) \
+ $(if $(PRIVATE_USE_SYSTEM_MODULES), \
+ $(if $(PRIVATE_PATCH_MODULE), \
+ --patch-module=$(PRIVATE_PATCH_MODULE)=$(call normalize-path-list,. $(2)))) \
$(addprefix -classpath ,$(strip \
$(call normalize-path-list,$(2)))) \
$(if $(findstring true,$(PRIVATE_WARNINGS_ENABLE)),$(xlint_unchecked),) \
@@ -2781,18 +2784,22 @@
# $(3): LOCAL_DEX_PREOPT, if nostripping then leave classes*.dex
define dexpreopt-copy-jar
$(2): $(1)
- @echo $(if $(filter nostripping,$(3)),"Copy: $$@","Copy without dex: $$@")
+ @echo "Copy: $$@"
$$(copy-file-to-target)
$(if $(filter nostripping,$(3)),,$$(call dexpreopt-remove-classes.dex,$$@))
endef
-# $(1): the .jar or .apk to remove classes.dex
+# $(1): the .jar or .apk to remove classes.dex. Note that if all dex files
+# are uncompressed in the archive, then dexopt will not do a copy of the dex
+# files and we should not strip.
define dexpreopt-remove-classes.dex
-$(hide) zip --quiet --delete $(1) classes.dex; \
+$(hide) if (zipinfo $1 '*.dex' 2>/dev/null | grep -v ' stor ' >/dev/null) ; then \
+zip --quiet --delete $(1) classes.dex; \
dex_index=2; \
while zip --quiet --delete $(1) classes$${dex_index}.dex > /dev/null; do \
let dex_index=dex_index+1; \
-done
+done \
+fi
endef
###########################################################
diff --git a/core/dex_preopt_libart.mk b/core/dex_preopt_libart.mk
index 20d43dc..af2355a 100644
--- a/core/dex_preopt_libart.mk
+++ b/core/dex_preopt_libart.mk
@@ -7,11 +7,14 @@
# Set USE_DEX2OAT_DEBUG to false for only building non-debug versions.
ifeq ($(USE_DEX2OAT_DEBUG),false)
DEX2OAT := $(HOST_OUT_EXECUTABLES)/dex2oat$(HOST_EXECUTABLE_SUFFIX)
+PATCHOAT := $(HOST_OUT_EXECUTABLES)/patchoat$(HOST_EXECUTABLE_SUFFIX)
else
DEX2OAT := $(HOST_OUT_EXECUTABLES)/dex2oatd$(HOST_EXECUTABLE_SUFFIX)
+PATCHOAT := $(HOST_OUT_EXECUTABLES)/patchoatd$(HOST_EXECUTABLE_SUFFIX)
endif
DEX2OAT_DEPENDENCY += $(DEX2OAT)
+PATCHOAT_DEPENDENCY += $(PATCHOAT)
# Use the first preloaded-classes file in PRODUCT_COPY_FILES.
PRELOADED_CLASSES := $(call word-colon,1,$(firstword \
@@ -87,8 +90,8 @@
# is converted into to boot.art (to match the legacy assumption that boot.art
# exists), and the rest are converted to boot-<name>.art.
# In addition, each .art file has an associated .oat file.
-LIBART_TARGET_BOOT_ART_EXTRA_FILES := $(foreach jar,$(wordlist 2,999,$(LIBART_TARGET_BOOT_JARS)),boot-$(jar).art boot-$(jar).oat boot-$(jar).vdex)
-LIBART_TARGET_BOOT_ART_EXTRA_FILES += boot.oat boot.vdex
+LIBART_TARGET_BOOT_ART_EXTRA_FILES := $(foreach jar,$(wordlist 2,999,$(LIBART_TARGET_BOOT_JARS)),boot-$(jar).art boot-$(jar).art.rel boot-$(jar).oat boot-$(jar).vdex)
+LIBART_TARGET_BOOT_ART_EXTRA_FILES += boot.art.rel boot.oat boot.vdex
# If we use a boot image profile.
my_use_profile_for_boot_image := $(PRODUCT_USE_PROFILE_FOR_BOOT_IMAGE)
diff --git a/core/dex_preopt_libart_boot.mk b/core/dex_preopt_libart_boot.mk
index 8b71198..ad8f18d 100644
--- a/core/dex_preopt_libart_boot.mk
+++ b/core/dex_preopt_libart_boot.mk
@@ -73,14 +73,16 @@
$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME): PRIVATE_BOOT_IMAGE_FLAGS := $(my_boot_image_flags)
$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME): PRIVATE_2ND_ARCH_VAR_PREFIX := $(my_2nd_arch_prefix)
+$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME): PRIVATE_IMAGE_LOCATION := $($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_LOCATION)
# Use dex2oat debug version for better error reporting
-$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME) : $(LIBART_TARGET_BOOT_DEX_FILES) $(PRELOADED_CLASSES) $(COMPILED_CLASSES) $(DIRTY_IMAGE_OBJECTS) $(DEX2OAT_DEPENDENCY) $(my_out_boot_image_profile_location)
+$($(my_2nd_arch_prefix)DEFAULT_DEX_PREOPT_BUILT_IMAGE_FILENAME) : $(LIBART_TARGET_BOOT_DEX_FILES) $(PRELOADED_CLASSES) $(COMPILED_CLASSES) $(DIRTY_IMAGE_OBJECTS) $(DEX2OAT_DEPENDENCY) $(PATCHOAT_DEPENDENCY) $(my_out_boot_image_profile_location)
@echo "target dex2oat: $@"
@mkdir -p $(dir $@)
@mkdir -p $(dir $($(PRIVATE_2ND_ARCH_VAR_PREFIX)LIBART_TARGET_BOOT_OAT_UNSTRIPPED))
- @rm -f $(dir $@)/*.art $(dir $@)/*.oat
+ @rm -f $(dir $@)/*.art $(dir $@)/*.oat $(dir $@)/*.art.rel
@rm -f $(dir $($(PRIVATE_2ND_ARCH_VAR_PREFIX)LIBART_TARGET_BOOT_OAT_UNSTRIPPED))/*.art
@rm -f $(dir $($(PRIVATE_2ND_ARCH_VAR_PREFIX)LIBART_TARGET_BOOT_OAT_UNSTRIPPED))/*.oat
+ @rm -f $(dir $($(PRIVATE_2ND_ARCH_VAR_PREFIX)LIBART_TARGET_BOOT_OAT_UNSTRIPPED))/*.art.rel
$(hide) ANDROID_LOG_TAGS="*:e" $(DEX2OAT) --runtime-arg -Xms$(DEX2OAT_IMAGE_XMS) \
--runtime-arg -Xmx$(DEX2OAT_IMAGE_XMX) \
$(PRIVATE_BOOT_IMAGE_FLAGS) \
@@ -99,6 +101,11 @@
--multi-image --no-inline-from=core-oj.jar \
--abort-on-hard-verifier-error \
--abort-on-soft-verifier-error \
- $(PRODUCT_DEX_PREOPT_BOOT_FLAGS) $(GLOBAL_DEXPREOPT_FLAGS) $(ART_BOOT_IMAGE_EXTRA_ARGS)
+ $(PRODUCT_DEX_PREOPT_BOOT_FLAGS) $(GLOBAL_DEXPREOPT_FLAGS) $(ART_BOOT_IMAGE_EXTRA_ARGS) && \
+ ANDROID_ROOT=$(PRODUCT_OUT)/system ANDROID_DATA=$(dir $@) $(PATCHOAT) \
+ --input-image-location=$(PRIVATE_IMAGE_LOCATION) \
+ --output-image-relocation-file=$@.rel \
+ --instruction-set=$($(PRIVATE_2ND_ARCH_VAR_PREFIX)DEX2OAT_TARGET_ARCH) \
+ --base-offset-delta=0x10000000
endif
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index 93824c3..e337279 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -1,6 +1,20 @@
# dexpreopt_odex_install.mk is used to define odex creation rules for JARs and APKs
# This file depends on variables set in base_rules.mk
-# Output variables: LOCAL_DEX_PREOPT, built_odex, dexpreopt_boot_jar_module
+# Output variables: LOCAL_DEX_PREOPT, LOCAL_UNCOMPRESS_DEX, built_odex,
+# dexpreopt_boot_jar_module
+
+# We explicitly uncompress APKs of privileged apps, and used by
+# privileged apps
+LOCAL_UNCOMPRESS_DEX := false
+ifneq (true,$(DONT_UNCOMPRESS_PRIV_APPS_DEXS))
+ifeq (true,$(LOCAL_PRIVILEGED_MODULE))
+ LOCAL_UNCOMPRESS_DEX := true
+else
+ ifneq (,$(filter $(PRODUCT_LOADED_BY_PRIVILEGED_MODULES), $(LOCAL_MODULE)))
+ LOCAL_UNCOMPRESS_DEX := true
+ endif # PRODUCT_LOADED_BY_PRIVILEGED_MODULES
+endif # LOCAL_PRIVILEGED_MODULE
+endif # DONT_UNCOMPRESS_PRIV_APPS_DEXS
# Setting LOCAL_DEX_PREOPT based on WITH_DEXPREOPT, LOCAL_DEX_PREOPT, etc
LOCAL_DEX_PREOPT := $(strip $(LOCAL_DEX_PREOPT))
@@ -46,14 +60,27 @@
endif
endif
-# if installing into system, and odex are being installed into system_other, don't strip
-ifeq ($(BOARD_USES_SYSTEM_OTHER_ODEX),true)
ifeq ($(LOCAL_DEX_PREOPT),true)
+
+# Don't strip with dexes we explicitly uncompress (dexopt will not store the dex code).
+ifeq ($(LOCAL_UNCOMPRESS_DEX),true)
+LOCAL_DEX_PREOPT := nostripping
+endif # LOCAL_UNCOMPRESS_DEX
+
+# system_other isn't there for an OTA, so don't strip
+# if module is on system, and odex is on system_other.
+ifeq ($(BOARD_USES_SYSTEM_OTHER_ODEX),true)
ifneq ($(call install-on-system-other, $(my_module_path)),)
LOCAL_DEX_PREOPT := nostripping
-endif
-endif
-endif
+endif # install-on-system-other
+endif # BOARD_USES_SYSTEM_OTHER_ODEX
+
+# We also don't strip if all dexs are uncompressed (dexopt will not store the dex code),
+# but that requires to inspect the source file, which is too early at this point (as we
+# don't know if the source file will actually be used).
+# See dexpreopt-remove-classes.dex.
+
+endif # LOCAL_DEX_PREOPT
built_odex :=
built_vdex :=
diff --git a/core/java_common.mk b/core/java_common.mk
index cfc9d7f..436f3a3 100644
--- a/core/java_common.mk
+++ b/core/java_common.mk
@@ -359,6 +359,7 @@
$(LOCAL_INTERMEDIATE_TARGETS): PRIVATE_BOOTCLASSPATH := $(full_java_bootclasspath_libs)
$(LOCAL_INTERMEDIATE_TARGETS): PRIVATE_EMPTY_BOOTCLASSPATH := $(empty_bootclasspath)
$(LOCAL_INTERMEDIATE_TARGETS): PRIVATE_SYSTEM_MODULES := $(my_system_modules_dir)
+$(LOCAL_INTERMEDIATE_TARGETS): PRIVATE_PATCH_MODULE := $(LOCAL_PATCH_MODULE)
ifndef LOCAL_IS_HOST_MODULE
# This is set by packages that are linking to other packages that export
diff --git a/core/java_library.mk b/core/java_library.mk
index 8cf0074..1b914f5 100644
--- a/core/java_library.mk
+++ b/core/java_library.mk
@@ -72,10 +72,10 @@
$(call add-dex-to-package-arg,$@.tmp)
$(hide) $(ZIPTIME) $@.tmp
$(call commit-change-for-toc,$@)
-ifneq (,$(filter $(PRODUCT_LOADED_BY_PRIVILEGED_MODULES), $(LOCAL_MODULE)))
+ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
$(uncompress-dexs)
$(align-package)
-endif # PRODUCT_LOADED_BY_PRIVILEGED_MODULES
+endif # LOCAL_UNCOMPRESS_DEX
.KATI_RESTAT: $(common_javalib.jar)
diff --git a/core/main.mk b/core/main.mk
index fe178da..93c8d3b 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -205,6 +205,14 @@
variables like PRODUCT_SEPOLICY_SPLIT should be used until that is \
possible.)
+# Sets ro.actionable_compatible_property.enabled to know on runtime whether the whitelist
+# of actionable compatible properties is enabled or not.
+ifeq ($(PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE),true)
+ADDITIONAL_DEFAULT_PROPERTIES += ro.actionable_compatible_property.enabled=false
+else
+ADDITIONAL_DEFAULT_PROPERTIES += ro.actionable_compatible_property.enabled=${PRODUCT_COMPATIBLE_PROPERTY}
+endif
+
# -----------------------------------------------------------------
###
### In this section we set up the things that are different
diff --git a/core/package_internal.mk b/core/package_internal.mk
index e153a8a..cdc4958 100644
--- a/core/package_internal.mk
+++ b/core/package_internal.mk
@@ -580,7 +580,7 @@
else
$(LOCAL_BUILT_MODULE): PRIVATE_RESOURCE_LIST := $(all_res_assets)
$(LOCAL_BUILT_MODULE) : $(all_res_assets) $(full_android_manifest) $(AAPT) $(ZIPALIGN)
-endif
+endif # LOCAL_USE_AAPT2
ifdef LOCAL_COMPRESSED_MODULE
$(LOCAL_BUILT_MODULE) : $(MINIGZIP)
endif
@@ -605,24 +605,19 @@
$(call add-jar-resources-to-package,$@,$(PRIVATE_FULL_CLASSES_JAR),$(PRIVATE_RESOURCE_INTERMEDIATES_DIR))
endif
endif # full_classes_jar
+ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
+ @# No need to align, sign-package below will do it.
+ $(uncompress-dexs)
+endif
ifdef LOCAL_DEX_PREOPT
ifneq ($(BUILD_PLATFORM_ZIP),)
@# Keep a copy of apk with classes.dex unstripped
$(hide) cp -f $@ $(dir $@)package.dex.apk
endif # BUILD_PLATFORM_ZIP
-ifneq (true,$(DONT_UNCOMPRESS_PRIV_APPS_DEXS))
-ifeq (true,$(LOCAL_PRIVILEGED_MODULE))
- @# No need to align, sign-package below will do it.
- $(uncompress-dexs)
-endif # LOCAL_PRIVILEGED_MODULE
-endif # DONT_UNCOMPRESS_PRIV_APPS_DEXS
ifneq (nostripping,$(LOCAL_DEX_PREOPT))
$(call dexpreopt-remove-classes.dex,$@)
endif
-endif
-ifneq (,$(filter $(PRODUCT_LOADED_BY_PRIVILEGED_MODULES), $(LOCAL_MODULE)))
- $(uncompress-dexs)
-endif # PRODUCT_LOADED_BY_PRIVILEGED_MODULES
+endif # LOCAL_DEX_PREOPT
$(sign-package)
ifdef LOCAL_COMPRESSED_MODULE
$(compress-package)
@@ -646,6 +641,10 @@
$(built_odex) : $(dir $(LOCAL_BUILT_MODULE))% : $(built_dex)
$(hide) mkdir -p $(dir $@) && rm -f $@
$(add-dex-to-package)
+ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
+ $(uncompress-dexs)
+ $(align-package)
+endif
$(hide) mv $@ $@.input
$(call dexpreopt-one-file,$@.input,$@)
$(hide) rm $@.input
diff --git a/core/prebuilt_internal.mk b/core/prebuilt_internal.mk
index d934338..c7caf12 100644
--- a/core/prebuilt_internal.mk
+++ b/core/prebuilt_internal.mk
@@ -390,15 +390,9 @@
$(built_module) : $(my_prebuilt_src_file) | $(ZIPALIGN) $(SIGNAPK_JAR)
$(transform-prebuilt-to-target)
$(uncompress-shared-libs)
-ifneq (true,$(DONT_UNCOMPRESS_PRIV_APPS_DEXS))
-ifeq (true,$(LOCAL_PRIVILEGED_MODULE))
+ifeq (true, $(LOCAL_UNCOMPRESS_DEX))
$(uncompress-dexs)
-else
- ifneq (,$(filter $(PRODUCT_LOADED_BY_PRIVILEGED_MODULES), $(LOCAL_MODULE)))
- $(uncompress-dexs)
- endif # PRODUCT_LOADED_BY_PRIVILEGED_MODULES
-endif # LOCAL_PRIVILEGED_MODULE
-endif # DONT_UNCOMPRESS_PRIV_APPS_DEXS
+endif # LOCAL_UNCOMPRESS_DEX
ifdef LOCAL_DEX_PREOPT
ifneq ($(BUILD_PLATFORM_ZIP),)
@# Keep a copy of apk with classes.dex unstripped
diff --git a/core/product.mk b/core/product.mk
index f15f6b3..77f78a6 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -149,6 +149,8 @@
PRODUCT_ADB_KEYS \
PRODUCT_CFI_INCLUDE_PATHS \
PRODUCT_CFI_EXCLUDE_PATHS \
+ PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE \
+ PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE \
define dump-product
$(info ==== $(1) ====)\
diff --git a/core/product_config.mk b/core/product_config.mk
index 5b0e257..2cd8016 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -484,3 +484,11 @@
# which Soong namespaces to export to Make
PRODUCT_SOONG_NAMESPACES :=
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SOONG_NAMESPACES))
+
+# A flag to override PRODUCT_COMPATIBLE_PROPERTY
+PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE := \
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE))
+
+# Whether the whitelist of actionable compatible properties should be disabled or not
+PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE := \
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_ACTIONABLE_COMPATIBLE_PROPERTY_DISABLE))
diff --git a/target/board/Android.mk b/target/board/Android.mk
index 3768ece..1c9edb8 100644
--- a/target/board/Android.mk
+++ b/target/board/Android.mk
@@ -37,7 +37,7 @@
LOCAL_MODULE := device_manifest.xml
LOCAL_MODULE_STEM := manifest.xml
LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/vintf
GEN := $(local-generated-sources-dir)/manifest.xml
$(GEN): PRIVATE_DEVICE_MANIFEST_FILE := $(DEVICE_MANIFEST_FILE)
@@ -66,7 +66,7 @@
LOCAL_MODULE := device_compatibility_matrix.xml
LOCAL_MODULE_STEM := compatibility_matrix.xml
LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/vintf
GEN := $(local-generated-sources-dir)/compatibility_matrix.xml
@@ -85,7 +85,7 @@
LOCAL_MODULE := framework_manifest.xml
LOCAL_MODULE_STEM := manifest.xml
LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT)
+LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/vintf
GEN := $(local-generated-sources-dir)/manifest.xml
diff --git a/target/board/generic_arm64_a/BoardConfig.mk b/target/board/generic_arm64_a/BoardConfig.mk
index 8f4043f..34a8ac0 100644
--- a/target/board/generic_arm64_a/BoardConfig.mk
+++ b/target/board/generic_arm64_a/BoardConfig.mk
@@ -23,7 +23,7 @@
TARGET_CPU_VARIANT := generic
TARGET_2ND_ARCH := arm
-TARGET_2ND_ARCH_VARIANT := armv7-a-neon
+TARGET_2ND_ARCH_VARIANT := armv8-a
TARGET_2ND_CPU_ABI := armeabi-v7a
TARGET_2ND_CPU_ABI2 := armeabi
-TARGET_2ND_CPU_VARIANT := cortex-a15
+TARGET_2ND_CPU_VARIANT := generic
diff --git a/target/board/generic_arm64_ab/BoardConfig.mk b/target/board/generic_arm64_ab/BoardConfig.mk
index e0d7372..00afee6 100644
--- a/target/board/generic_arm64_ab/BoardConfig.mk
+++ b/target/board/generic_arm64_ab/BoardConfig.mk
@@ -23,10 +23,10 @@
TARGET_CPU_VARIANT := generic
TARGET_2ND_ARCH := arm
-TARGET_2ND_ARCH_VARIANT := armv7-a-neon
+TARGET_2ND_ARCH_VARIANT := armv8-a
TARGET_2ND_CPU_ABI := armeabi-v7a
TARGET_2ND_CPU_ABI2 := armeabi
-TARGET_2ND_CPU_VARIANT := cortex-a15
+TARGET_2ND_CPU_VARIANT := generic
# Enable A/B update
TARGET_NO_RECOVERY := true
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index f8fb88f..a73a31b 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -11,6 +11,10 @@
TARGET_ARCH_VARIANT := x86
TARGET_PRELINK_MODULE := false
+#emulator now uses 64bit kernel to run 32bit x86 image
+#
+TARGET_USES_64_BIT_BINDER := true
+
# The IA emulator (qemu) uses the Goldfish devices
HAVE_HTC_AUDIO_DRIVER := true
BOARD_USES_GENERIC_AUDIO := true
diff --git a/target/product/aosp_x86.mk b/target/product/aosp_x86.mk
index 03203ce..811c330 100644
--- a/target/product/aosp_x86.mk
+++ b/target/product/aosp_x86.mk
@@ -24,7 +24,7 @@
PRODUCT_COPY_FILES += \
development/sys-img/advancedFeatures.ini:advancedFeatures.ini \
device/generic/goldfish/data/etc/encryptionkey.img:encryptionkey.img \
- prebuilts/qemu-kernel/x86/3.18/kernel-qemu2:kernel-ranchu
+ prebuilts/qemu-kernel/x86_64/3.18/kernel-qemu2:kernel-ranchu-64
include $(SRC_TARGET_DIR)/product/full_x86.mk
diff --git a/target/product/core_minimal.mk b/target/product/core_minimal.mk
index b252349..16599cb 100644
--- a/target/product/core_minimal.mk
+++ b/target/product/core_minimal.mk
@@ -85,6 +85,7 @@
telephony-common \
uiautomator \
uncrypt \
+ vndk_snapshot_package \
voip-common \
webview \
webview_zygote \
diff --git a/target/product/sdk_phone_x86.mk b/target/product/sdk_phone_x86.mk
index 1e82773..b9820d3 100644
--- a/target/product/sdk_phone_x86.mk
+++ b/target/product/sdk_phone_x86.mk
@@ -24,7 +24,7 @@
PRODUCT_COPY_FILES += \
development/sys-img/advancedFeatures.ini:advancedFeatures.ini \
device/generic/goldfish/data/etc/encryptionkey.img:encryptionkey.img \
- prebuilts/qemu-kernel/x86/3.18/kernel-qemu2:kernel-ranchu
+ prebuilts/qemu-kernel/x86_64/3.18/kernel-qemu2:kernel-ranchu-64
$(call inherit-product, $(SRC_TARGET_DIR)/product/sdk_base.mk)
diff --git a/target/product/vndk/Android.mk b/target/product/vndk/Android.mk
index a134d02..93aaf37 100644
--- a/target/product/vndk/Android.mk
+++ b/target/product/vndk/Android.mk
@@ -77,26 +77,19 @@
@chmod a+x $@
include $(CLEAR_VARS)
-LOCAL_MODULE := vndk_current
+LOCAL_MODULE := vndk_package
LOCAL_REQUIRED_MODULES := \
$(addsuffix .vendor,$(VNDK_CORE_LIBRARIES)) \
$(addsuffix .vendor,$(VNDK_SAMEPROCESS_LIBRARIES)) \
$(LLNDK_LIBRARIES) \
llndk.libraries.txt \
vndksp.libraries.txt
-
include $(BUILD_PHONY_PACKAGE)
include $(CLEAR_VARS)
-LOCAL_MODULE := vndk_package
-ifeq (current,$(BOARD_VNDK_VERSION))
+LOCAL_MODULE := vndk_snapshot_package
LOCAL_REQUIRED_MODULES := \
- vndk_current
-else
-LOCAL_REQUIRED_MODULES := \
- vndk_v$(BOARD_VNDK_VERSION)_$(TARGET_ARCH)
-endif
-LOCAL_REQUIRED_MODULES += \
$(foreach vndk_ver,$(PRODUCT_EXTRA_VNDK_VERSIONS),vndk_v$(vndk_ver)_$(TARGET_ARCH))
include $(BUILD_PHONY_PACKAGE)
+
endif # BOARD_VNDK_VERSION is set
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 9601d88..a9863bc 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -52,7 +52,6 @@
import shutil
import subprocess
import sys
-import tempfile
import uuid
import zipfile
@@ -75,6 +74,10 @@
OPTIONS.is_signing = False
+# Partitions that should have their care_map added to META/care_map.txt.
+PARTITIONS_WITH_CARE_MAP = ('system', 'vendor')
+
+
class OutputFile(object):
def __init__(self, output_zip, input_dir, prefix, name):
self._output_zip = output_zip
@@ -94,13 +97,10 @@
def GetCareMap(which, imgname):
- """Generate care_map of system (or vendor) partition"""
-
- assert which in ("system", "vendor")
+ """Generates the care_map for the given partition."""
+ assert which in PARTITIONS_WITH_CARE_MAP
simg = sparse_img.SparseImage(imgname)
- care_map_list = [which]
-
care_map_ranges = simg.care_map
key = which + "_adjusted_partition_size"
adjusted_blocks = OPTIONS.info_dict.get(key)
@@ -109,8 +109,7 @@
care_map_ranges = care_map_ranges.intersect(rangelib.RangeSet(
"0-%d" % (adjusted_blocks,)))
- care_map_list.append(care_map_ranges.to_string_raw())
- return care_map_list
+ return [which, care_map_ranges.to_string_raw()]
def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None):
@@ -462,6 +461,126 @@
img.Write()
+def AddRadioImagesForAbOta(output_zip, ab_partitions):
+ """Adds the radio images needed for A/B OTA to the output file.
+
+ It parses the list of A/B partitions, looks for the missing ones from RADIO/
+ or VENDOR_IMAGES/ dirs, and copies them to IMAGES/ of the output file (or
+ dir).
+
+ It also ensures that on returning from the function all the listed A/B
+ partitions must have their images available under IMAGES/.
+
+ Args:
+ output_zip: The output zip file (needs to be already open), or None to
+ write images to OPTIONS.input_tmp/.
+ ab_partitions: The list of A/B partitions.
+
+ Raises:
+ AssertionError: If it can't find an image.
+ """
+ for partition in ab_partitions:
+ img_name = partition.strip() + ".img"
+ prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
+ if os.path.exists(prebuilt_path):
+ print("%s already exists, no need to overwrite..." % (img_name,))
+ continue
+
+ img_radio_path = os.path.join(OPTIONS.input_tmp, "RADIO", img_name)
+ if os.path.exists(img_radio_path):
+ if output_zip:
+ common.ZipWrite(output_zip, img_radio_path, "IMAGES/" + img_name)
+ else:
+ shutil.copy(img_radio_path, prebuilt_path)
+ continue
+
+ # Walk through VENDOR_IMAGES/ since files could be under subdirs.
+ img_vendor_dir = os.path.join(OPTIONS.input_tmp, "VENDOR_IMAGES")
+ for root, _, files in os.walk(img_vendor_dir):
+ if img_name in files:
+ if output_zip:
+ common.ZipWrite(output_zip, os.path.join(root, img_name),
+ "IMAGES/" + img_name)
+ else:
+ shutil.copy(os.path.join(root, img_name), prebuilt_path)
+ break
+
+ # Assert that the image is present under IMAGES/ now.
+ if output_zip:
+ # Zip spec says: All slashes MUST be forward slashes.
+ img_path = 'IMAGES/' + img_name
+ assert img_path in output_zip.namelist(), "cannot find " + img_name
+ else:
+ img_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
+ assert os.path.exists(img_path), "cannot find " + img_name
+
+
+def AddCareMapTxtForAbOta(output_zip, ab_partitions, image_paths):
+ """Generates and adds care_map.txt for system and vendor partitions.
+
+ Args:
+ output_zip: The output zip file (needs to be already open), or None to
+ write images to OPTIONS.input_tmp/.
+ ab_partitions: The list of A/B partitions.
+ image_paths: A map from the partition name to the image path.
+ """
+ care_map_list = []
+ for partition in ab_partitions:
+ partition = partition.strip()
+ if partition not in PARTITIONS_WITH_CARE_MAP:
+ continue
+
+ verity_block_device = "{}_verity_block_device".format(partition)
+ avb_hashtree_enable = "avb_{}_hashtree_enable".format(partition)
+ if (verity_block_device in OPTIONS.info_dict or
+ OPTIONS.info_dict.get(avb_hashtree_enable) == "true"):
+ image_path = image_paths[partition]
+ assert os.path.exists(image_path)
+ care_map_list += GetCareMap(partition, image_path)
+
+ if care_map_list:
+ care_map_path = "META/care_map.txt"
+ if output_zip and care_map_path not in output_zip.namelist():
+ common.ZipWriteStr(output_zip, care_map_path, '\n'.join(care_map_list))
+ else:
+ with open(os.path.join(OPTIONS.input_tmp, care_map_path), 'w') as fp:
+ fp.write('\n'.join(care_map_list))
+ if output_zip:
+ OPTIONS.replace_updated_files_list.append(care_map_path)
+
+
+def AddPackRadioImages(output_zip, images):
+ """Copies images listed in META/pack_radioimages.txt from RADIO/ to IMAGES/.
+
+ Args:
+ output_zip: The output zip file (needs to be already open), or None to
+ write images to OPTIONS.input_tmp/.
+ images: A list of image names.
+
+ Raises:
+ AssertionError: If a listed image can't be found.
+ """
+ for image in images:
+ img_name = image.strip()
+ _, ext = os.path.splitext(img_name)
+ if not ext:
+ img_name += ".img"
+
+ prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
+ if os.path.exists(prebuilt_path):
+ print("%s already exists, no need to overwrite..." % (img_name,))
+ continue
+
+ img_radio_path = os.path.join(OPTIONS.input_tmp, "RADIO", img_name)
+ assert os.path.exists(img_radio_path), \
+ "Failed to find %s at %s" % (img_name, img_radio_path)
+
+ if output_zip:
+ common.ZipWrite(output_zip, img_radio_path, "IMAGES/" + img_name)
+ else:
+ shutil.copy(img_radio_path, prebuilt_path)
+
+
def ReplaceUpdatedFiles(zip_filename, files_list):
"""Updates all the ZIP entries listed in files_list.
@@ -589,12 +708,12 @@
recovery_two_step_image.AddToZip(output_zip)
banner("system")
- partitions['system'] = system_img_path = AddSystem(
+ partitions['system'] = AddSystem(
output_zip, recovery_img=recovery_image, boot_img=boot_image)
if has_vendor:
banner("vendor")
- partitions['vendor'] = vendor_img_path = AddVendor(output_zip)
+ partitions['vendor'] = AddVendor(output_zip)
if has_system_other:
banner("system_other")
@@ -618,95 +737,28 @@
banner("vbmeta")
AddVBMeta(output_zip, partitions)
- # For devices using A/B update, copy over images from RADIO/ and/or
- # VENDOR_IMAGES/ to IMAGES/ and make sure we have all the needed
- # images ready under IMAGES/. All images should have '.img' as extension.
banner("radio")
- ab_partitions = os.path.join(OPTIONS.input_tmp, "META", "ab_partitions.txt")
- if os.path.exists(ab_partitions):
- with open(ab_partitions, 'r') as f:
- lines = f.readlines()
- # For devices using A/B update, generate care_map for system and vendor
- # partitions (if present), then write this file to target_files package.
- care_map_list = []
- for line in lines:
- if line.strip() == "system" and (
- "system_verity_block_device" in OPTIONS.info_dict or
- OPTIONS.info_dict.get("avb_system_hashtree_enable") == "true"):
- assert os.path.exists(system_img_path)
- care_map_list += GetCareMap("system", system_img_path)
- if line.strip() == "vendor" and (
- "vendor_verity_block_device" in OPTIONS.info_dict or
- OPTIONS.info_dict.get("avb_vendor_hashtree_enable") == "true"):
- assert os.path.exists(vendor_img_path)
- care_map_list += GetCareMap("vendor", vendor_img_path)
+ ab_partitions_txt = os.path.join(OPTIONS.input_tmp, "META",
+ "ab_partitions.txt")
+ if os.path.exists(ab_partitions_txt):
+ with open(ab_partitions_txt, 'r') as f:
+ ab_partitions = f.readlines()
- img_name = line.strip() + ".img"
- prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
- if os.path.exists(prebuilt_path):
- print("%s already exists, no need to overwrite..." % (img_name,))
- continue
+ # For devices using A/B update, copy over images from RADIO/ and/or
+ # VENDOR_IMAGES/ to IMAGES/ and make sure we have all the needed
+ # images ready under IMAGES/. All images should have '.img' as extension.
+ AddRadioImagesForAbOta(output_zip, ab_partitions)
- img_radio_path = os.path.join(OPTIONS.input_tmp, "RADIO", img_name)
- if os.path.exists(img_radio_path):
- if output_zip:
- common.ZipWrite(output_zip, img_radio_path,
- os.path.join("IMAGES", img_name))
- else:
- shutil.copy(img_radio_path, prebuilt_path)
- else:
- img_vendor_dir = os.path.join(OPTIONS.input_tmp, "VENDOR_IMAGES")
- for root, _, files in os.walk(img_vendor_dir):
- if img_name in files:
- if output_zip:
- common.ZipWrite(output_zip, os.path.join(root, img_name),
- os.path.join("IMAGES", img_name))
- else:
- shutil.copy(os.path.join(root, img_name), prebuilt_path)
- break
-
- if output_zip:
- # Zip spec says: All slashes MUST be forward slashes.
- img_path = 'IMAGES/' + img_name
- assert img_path in output_zip.namelist(), "cannot find " + img_name
- else:
- img_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
- assert os.path.exists(img_path), "cannot find " + img_name
-
- if care_map_list:
- care_map_path = "META/care_map.txt"
- if output_zip and care_map_path not in output_zip.namelist():
- common.ZipWriteStr(output_zip, care_map_path, '\n'.join(care_map_list))
- else:
- with open(os.path.join(OPTIONS.input_tmp, care_map_path), 'w') as fp:
- fp.write('\n'.join(care_map_list))
- if output_zip:
- OPTIONS.replace_updated_files_list.append(care_map_path)
+ # Generate care_map.txt for system and vendor partitions (if present), then
+ # write this file to target_files package.
+ AddCareMapTxtForAbOta(output_zip, ab_partitions, partitions)
# Radio images that need to be packed into IMAGES/, and product-img.zip.
- pack_radioimages = os.path.join(
+ pack_radioimages_txt = os.path.join(
OPTIONS.input_tmp, "META", "pack_radioimages.txt")
- if os.path.exists(pack_radioimages):
- with open(pack_radioimages, 'r') as f:
- lines = f.readlines()
- for line in lines:
- img_name = line.strip()
- _, ext = os.path.splitext(img_name)
- if not ext:
- img_name += ".img"
- prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
- if os.path.exists(prebuilt_path):
- print("%s already exists, no need to overwrite..." % (img_name,))
- continue
-
- img_radio_path = os.path.join(OPTIONS.input_tmp, "RADIO", img_name)
- assert os.path.exists(img_radio_path), \
- "Failed to find %s at %s" % (img_name, img_radio_path)
- if output_zip:
- common.ZipWrite(output_zip, img_radio_path,
- os.path.join("IMAGES", img_name))
- else:
- shutil.copy(img_radio_path, prebuilt_path)
+ if os.path.exists(pack_radioimages_txt):
+ with open(pack_radioimages_txt, 'r') as f:
+ AddPackRadioImages(output_zip, f.readlines())
if output_zip:
common.ZipClose(output_zip)
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index ed60188..1f5caf3 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -325,8 +325,10 @@
else:
return True, unsparse_image_path
inflate_command = ["simg2img", sparse_image_path, unsparse_image_path]
- (_, exit_code) = RunCommand(inflate_command)
+ (inflate_output, exit_code) = RunCommand(inflate_command)
if exit_code != 0:
+ print("Error: '%s' failed with exit code %d:\n%s" % (
+ inflate_command, exit_code, inflate_output))
os.remove(unsparse_image_path)
return False, None
return True, unsparse_image_path
@@ -569,12 +571,12 @@
build_command.extend(["-c", prop_dict["selinux_fc"]])
if "block_list" in prop_dict:
build_command.extend(["-B", prop_dict["block_list"]])
+ if "squashfs_block_size" in prop_dict:
+ build_command.extend(["-b", prop_dict["squashfs_block_size"]])
if "squashfs_compressor" in prop_dict:
build_command.extend(["-z", prop_dict["squashfs_compressor"]])
if "squashfs_compressor_opt" in prop_dict:
build_command.extend(["-zo", prop_dict["squashfs_compressor_opt"]])
- if "squashfs_block_size" in prop_dict:
- build_command.extend(["-b", prop_dict["squashfs_block_size"]])
if prop_dict.get("squashfs_disable_4k_align") == "true":
build_command.extend(["-a"])
elif fs_type.startswith("f2fs"):
@@ -607,7 +609,8 @@
(mkfs_output, exit_code) = RunCommand(build_command)
if exit_code != 0:
- print("Error: '%s' failed with exit code %d" % (build_command, exit_code))
+ print("Error: '%s' failed with exit code %d:\n%s" % (
+ build_command, exit_code, mkfs_output))
return False
# Check if there's enough headroom space available for ext4 image.
@@ -654,13 +657,13 @@
# Run e2fsck on the inflated image file
e2fsck_command = ["e2fsck", "-f", "-n", unsparse_image]
- (_, exit_code) = RunCommand(e2fsck_command)
+ (e2fsck_output, exit_code) = RunCommand(e2fsck_command)
os.remove(unsparse_image)
if exit_code != 0:
- print("Error: '%s' failed with exit code %d" % (e2fsck_command,
- exit_code))
+ print("Error: '%s' failed with exit code %d:\n%s" % (
+ e2fsck_command, exit_code, e2fsck_output))
return False
return True
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index d6c50dc..95b7303 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -310,6 +310,56 @@
script.AssertOemProperty(prop, values, oem_no_mount)
+class PayloadSigner(object):
+ """A class that wraps the payload signing works.
+
+ When generating a Payload, hashes of the payload and metadata files will be
+ signed with the device key, either by calling an external payload signer or
+ by calling openssl with the package key. This class provides a unified
+ interface, so that callers can just call PayloadSigner.Sign().
+
+ If an external payload signer has been specified (OPTIONS.payload_signer), it
+ calls the signer with the provided args (OPTIONS.payload_signer_args). Note
+ that the signing key should be provided as part of the payload_signer_args.
+ Otherwise without an external signer, it uses the package key
+ (OPTIONS.package_key) and calls openssl for the signing works.
+ """
+
+ def __init__(self):
+ if OPTIONS.payload_signer is None:
+ # Prepare the payload signing key.
+ private_key = OPTIONS.package_key + OPTIONS.private_key_suffix
+ pw = OPTIONS.key_passwords[OPTIONS.package_key]
+
+ cmd = ["openssl", "pkcs8", "-in", private_key, "-inform", "DER"]
+ cmd.extend(["-passin", "pass:" + pw] if pw else ["-nocrypt"])
+ signing_key = common.MakeTempFile(prefix="key-", suffix=".key")
+ cmd.extend(["-out", signing_key])
+
+ get_signing_key = common.Run(cmd, verbose=False, stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
+ stdoutdata, _ = get_signing_key.communicate()
+ assert get_signing_key.returncode == 0, \
+ "Failed to get signing key: {}".format(stdoutdata)
+
+ self.signer = "openssl"
+ self.signer_args = ["pkeyutl", "-sign", "-inkey", signing_key,
+ "-pkeyopt", "digest:sha256"]
+ else:
+ self.signer = OPTIONS.payload_signer
+ self.signer_args = OPTIONS.payload_signer_args
+
+ def Sign(self, in_file):
+ """Signs the given input file. Returns the output filename."""
+ out_file = common.MakeTempFile(prefix="signed-", suffix=".bin")
+ cmd = [self.signer] + self.signer_args + ['-in', in_file, '-out', out_file]
+ signing = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ stdoutdata, _ = signing.communicate()
+ assert signing.returncode == 0, \
+ "Failed to sign the input file: {}".format(stdoutdata)
+ return out_file
+
+
def SignOutput(temp_zip_name, output_zip_name):
pw = OPTIONS.key_passwords[OPTIONS.package_key]
@@ -1076,20 +1126,8 @@
# The place where the output from the subprocess should go.
log_file = sys.stdout if OPTIONS.verbose else subprocess.PIPE
- # A/B updater expects a signing key in RSA format. Gets the key ready for
- # later use in step 3, unless a payload_signer has been specified.
- if OPTIONS.payload_signer is None:
- cmd = ["openssl", "pkcs8",
- "-in", OPTIONS.package_key + OPTIONS.private_key_suffix,
- "-inform", "DER"]
- pw = OPTIONS.key_passwords[OPTIONS.package_key]
- cmd.extend(["-passin", "pass:" + pw] if pw else ["-nocrypt"])
- rsa_key = common.MakeTempFile(prefix="key-", suffix=".key")
- cmd.extend(["-out", rsa_key])
- p1 = common.Run(cmd, verbose=False, stdout=log_file,
- stderr=subprocess.STDOUT)
- p1.communicate()
- assert p1.returncode == 0, "openssl pkcs8 failed"
+ # Get the PayloadSigner to be used in step 3.
+ payload_signer = PayloadSigner()
# Stage the output zip package for package signing.
temp_zip_file = tempfile.NamedTemporaryFile()
@@ -1130,37 +1168,11 @@
assert p1.returncode == 0, "brillo_update_payload hash failed"
# 3. Sign the hashes and insert them back into the payload file.
- signed_payload_sig_file = common.MakeTempFile(prefix="signed-sig-",
- suffix=".bin")
- signed_metadata_sig_file = common.MakeTempFile(prefix="signed-sig-",
- suffix=".bin")
# 3a. Sign the payload hash.
- if OPTIONS.payload_signer is not None:
- cmd = [OPTIONS.payload_signer]
- cmd.extend(OPTIONS.payload_signer_args)
- else:
- cmd = ["openssl", "pkeyutl", "-sign",
- "-inkey", rsa_key,
- "-pkeyopt", "digest:sha256"]
- cmd.extend(["-in", payload_sig_file,
- "-out", signed_payload_sig_file])
- p1 = common.Run(cmd, stdout=log_file, stderr=subprocess.STDOUT)
- p1.communicate()
- assert p1.returncode == 0, "openssl sign payload failed"
+ signed_payload_sig_file = payload_signer.Sign(payload_sig_file)
# 3b. Sign the metadata hash.
- if OPTIONS.payload_signer is not None:
- cmd = [OPTIONS.payload_signer]
- cmd.extend(OPTIONS.payload_signer_args)
- else:
- cmd = ["openssl", "pkeyutl", "-sign",
- "-inkey", rsa_key,
- "-pkeyopt", "digest:sha256"]
- cmd.extend(["-in", metadata_sig_file,
- "-out", signed_metadata_sig_file])
- p1 = common.Run(cmd, stdout=log_file, stderr=subprocess.STDOUT)
- p1.communicate()
- assert p1.returncode == 0, "openssl sign metadata failed"
+ signed_metadata_sig_file = payload_signer.Sign(metadata_sig_file)
# 3c. Insert the signatures back into the payload file.
signed_payload_file = common.MakeTempFile(prefix="signed-payload-",
@@ -1366,16 +1378,34 @@
assert not (OPTIONS.downgrade and OPTIONS.timestamp), \
"Cannot have --downgrade AND --override_timestamp both"
- # Load the dict file from the zip directly to have a peek at the OTA type.
- # For packages using A/B update, unzipping is not needed.
+ # Load the build info dicts from the zip directly or the extracted input
+ # directory. We don't need to unzip the entire target-files zips, because they
+ # won't be needed for A/B OTAs (brillo_update_payload does that on its own).
+ # When loading the info dicts, we don't need to provide the second parameter
+ # to common.LoadInfoDict(). Specifying the second parameter allows replacing
+ # some properties with their actual paths, such as 'selinux_fc',
+ # 'ramdisk_dir', which won't be used during OTA generation.
if OPTIONS.extracted_input is not None:
- OPTIONS.info_dict = common.LoadInfoDict(OPTIONS.extracted_input,
- OPTIONS.extracted_input)
+ OPTIONS.info_dict = common.LoadInfoDict(OPTIONS.extracted_input)
else:
- input_zip = zipfile.ZipFile(args[0], "r")
- OPTIONS.info_dict = common.LoadInfoDict(input_zip)
- common.ZipClose(input_zip)
+ with zipfile.ZipFile(args[0], 'r') as input_zip:
+ OPTIONS.info_dict = common.LoadInfoDict(input_zip)
+ if OPTIONS.verbose:
+ print("--- target info ---")
+ common.DumpInfoDict(OPTIONS.info_dict)
+
+ # Load the source build dict if applicable.
+ if OPTIONS.incremental_source is not None:
+ OPTIONS.target_info_dict = OPTIONS.info_dict
+ with zipfile.ZipFile(OPTIONS.incremental_source, 'r') as source_zip:
+ OPTIONS.source_info_dict = common.LoadInfoDict(source_zip)
+
+ if OPTIONS.verbose:
+ print("--- source info ---")
+ common.DumpInfoDict(OPTIONS.source_info_dict)
+
+ # Load OEM dicts if provided.
OPTIONS.oem_dicts = _LoadOemDicts(OPTIONS.oem_source)
ab_update = OPTIONS.info_dict.get("ab_update") == "true"
@@ -1392,20 +1422,6 @@
OPTIONS.key_passwords = common.GetKeyPasswords([OPTIONS.package_key])
if ab_update:
- if OPTIONS.incremental_source is not None:
- OPTIONS.target_info_dict = OPTIONS.info_dict
- source_zip = zipfile.ZipFile(OPTIONS.incremental_source, "r")
- OPTIONS.source_info_dict = common.LoadInfoDict(source_zip)
- common.ZipClose(source_zip)
-
- if OPTIONS.verbose:
- print("--- target info ---")
- common.DumpInfoDict(OPTIONS.info_dict)
-
- if OPTIONS.incremental_source is not None:
- print("--- source info ---")
- common.DumpInfoDict(OPTIONS.source_info_dict)
-
WriteABOTAPackageWithBrilloScript(
target_file=args[0],
output_file=args[1],
@@ -1414,49 +1430,45 @@
print("done.")
return
+ # Sanity check the loaded info dicts first.
+ if OPTIONS.info_dict.get("no_recovery") == "true":
+ raise common.ExternalError(
+ "--- target build has specified no recovery ---")
+
+ # Non-A/B OTAs rely on /cache partition to store temporary files.
+ cache_size = OPTIONS.info_dict.get("cache_size")
+ if cache_size is None:
+ print("--- can't determine the cache partition size ---")
+ OPTIONS.cache_size = cache_size
+
if OPTIONS.extra_script is not None:
OPTIONS.extra_script = open(OPTIONS.extra_script).read()
if OPTIONS.extracted_input is not None:
OPTIONS.input_tmp = OPTIONS.extracted_input
- OPTIONS.target_tmp = OPTIONS.input_tmp
- OPTIONS.info_dict = common.LoadInfoDict(OPTIONS.input_tmp,
- OPTIONS.input_tmp)
input_zip = zipfile.ZipFile(args[0], "r")
else:
print("unzipping target target-files...")
OPTIONS.input_tmp, input_zip = common.UnzipTemp(
args[0], UNZIP_PATTERN)
+ OPTIONS.target_tmp = OPTIONS.input_tmp
- OPTIONS.target_tmp = OPTIONS.input_tmp
- OPTIONS.info_dict = common.LoadInfoDict(input_zip, OPTIONS.target_tmp)
-
- if OPTIONS.verbose:
- print("--- target info ---")
- common.DumpInfoDict(OPTIONS.info_dict)
-
- # If the caller explicitly specified the device-specific extensions
- # path via -s/--device_specific, use that. Otherwise, use
- # META/releasetools.py if it is present in the target target_files.
- # Otherwise, take the path of the file from 'tool_extensions' in the
- # info dict and look for that in the local filesystem, relative to
- # the current directory.
-
+ # If the caller explicitly specified the device-specific extensions path via
+ # -s / --device_specific, use that. Otherwise, use META/releasetools.py if it
+ # is present in the target target_files. Otherwise, take the path of the file
+ # from 'tool_extensions' in the info dict and look for that in the local
+ # filesystem, relative to the current directory.
if OPTIONS.device_specific is None:
from_input = os.path.join(OPTIONS.input_tmp, "META", "releasetools.py")
if os.path.exists(from_input):
print("(using device-specific extensions from target_files)")
OPTIONS.device_specific = from_input
else:
- OPTIONS.device_specific = OPTIONS.info_dict.get("tool_extensions", None)
+ OPTIONS.device_specific = OPTIONS.info_dict.get("tool_extensions")
if OPTIONS.device_specific is not None:
OPTIONS.device_specific = os.path.abspath(OPTIONS.device_specific)
- if OPTIONS.info_dict.get("no_recovery") == "true":
- raise common.ExternalError(
- "--- target build has specified no recovery ---")
-
# Set up the output zip. Create a temporary zip file if signing is needed.
if OPTIONS.no_signing:
if os.path.exists(args[1]):
@@ -1468,12 +1480,6 @@
output_zip = zipfile.ZipFile(temp_zip_file, "w",
compression=zipfile.ZIP_DEFLATED)
- # Non A/B OTAs rely on /cache partition to store temporary files.
- cache_size = OPTIONS.info_dict.get("cache_size", None)
- if cache_size is None:
- print("--- can't determine the cache partition size ---")
- OPTIONS.cache_size = cache_size
-
# Generate a full OTA.
if OPTIONS.incremental_source is None:
WriteFullOTAPackage(input_zip, output_zip)
@@ -1484,12 +1490,6 @@
OPTIONS.source_tmp, source_zip = common.UnzipTemp(
OPTIONS.incremental_source,
UNZIP_PATTERN)
- OPTIONS.target_info_dict = OPTIONS.info_dict
- OPTIONS.source_info_dict = common.LoadInfoDict(source_zip,
- OPTIONS.source_tmp)
- if OPTIONS.verbose:
- print("--- source info ---")
- common.DumpInfoDict(OPTIONS.source_info_dict)
WriteBlockIncrementalOTAPackage(input_zip, source_zip, output_zip)
@@ -1499,6 +1499,7 @@
target_files_diff.recursiveDiff(
'', OPTIONS.source_tmp, OPTIONS.input_tmp, out_file)
+ common.ZipClose(input_zip)
common.ZipClose(output_zip)
# Sign the generated zip package unless no_signing is specified.
diff --git a/tools/releasetools/test_add_img_to_target_files.py b/tools/releasetools/test_add_img_to_target_files.py
new file mode 100644
index 0000000..e449ca8
--- /dev/null
+++ b/tools/releasetools/test_add_img_to_target_files.py
@@ -0,0 +1,168 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import os
+import os.path
+import unittest
+import zipfile
+
+import common
+from add_img_to_target_files import AddPackRadioImages, AddRadioImagesForAbOta
+
+
+OPTIONS = common.OPTIONS
+
+
+class AddImagesToTargetFilesTest(unittest.TestCase):
+
+ def setUp(self):
+ OPTIONS.input_tmp = common.MakeTempDir()
+
+ def tearDown(self):
+ common.Cleanup()
+
+ @staticmethod
+ def _create_images(images, prefix):
+ """Creates images under OPTIONS.input_tmp/prefix."""
+ path = os.path.join(OPTIONS.input_tmp, prefix)
+ if not os.path.exists(path):
+ os.mkdir(path)
+
+ for image in images:
+ image_path = os.path.join(path, image + '.img')
+ with open(image_path, 'wb') as image_fp:
+ image_fp.write(image.encode())
+
+ images_path = os.path.join(OPTIONS.input_tmp, 'IMAGES')
+ if not os.path.exists(images_path):
+ os.mkdir(images_path)
+ return images, images_path
+
+ def test_AddRadioImagesForAbOta_imageExists(self):
+ """Tests the case with existing images under IMAGES/."""
+ images, images_path = self._create_images(['aboot', 'xbl'], 'IMAGES')
+ AddRadioImagesForAbOta(None, images)
+
+ for image in images:
+ self.assertTrue(
+ os.path.exists(os.path.join(images_path, image + '.img')))
+
+ def test_AddRadioImagesForAbOta_copyFromRadio(self):
+ """Tests the case that copies images from RADIO/."""
+ images, images_path = self._create_images(['aboot', 'xbl'], 'RADIO')
+ AddRadioImagesForAbOta(None, images)
+
+ for image in images:
+ self.assertTrue(
+ os.path.exists(os.path.join(images_path, image + '.img')))
+
+ def test_AddRadioImagesForAbOta_copyFromRadio_zipOutput(self):
+ images, _ = self._create_images(['aboot', 'xbl'], 'RADIO')
+
+ # Set up the output zip.
+ output_file = common.MakeTempFile(suffix='.zip')
+ with zipfile.ZipFile(output_file, 'w') as output_zip:
+ AddRadioImagesForAbOta(output_zip, images)
+
+ with zipfile.ZipFile(output_file, 'r') as verify_zip:
+ for image in images:
+ self.assertIn('IMAGES/' + image + '.img', verify_zip.namelist())
+
+ def test_AddRadioImagesForAbOta_copyFromVendorImages(self):
+ """Tests the case that copies images from VENDOR_IMAGES/."""
+ vendor_images_path = os.path.join(OPTIONS.input_tmp, 'VENDOR_IMAGES')
+ os.mkdir(vendor_images_path)
+
+ partitions = ['aboot', 'xbl']
+ for index, partition in enumerate(partitions):
+ subdir = os.path.join(vendor_images_path, 'subdir-{}'.format(index))
+ os.mkdir(subdir)
+
+ partition_image_path = os.path.join(subdir, partition + '.img')
+ with open(partition_image_path, 'wb') as partition_fp:
+ partition_fp.write(partition.encode())
+
+ # Set up the output dir.
+ images_path = os.path.join(OPTIONS.input_tmp, 'IMAGES')
+ os.mkdir(images_path)
+
+ AddRadioImagesForAbOta(None, partitions)
+
+ for partition in partitions:
+ self.assertTrue(
+ os.path.exists(os.path.join(images_path, partition + '.img')))
+
+ def test_AddRadioImagesForAbOta_missingImages(self):
+ images, _ = self._create_images(['aboot', 'xbl'], 'RADIO')
+ self.assertRaises(AssertionError, AddRadioImagesForAbOta, None,
+ images + ['baz'])
+
+ def test_AddRadioImagesForAbOta_missingImages_zipOutput(self):
+ images, _ = self._create_images(['aboot', 'xbl'], 'RADIO')
+
+ # Set up the output zip.
+ output_file = common.MakeTempFile(suffix='.zip')
+ with zipfile.ZipFile(output_file, 'w') as output_zip:
+ self.assertRaises(AssertionError, AddRadioImagesForAbOta, output_zip,
+ images + ['baz'])
+
+ def test_AddPackRadioImages(self):
+ images, images_path = self._create_images(['foo', 'bar'], 'RADIO')
+ AddPackRadioImages(None, images)
+
+ for image in images:
+ self.assertTrue(
+ os.path.exists(os.path.join(images_path, image + '.img')))
+
+ def test_AddPackRadioImages_with_suffix(self):
+ images, images_path = self._create_images(['foo', 'bar'], 'RADIO')
+ images_with_suffix = [image + '.img' for image in images]
+ AddPackRadioImages(None, images_with_suffix)
+
+ for image in images:
+ self.assertTrue(
+ os.path.exists(os.path.join(images_path, image + '.img')))
+
+ def test_AddPackRadioImages_zipOutput(self):
+ images, _ = self._create_images(['foo', 'bar'], 'RADIO')
+
+ # Set up the output zip.
+ output_file = common.MakeTempFile(suffix='.zip')
+ with zipfile.ZipFile(output_file, 'w') as output_zip:
+ AddPackRadioImages(output_zip, images)
+
+ with zipfile.ZipFile(output_file, 'r') as verify_zip:
+ for image in images:
+ self.assertIn('IMAGES/' + image + '.img', verify_zip.namelist())
+
+ def test_AddPackRadioImages_imageExists(self):
+ images, images_path = self._create_images(['foo', 'bar'], 'RADIO')
+
+ # Additionally create images under IMAGES/ so that they should be skipped.
+ images, images_path = self._create_images(['foo', 'bar'], 'IMAGES')
+
+ AddPackRadioImages(None, images)
+
+ for image in images:
+ self.assertTrue(
+ os.path.exists(os.path.join(images_path, image + '.img')))
+
+ def test_AddPackRadioImages_missingImages(self):
+ images, _ = self._create_images(['foo', 'bar'], 'RADIO')
+ AddPackRadioImages(None, images)
+
+ self.assertRaises(AssertionError, AddPackRadioImages, None,
+ images + ['baz'])
diff --git a/tools/releasetools/test_ota_from_target_files.py b/tools/releasetools/test_ota_from_target_files.py
index 5f6c5d0..fa6655b 100644
--- a/tools/releasetools/test_ota_from_target_files.py
+++ b/tools/releasetools/test_ota_from_target_files.py
@@ -15,11 +15,20 @@
#
import copy
+import os.path
import unittest
import common
from ota_from_target_files import (
- _LoadOemDicts, BuildInfo, GetPackageMetadata, WriteFingerprintAssertion)
+ _LoadOemDicts, BuildInfo, GetPackageMetadata, PayloadSigner,
+ WriteFingerprintAssertion)
+
+
+def get_testdata_dir():
+ """Returns the testdata dir, in relative to the script dir."""
+ # The script dir is the one we want, which could be different from pwd.
+ current_dir = os.path.dirname(os.path.realpath(__file__))
+ return os.path.join(current_dir, 'testdata')
class MockScriptWriter(object):
@@ -476,3 +485,82 @@
'pre-build-incremental' : 'build-version-incremental-source',
},
metadata)
+
+
+class PayloadSignerTest(unittest.TestCase):
+
+ SIGFILE = 'sigfile.bin'
+ SIGNED_SIGFILE = 'signed-sigfile.bin'
+
+ def setUp(self):
+ self.testdata_dir = get_testdata_dir()
+ self.assertTrue(os.path.exists(self.testdata_dir))
+
+ common.OPTIONS.payload_signer = None
+ common.OPTIONS.payload_signer_args = []
+ common.OPTIONS.package_key = os.path.join(self.testdata_dir, 'testkey')
+ common.OPTIONS.key_passwords = {
+ common.OPTIONS.package_key : None,
+ }
+
+ def tearDown(self):
+ common.Cleanup()
+
+ def _assertFilesEqual(self, file1, file2):
+ with open(file1, 'rb') as fp1, open(file2, 'rb') as fp2:
+ self.assertEqual(fp1.read(), fp2.read())
+
+ def test_init(self):
+ payload_signer = PayloadSigner()
+ self.assertEqual('openssl', payload_signer.signer)
+
+ def test_init_withPassword(self):
+ common.OPTIONS.package_key = os.path.join(
+ self.testdata_dir, 'testkey_with_passwd')
+ common.OPTIONS.key_passwords = {
+ common.OPTIONS.package_key : 'foo',
+ }
+ payload_signer = PayloadSigner()
+ self.assertEqual('openssl', payload_signer.signer)
+
+ def test_init_withExternalSigner(self):
+ common.OPTIONS.payload_signer = 'abc'
+ common.OPTIONS.payload_signer_args = ['arg1', 'arg2']
+ payload_signer = PayloadSigner()
+ self.assertEqual('abc', payload_signer.signer)
+ self.assertEqual(['arg1', 'arg2'], payload_signer.signer_args)
+
+ def test_Sign(self):
+ payload_signer = PayloadSigner()
+ input_file = os.path.join(self.testdata_dir, self.SIGFILE)
+ signed_file = payload_signer.Sign(input_file)
+
+ verify_file = os.path.join(self.testdata_dir, self.SIGNED_SIGFILE)
+ self._assertFilesEqual(verify_file, signed_file)
+
+ def test_Sign_withExternalSigner_openssl(self):
+ """Uses openssl as the external payload signer."""
+ common.OPTIONS.payload_signer = 'openssl'
+ common.OPTIONS.payload_signer_args = [
+ 'pkeyutl', '-sign', '-keyform', 'DER', '-inkey',
+ os.path.join(self.testdata_dir, 'testkey.pk8'),
+ '-pkeyopt', 'digest:sha256']
+ payload_signer = PayloadSigner()
+ input_file = os.path.join(self.testdata_dir, self.SIGFILE)
+ signed_file = payload_signer.Sign(input_file)
+
+ verify_file = os.path.join(self.testdata_dir, self.SIGNED_SIGFILE)
+ self._assertFilesEqual(verify_file, signed_file)
+
+ def test_Sign_withExternalSigner_script(self):
+ """Uses testdata/payload_signer.sh as the external payload signer."""
+ common.OPTIONS.payload_signer = os.path.join(
+ self.testdata_dir, 'payload_signer.sh')
+ common.OPTIONS.payload_signer_args = [
+ os.path.join(self.testdata_dir, 'testkey.pk8')]
+ payload_signer = PayloadSigner()
+ input_file = os.path.join(self.testdata_dir, self.SIGFILE)
+ signed_file = payload_signer.Sign(input_file)
+
+ verify_file = os.path.join(self.testdata_dir, self.SIGNED_SIGFILE)
+ self._assertFilesEqual(verify_file, signed_file)
diff --git a/tools/releasetools/testdata/payload_signer.sh b/tools/releasetools/testdata/payload_signer.sh
new file mode 100755
index 0000000..a44ef34
--- /dev/null
+++ b/tools/releasetools/testdata/payload_signer.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# The script will be called with 'payload_signer.sh <key> -in <input> -out <output>'.
+openssl pkeyutl -sign -keyform DER -inkey $1 -pkeyopt digest:sha256 -in $3 -out $5
diff --git a/tools/releasetools/testdata/sigfile.bin b/tools/releasetools/testdata/sigfile.bin
new file mode 100644
index 0000000..8682216
--- /dev/null
+++ b/tools/releasetools/testdata/sigfile.bin
@@ -0,0 +1 @@
+ºQàÂÜ¢¡½¨Gpø£Õùù°ÔÖ'[4KéL¡c
\ No newline at end of file
diff --git a/tools/releasetools/testdata/signed-sigfile.bin b/tools/releasetools/testdata/signed-sigfile.bin
new file mode 100644
index 0000000..86d2f9e
--- /dev/null
+++ b/tools/releasetools/testdata/signed-sigfile.bin
@@ -0,0 +1,2 @@
+R¡&EÿsÁ%ø?¹|¤&ÍñzbSA[ßtqçWKÒl¦àÙÙås¥Ò~Fcæ `¯¾Í#
+T{Ý×Û½FÒÁxø16Ì=Q°Væ^Tß°ØxX£¶/þ#©êI'ÜîtcLp¬ëovzÑRá:õóWþ9(¹Á26Û̬ábÂBP1¸6ãnÒß±QÕC©gh;r²O}%Ľõáo6ãdê´Éãå2Y`¦ÕÛ¼ª¥_ROrCa,èI"n(`ínñÜÐbaiö¹Å¨ÔäS×Ê)kO[`6c¬e
\ No newline at end of file
diff --git a/tools/releasetools/testdata/testkey.pk8 b/tools/releasetools/testdata/testkey.pk8
new file mode 100644
index 0000000..99be291
--- /dev/null
+++ b/tools/releasetools/testdata/testkey.pk8
Binary files differ
diff --git a/tools/releasetools/testdata/testkey.x509.pem b/tools/releasetools/testdata/testkey.x509.pem
new file mode 100644
index 0000000..65c8085
--- /dev/null
+++ b/tools/releasetools/testdata/testkey.x509.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIJAN/FvjYzGNOKMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g
+VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE
+AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0xODAxMTgwMDM0NTFaFw00NTA2MDUwMDM0NTFaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
+A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL478jti8FoJkDcqu8/sStOHoNLdwC+MtjYa
+QADs1ZxcggKxXBYy0xkAw75G2T+jddjuvncCaDy57Z5vQPlZzyBRUR4NB1FkmxzP
+kJPCYL9v9gFZAFI+Sda/beF/tliNHkcyT9eWY5+vKUChpnMnIq8tIG75mL1y9mVJ
+k5ueg5hHwlAkSGNiBifwnDJxXiLVVNC8SrFeTJbeQTtFb/wleBGoji8Mgp6GblIW
+LaO3R5Tv+O7/x/c4ZCQueDgNXZA9/BD4DuRp34RhUjV0EZiQ016xYHejvkDuMlDV
+/JWD9dDM4plKSLWWtObevDQA6sGJd0+51s77gva+CKmQ8j39tU0CAwEAAaNTMFEw
+HQYDVR0OBBYEFNJPJZDpq6tc/19Z2kxPA2bj9D6UMB8GA1UdIwQYMBaAFNJPJZDp
+q6tc/19Z2kxPA2bj9D6UMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBABSUG9qrwV3WcClDJwqkNLN4yeVVYzkRMGA8/XqOiYrW4zh0mKDLfr6OeU1C
+AKwZBLhhql59Po25r4gcwPiTN2DkoCfb3T59XG8J54PAgTQjIAZ3J+mGZplnmuD3
+wj+UGUpPe0qTr33ZPoJfwxVo4RVnOt/UCsIGXch0HS/BIdpechqP0w4rOHUbq6EA
+8UEi5irKSDOU9b/5rD/tX2f4nGwJlKQEHWrsj9LLKlaL7fX36ghoSxN/pBJOhedg
+/VjT6xbaEwfyhC6Zj9av5Xl7UdpYt+rBMroAGenz0OSxKhIphdcx4ZMhvfkBoYG9
+Crupdqe+kUsfg2RlPb5grQ3klMo=
+-----END CERTIFICATE-----
diff --git a/tools/releasetools/testdata/testkey_with_passwd.pk8 b/tools/releasetools/testdata/testkey_with_passwd.pk8
new file mode 100644
index 0000000..3d567de
--- /dev/null
+++ b/tools/releasetools/testdata/testkey_with_passwd.pk8
Binary files differ
diff --git a/tools/releasetools/testdata/testkey_with_passwd.x509.pem b/tools/releasetools/testdata/testkey_with_passwd.x509.pem
new file mode 100644
index 0000000..449396e
--- /dev/null
+++ b/tools/releasetools/testdata/testkey_with_passwd.x509.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIJANefUd3Piu0yMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g
+VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE
+AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0xODAxMTgwMDI3NDRaFw00NTA2MDUwMDI3NDRaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
+A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALBoA4c+qCQKapQAVGclbousC5J/L0TNZJEd
+KSW2nzXUHIwgTQ3r82227xkIvjnqXMCsc0q3/N2gGKR4sHqA30JO9Dyfgsx1ISaR
+GXe5cG048m5U5snplQgvPovtah9ZyvwNPzWPYC3uceJaDxKQKwVdsV+mOWM6WmpQ
+bdLO37jxfytyAbzaz3sG5HA3FSB8rX/xDM6If18NsxSHpcjaOjZXC4Fg6wlp0klY
+5/qhFEdmieu2zQVelXjoJfKSku8tPa7kZeDU/F3uLUq/U/xvFk7NVsRV+QvYOdQK
+1QECc/3yv1TKNAN3huWTgzCX6bMHmi09Npw3MQaGY0oS34cH9x0CAwEAAaNTMFEw
+HQYDVR0OBBYEFNsJZ0n9Opeea0rVAzL+1jwkDKzPMB8GA1UdIwQYMBaAFNsJZ0n9
+Opeea0rVAzL+1jwkDKzPMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAJ/bzIzA+NrYwPEv56XKf6Vuj81+M1rTHAsH9PqbOvJT7iM7aU7wAl6vmXAo
+DQtvKoOBMdIXprapwe0quHCQm7PGxg+RRegr+dcTSVJFv1plnODOBOEAVlEfFwuW
+Cz0USF2jrNq+4ciH5zPL1a31ONb1rMkxJXQ/tAi0x8m6tZz+jsbE0wO6qB80UmkA
+4WY2Tu/gnAvFpD8plkiU0EKwedBHAcaFFZkQp23MKsVZ3UBqsqzzfXDYV1Oa6rIy
+XIZpI2Gx75pvAb57T2ap/yl0DBEAu7Nmpll0GCsgeJVdy7tS4LNj96Quya3CHWQw
+WNTVuan0KZqwDIm4Xn1oHUFQ9vc=
+-----END CERTIFICATE-----