Merge "Call clang-tidy with -quiet unless WITH_TIDY is set."
diff --git a/Changes.md b/Changes.md
index 53ff007..3e48bad 100644
--- a/Changes.md
+++ b/Changes.md
@@ -86,6 +86,11 @@
$(TARGET): myscript.py $(sort $(shell find my/python/lib -name '*.py'))
PYTHONPATH=my/python/lib:$$PYTHONPATH myscript.py -o $@
```
+### Stop using PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE directly {#PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE}
+
+Specify Framework Compatibility Matrix Version in device manifest by adding a `target-level`
+attribute to the root element `<manifest>`. If `PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE`
+is 26 or 27, you can add `"target-level"="1"` to your device manifest instead.
### Other envsetup.sh variables {#other_envsetup_variables}
diff --git a/core/binary.mk b/core/binary.mk
index c09a32e..cc6df60 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -187,7 +187,7 @@
endif
LOCAL_NDK_STL_VARIANT := $(strip $(LOCAL_NDK_STL_VARIANT))
ifeq (,$(LOCAL_NDK_STL_VARIANT))
- LOCAL_NDK_STL_VARIANT := c++_shared
+ LOCAL_NDK_STL_VARIANT := system
endif
ifneq (1,$(words $(filter none system stlport_static stlport_shared c++_static c++_shared gnustl_static, $(LOCAL_NDK_STL_VARIANT))))
$(error $(LOCAL_PATH): Unknown LOCAL_NDK_STL_VARIANT $(LOCAL_NDK_STL_VARIANT))
@@ -207,51 +207,26 @@
endif
else # LOCAL_NDK_STL_VARIANT is not stlport_* either
ifneq (,$(filter c++_%, $(LOCAL_NDK_STL_VARIANT)))
- # Pre-r11 NDKs used libgabi++ for libc++'s C++ ABI, but r11 and later use
- # libc++abi.
- #
- # r13 no longer has the inner directory as a side effect of just using
- # external/libcxx.
- ifeq (r10,$(LOCAL_NDK_VERSION))
- my_ndk_stl_include_path := \
- $(my_ndk_source_root)/cxx-stl/llvm-libc++/libcxx/include
- my_ndk_stl_include_path += \
- $(my_ndk_source_root)/cxx-stl/llvm-libc++/gabi++/include
- else ifeq (r11,$(LOCAL_NDK_VERSION))
- my_ndk_stl_include_path := \
- $(my_ndk_source_root)/cxx-stl/llvm-libc++/libcxx/include
- my_ndk_stl_include_path += \
- $(my_ndk_source_root)/cxx-stl/llvm-libc++abi/libcxxabi/include
- else
- my_ndk_stl_include_path := \
- $(my_ndk_source_root)/cxx-stl/llvm-libc++/include
- my_ndk_stl_include_path += \
- $(my_ndk_source_root)/cxx-stl/llvm-libc++abi/include
- endif
+ my_ndk_stl_include_path := \
+ $(my_ndk_source_root)/cxx-stl/llvm-libc++/include
+ my_ndk_stl_include_path += \
+ $(my_ndk_source_root)/cxx-stl/llvm-libc++abi/include
my_ndk_stl_include_path += $(my_ndk_source_root)/android/support/include
my_libcxx_libdir := \
$(my_ndk_source_root)/cxx-stl/llvm-libc++/libs/$(my_cpu_variant)
- ifneq (,$(filter r10 r11,$(LOCAL_NDK_VERSION)))
- ifeq (c++_static,$(LOCAL_NDK_STL_VARIANT))
- my_ndk_stl_static_lib := $(my_libcxx_libdir)/libc++_static.a
- else
- my_ndk_stl_shared_lib_fullpath := $(my_libcxx_libdir)/libc++_shared.so
- endif
+ ifeq (c++_static,$(LOCAL_NDK_STL_VARIANT))
+ my_ndk_stl_static_lib := \
+ $(my_libcxx_libdir)/libc++_static.a \
+ $(my_libcxx_libdir)/libc++abi.a
else
- ifeq (c++_static,$(LOCAL_NDK_STL_VARIANT))
- my_ndk_stl_static_lib := \
- $(my_libcxx_libdir)/libc++_static.a \
- $(my_libcxx_libdir)/libc++abi.a
- else
- my_ndk_stl_shared_lib_fullpath := $(my_libcxx_libdir)/libc++_shared.so
- endif
+ my_ndk_stl_shared_lib_fullpath := $(my_libcxx_libdir)/libc++_shared.so
+ endif
- my_ndk_stl_static_lib += $(my_libcxx_libdir)/libandroid_support.a
- ifneq (,$(filter armeabi armeabi-v7a,$(my_cpu_variant)))
- my_ndk_stl_static_lib += $(my_libcxx_libdir)/libunwind.a
- endif
+ my_ndk_stl_static_lib += $(my_libcxx_libdir)/libandroid_support.a
+ ifneq (,$(filter armeabi armeabi-v7a,$(my_cpu_variant)))
+ my_ndk_stl_static_lib += $(my_libcxx_libdir)/libunwind.a
endif
my_ldlibs += -ldl
@@ -870,6 +845,9 @@
###########################################################
## Compile the .proto files to .cc (or .c) and then to .o
###########################################################
+ifeq ($(strip $(LOCAL_PROTOC_OPTIMIZE_TYPE)),)
+ LOCAL_PROTOC_OPTIMIZE_TYPE := lite
+endif
proto_sources := $(filter %.proto,$(my_src_files))
ifneq ($(proto_sources),)
proto_gen_dir := $(generated_sources_dir)/proto
@@ -891,7 +869,7 @@
endif
my_proto_c_includes := external/protobuf/src
my_cflags += -DGOOGLE_PROTOBUF_NO_RTTI
-my_protoc_flags := --cpp_out=$(proto_gen_dir)
+my_protoc_flags := --cpp_out=$(if $(filter lite lite-static,$(LOCAL_PROTOC_OPTIMIZE_TYPE)),lite:,)$(proto_gen_dir)
my_protoc_deps :=
endif
my_proto_c_includes += $(proto_gen_dir)
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index fc2adde..09f9be5 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -227,8 +227,9 @@
LOCAL_SDK_VERSION:=
LOCAL_SHARED_ANDROID_LIBRARIES:=
LOCAL_SHARED_LIBRARIES:=
-LOCAL_SOONG_HEADER_JAR :=
+LOCAL_SOONG_CLASSES_JAR :=
LOCAL_SOONG_DEX_JAR :=
+LOCAL_SOONG_HEADER_JAR :=
LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR :=
LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE :=
LOCAL_SOONG_RRO_DIRS :=
diff --git a/core/config.mk b/core/config.mk
index e43793a..d317bd0 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -75,6 +75,7 @@
ANDROID_EMULATOR_PREBUILTS \
ANDROID_PRE_BUILD_PATHS \
,See $(CHANGES_URL)#other_envsetup_variables)
+$(KATI_obsolete_var PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE,Set FCM Version in device manifest instead. See $(CHANGES_URL)#PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE)
CHANGES_URL :=
@@ -784,44 +785,7 @@
endif
FRAMEWORK_MANIFEST_FILE := system/libhidl/manifest.xml
-
-# Compatibility matrix versioning:
-# MATRIX_LEVEL_OVERRIDE defined: MATRIX_LEVEL = MATRIX_LEVEL_OVERRIDE
-# MATRIX_LEVEL_OVERRIDE undefined:
-# FULL_TREBLE != true: MATRIX_LEVEL = legacy
-# FULL_TREBLE == true:
-# SHIPPING_API_LEVEL defined: MATRIX_LEVEL = SHIPPING_API_LEVEL
-# SHIPPING_API_LEVEL undefined: MATRIX_LEVEL = PLATFORM_SDK_VERSION
-# MATRIX_LEVEL == legacy => legacy.xml
-# MATRIX_LEVEL <= 26 => 26.xml
-# MATRIX_LEVEL == 27 => 27.xml # define when 27 releases
-# MATRIX_LEVEL == 28 => 28.xml # define when 28 releases
-# ...
-# otherwise => current.xml
-
-ifneq ($(PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE),)
- PRODUCT_COMPATIBILITY_MATRIX_LEVEL := $(PRODUCT_COMPATIBILITY_MATRIX_LEVEL_OVERRIDE)
-else ifneq ($(PRODUCT_FULL_TREBLE),true)
- PRODUCT_COMPATIBILITY_MATRIX_LEVEL := legacy
-else ifneq ($(PRODUCT_SHIPPING_API_LEVEL),)
- PRODUCT_COMPATIBILITY_MATRIX_LEVEL := $(PRODUCT_SHIPPING_API_LEVEL)
-else
- PRODUCT_COMPATIBILITY_MATRIX_LEVEL := $(PLATFORM_SDK_VERSION)
-endif
-
-ifeq ($(strip $(PRODUCT_COMPATIBILITY_MATRIX_LEVEL)),legacy)
- FRAMEWORK_COMPATIBILITY_MATRIX_FILE := hardware/interfaces/compatibility_matrix.legacy.xml
-else ifeq ($(call math_gt_or_eq,$(PRODUCT_COMPATIBILITY_MATRIX_LEVEL),26),)
- # All PRODUCT_FULL_TREBLE devices with shipping API levels < 26 get the level 26 manifest
- # as that is the first.
- FRAMEWORK_COMPATIBILITY_MATRIX_FILE := hardware/interfaces/compatibility_matrix.26.xml
-else ifeq ($(call math_gt_or_eq,$(PRODUCT_COMPATIBILITY_MATRIX_LEVEL),28),)
- # All shipping API levels with released compatibility matrices get the corresponding matrix.
- FRAMEWORK_COMPATIBILITY_MATRIX_FILE := \
- hardware/interfaces/compatibility_matrix.$(PRODUCT_COMPATIBILITY_MATRIX_LEVEL).xml
-else
- FRAMEWORK_COMPATIBILITY_MATRIX_FILE := hardware/interfaces/compatibility_matrix.current.xml
-endif
+FRAMEWORK_COMPATIBILITY_MATRIX_FILES := $(wildcard hardware/interfaces/compatibility_matrix.*.xml)
BUILD_NUMBER_FROM_FILE := $$(cat $(OUT_DIR)/build_number.txt)
BUILD_DATETIME_FROM_FILE := $$(cat $(OUT_DIR)/build_date.txt)
diff --git a/core/java_common.mk b/core/java_common.mk
index a816324..aac5982 100644
--- a/core/java_common.mk
+++ b/core/java_common.mk
@@ -38,6 +38,9 @@
###########################################################
## .proto files: Compile proto files to .java
###########################################################
+ifeq ($(strip $(LOCAL_PROTOC_OPTIMIZE_TYPE)),)
+ LOCAL_PROTOC_OPTIMIZE_TYPE := lite
+endif
proto_sources := $(filter %.proto,$(LOCAL_SRC_FILES))
# Because names of the .java files compiled from .proto files are unknown until the
# .proto files are compiled, we use a timestamp file as depedency.
@@ -67,7 +70,7 @@
endif
endif
$(proto_java_sources_file_stamp): PRIVATE_PROTOC_FLAGS := $(LOCAL_PROTOC_FLAGS)
-$(proto_java_sources_file_stamp): PRIVATE_PROTO_JAVA_OUTPUT_PARAMS := $(LOCAL_PROTO_JAVA_OUTPUT_PARAMS)
+$(proto_java_sources_file_stamp): PRIVATE_PROTO_JAVA_OUTPUT_PARAMS := $(if $(filter lite,$(LOCAL_PROTOC_OPTIMIZE_TYPE)),lite$(if $(LOCAL_PROTO_JAVA_OUTPUT_PARAMS),:,),)$(LOCAL_PROTO_JAVA_OUTPUT_PARAMS)
$(proto_java_sources_file_stamp) : $(proto_sources_fullpath) $(PROTOC)
$(call transform-proto-to-java)
diff --git a/core/soong_app_prebuilt.mk b/core/soong_app_prebuilt.mk
index e94c019..633ef0c 100644
--- a/core/soong_app_prebuilt.mk
+++ b/core/soong_app_prebuilt.mk
@@ -16,8 +16,26 @@
ifdef LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR
$(eval $(call copy-one-file,$(LOCAL_SOONG_JACOCO_REPORT_CLASSES_JAR),\
$(intermediates.COMMON)/jacoco-report-classes.jar))
+ $(call add-dependency,$(common_javalib.jar),\
+ $(intermediates.COMMON)/jacoco-report-classes.jar)
endif
+full_classes_jar := $(intermediates.COMMON)/classes.jar
+full_classes_pre_proguard_jar := $(intermediates.COMMON)/classes-pre-proguard.jar
+full_classes_header_jar := $(intermediates.COMMON)/classes-header.jar
+
+$(eval $(call copy-one-file,$(LOCAL_SOONG_CLASSES_JAR),$(full_classes_jar)))
+$(eval $(call copy-one-file,$(LOCAL_SOONG_CLASSES_JAR),$(full_classes_pre_proguard_jar)))
+
+ifneq ($(TURBINE_DISABLED),false)
+ifdef LOCAL_SOONG_HEADER_JAR
+$(eval $(call copy-one-file,$(LOCAL_SOONG_HEADER_JAR),$(full_classes_header_jar)))
+else
+$(eval $(call copy-one-file,$(full_classes_jar),$(full_classes_header_jar)))
+endif
+endif # TURBINE_DISABLED != false
+
+
$(eval $(call copy-one-file,$(LOCAL_PREBUILT_MODULE_FILE),$(LOCAL_BUILT_MODULE)))
ifdef LOCAL_SOONG_RESOURCE_EXPORT_PACKAGE
@@ -45,8 +63,8 @@
PACKAGES := $(PACKAGES) $(LOCAL_MODULE)
ifdef LOCAL_CERTIFICATE
- PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE)
- PACKAGES.$(LOCAL_MODULE).CERTIFICATE := $(patsubst %.x509.pem,%.pk8,$(LOCAL_CERTIFICATE))
+ PACKAGES.$(LOCAL_MODULE).CERTIFICATE := $(LOCAL_CERTIFICATE)
+ PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(patsubst %.x509.pem,%.pk8,$(LOCAL_CERTIFICATE))
endif
ifndef LOCAL_IS_HOST_MODULE
diff --git a/core/soong_config.mk b/core/soong_config.mk
index 8f5a054..eb19a8c 100644
--- a/core/soong_config.mk
+++ b/core/soong_config.mk
@@ -117,7 +117,6 @@
$(call add_json_bool, Malloc_not_svelte, $(call invert_bool,$(filter true,$(MALLOC_SVELTE))))
$(call add_json_str, Override_rs_driver, $(OVERRIDE_RS_DRIVER))
-$(call add_json_bool, Treble, $(filter true,$(PRODUCT_FULL_TREBLE)))
$(call add_json_bool, Treble_linker_namespaces, $(filter true,$(PRODUCT_TREBLE_LINKER_NAMESPACES)))
$(call add_json_bool, Sepolicy_split, $(filter true,$(PRODUCT_SEPOLICY_SPLIT)))
$(call add_json_bool, Enforce_vintf_manifest, $(filter true,$(PRODUCT_ENFORCE_VINTF_MANIFEST)))
diff --git a/core/tasks/tradefed-tests-list.mk b/core/tasks/tradefed-tests-list.mk
index 3b5f5da..bcbdfcf 100644
--- a/core/tasks/tradefed-tests-list.mk
+++ b/core/tasks/tradefed-tests-list.mk
@@ -19,12 +19,12 @@
$(foreach dir, $(COMPATIBILITY.tradefed_tests_dir), \
$(eval tradefed_tests += $(shell find $(dir) -type f -name "*.xml")))
tradefed_tests_list_intermediates := $(call intermediates-dir-for,PACKAGING,tradefed_tests_list,HOST,COMMON)
-tradefed_tests_list_zip := $(tradefed_tests_list_intermediates)/tradefed-tests-list.zip
+tradefed_tests_list_zip := $(tradefed_tests_list_intermediates)/tradefed-tests_list.zip
all_tests :=
$(foreach test, $(tradefed_tests), \
$(eval all_tests += $(word 2,$(subst /res/config/,$(space),$(test)))))
$(tradefed_tests_list_zip) : PRIVATE_tradefed_tests := $(subst .xml,,$(subst $(space),\n,$(sort $(all_tests))))
-$(tradefed_tests_list_zip) : PRIVATE_tradefed_tests_list := $(tradefed_tests_list_intermediates)/tradefed-tests-list
+$(tradefed_tests_list_zip) : PRIVATE_tradefed_tests_list := $(tradefed_tests_list_intermediates)/tradefed-tests_list
$(tradefed_tests_list_zip) : $(tradefed_tests) $(SOONG_ZIP)
@echo "Package: $@"
@@ -34,3 +34,5 @@
tradefed-tests-list : $(tradefed_tests_list_zip)
$(call dist-for-goals, tradefed-tests-list, $(tradefed_tests_list_zip))
+
+tests: tradefed-tests-list
diff --git a/target/board/Android.mk b/target/board/Android.mk
index f8d3bb3..fc32cd9 100644
--- a/target/board/Android.mk
+++ b/target/board/Android.mk
@@ -34,7 +34,8 @@
ifdef DEVICE_MANIFEST_FILE
# $(DEVICE_MANIFEST_FILE) can be a list of files
include $(CLEAR_VARS)
-LOCAL_MODULE := manifest.xml
+LOCAL_MODULE := device_manifest.xml
+LOCAL_MODULE_STEM := manifest.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)
@@ -42,6 +43,8 @@
$(GEN): PRIVATE_DEVICE_MANIFEST_FILE := $(DEVICE_MANIFEST_FILE)
$(GEN): $(DEVICE_MANIFEST_FILE) $(HOST_OUT_EXECUTABLES)/assemble_vintf
BOARD_SEPOLICY_VERS=$(BOARD_SEPOLICY_VERS) \
+ PRODUCT_ENFORCE_VINTF_MANIFEST=$(PRODUCT_ENFORCE_VINTF_MANIFEST) \
+ PRODUCT_SHIPPING_API_LEVEL=$(PRODUCT_SHIPPING_API_LEVEL) \
$(HOST_OUT_EXECUTABLES)/assemble_vintf -o $@ \
-i $(call normalize-path-list,$(PRIVATE_DEVICE_MANIFEST_FILE))
@@ -53,7 +56,8 @@
# Device Compatibility Matrix
ifdef DEVICE_MATRIX_FILE
include $(CLEAR_VARS)
-LOCAL_MODULE := compatibility_matrix.xml
+LOCAL_MODULE := device_compatibility_matrix.xml
+LOCAL_MODULE_STEM := compatibility_matrix.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)
@@ -69,7 +73,7 @@
# Framework Manifest
include $(CLEAR_VARS)
-LOCAL_MODULE := system_manifest.xml
+LOCAL_MODULE := framework_manifest.xml
LOCAL_MODULE_STEM := manifest.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT)
@@ -94,7 +98,7 @@
# Framework Compatibility Matrix
include $(CLEAR_VARS)
-LOCAL_MODULE := system_compatibility_matrix.xml
+LOCAL_MODULE := framework_compatibility_matrix.xml
LOCAL_MODULE_STEM := compatibility_matrix.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT)
@@ -103,12 +107,10 @@
$(GEN): PRIVATE_FLAGS :=
-ifeq ($(PRODUCT_ENFORCE_VINTF_MANIFEST),true)
ifdef BUILT_VENDOR_MANIFEST
$(GEN): $(BUILT_VENDOR_MANIFEST)
$(GEN): PRIVATE_FLAGS += -c "$(BUILT_VENDOR_MANIFEST)"
endif
-endif
ifeq (true,$(BOARD_AVB_ENABLE))
$(GEN): $(AVBTOOL)
@@ -139,12 +141,15 @@
KERNEL_VERSIONS :=
KERNEL_CONFIG_DATA :=
-$(GEN): $(FRAMEWORK_COMPATIBILITY_MATRIX_FILE) $(HOST_OUT_EXECUTABLES)/assemble_vintf
+$(GEN): $(FRAMEWORK_COMPATIBILITY_MATRIX_FILES) $(HOST_OUT_EXECUTABLES)/assemble_vintf
# TODO(b/37405869) (b/37715375) inject avb versions as well for devices that have avb enabled.
POLICYVERS=$(POLICYVERS) \
BOARD_SEPOLICY_VERS=$(BOARD_SEPOLICY_VERS) \
FRAMEWORK_VBMETA_VERSION=$(FRAMEWORK_VBMETA_VERSION) \
- $(HOST_OUT_EXECUTABLES)/assemble_vintf -i $< -o $@ $(PRIVATE_FLAGS)
+ PRODUCT_ENFORCE_VINTF_MANIFEST=$(PRODUCT_ENFORCE_VINTF_MANIFEST) \
+ $(HOST_OUT_EXECUTABLES)/assemble_vintf \
+ -i $(call normalize-path-list,$(FRAMEWORK_COMPATIBILITY_MATRIX_FILES)) \
+ -o $@ $(PRIVATE_FLAGS)
LOCAL_PREBUILT_MODULE_FILE := $(GEN)
include $(BUILD_PREBUILT)
BUILT_SYSTEM_COMPATIBILITY_MATRIX := $(LOCAL_BUILT_MODULE)
diff --git a/target/product/embedded.mk b/target/product/embedded.mk
index 246a553..55ee6dc 100644
--- a/target/product/embedded.mk
+++ b/target/product/embedded.mk
@@ -81,10 +81,13 @@
tzdatacheck \
vndservice \
vndservicemanager \
- compatibility_matrix.xml \
- manifest.xml \
- system_manifest.xml \
- system_compatibility_matrix.xml \
+
+# VINTF data
+PRODUCT_PACKAGES += \
+ device_compatibility_matrix.xml \
+ device_manifest.xml \
+ framework_manifest.xml \
+ framework_compatibility_matrix.xml \
# SELinux packages are added as dependencies of the selinux_policy
# phony package.
diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index cc946ca..0f33f38 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk
@@ -131,3 +131,9 @@
PRODUCT_CHARACTERISTICS := emulator
PRODUCT_FULL_TREBLE_OVERRIDE := true
+
+
+#watchdog tiggers reboot because location service is not
+#responding, disble it for now
+PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
+config.disable_location=true
diff --git a/tools/releasetools/check_ota_package_signature.py b/tools/releasetools/check_ota_package_signature.py
index 8106d06..b5e9d8b 100755
--- a/tools/releasetools/check_ota_package_signature.py
+++ b/tools/releasetools/check_ota_package_signature.py
@@ -21,11 +21,7 @@
from __future__ import print_function
import argparse
-import common
-import os
-import os.path
import re
-import site
import subprocess
import sys
import tempfile
@@ -34,15 +30,7 @@
from hashlib import sha1
from hashlib import sha256
-# 'update_payload' package is under 'system/update_engine/scripts/', which
-# should be included in PYTHONPATH. Try to set it up automatically if
-# if ANDROID_BUILD_TOP is available.
-top = os.getenv('ANDROID_BUILD_TOP')
-if top:
- site.addsitedir(os.path.join(top, 'system', 'update_engine', 'scripts'))
-
-from update_payload.payload import Payload
-from update_payload.update_metadata_pb2 import Signatures
+import common
def CertUsesSha256(cert):
@@ -108,10 +96,7 @@
use_sha256 = CertUsesSha256(cert)
print('Use SHA-256: %s' % (use_sha256,))
- if use_sha256:
- h = sha256()
- else:
- h = sha1()
+ h = sha256() if use_sha256 else sha1()
h.update(package_bytes[:signed_len])
package_digest = h.hexdigest().lower()
@@ -161,40 +146,6 @@
def VerifyAbOtaPayload(cert, package):
"""Verifies the payload and metadata signatures in an A/B OTA payload."""
-
- def VerifySignatureBlob(hash_file, blob):
- """Verifies the input hash_file against the signature blob."""
- signatures = Signatures()
- signatures.ParseFromString(blob)
-
- extracted_sig_file = common.MakeTempFile(
- prefix='extracted-sig-', suffix='.bin')
- # In Android, we only expect one signature.
- assert len(signatures.signatures) == 1, \
- 'Invalid number of signatures: %d' % len(signatures.signatures)
- signature = signatures.signatures[0]
- length = len(signature.data)
- assert length == 256, 'Invalid signature length %d' % (length,)
- with open(extracted_sig_file, 'w') as f:
- f.write(signature.data)
-
- # Verify the signature file extracted from the payload, by reversing the
- # signing operation. Alternatively, this can be done by calling 'openssl
- # rsautl -verify -certin -inkey <cert.pem> -in <extracted_sig_file> -out
- # <output>', then to assert that
- # <output> == SHA-256 DigestInfo prefix || <hash_file>.
- cmd = ['openssl', 'pkeyutl', '-verify', '-certin', '-inkey', cert,
- '-pkeyopt', 'digest:sha256', '-in', hash_file,
- '-sigfile', extracted_sig_file]
- p = common.Run(cmd, stdout=subprocess.PIPE)
- result, _ = p.communicate()
-
- # https://github.com/openssl/openssl/pull/3213
- # 'openssl pkeyutl -verify' (prior to 1.1.0) returns non-zero return code,
- # even on successful verification. To avoid the false alarm with older
- # openssl, check the output directly.
- assert result.strip() == 'Signature Verified Successfully', result.strip()
-
package_zip = zipfile.ZipFile(package, 'r')
if 'payload.bin' not in package_zip.namelist():
common.ZipClose(package_zip)
@@ -202,37 +153,27 @@
print('Verifying A/B OTA payload signatures...')
+ # Dump pubkey from the certificate.
+ pubkey = common.MakeTempFile(prefix="key-", suffix=".key")
+ cmd = ['openssl', 'x509', '-pubkey', '-noout', '-in', cert, '-out', pubkey]
+ proc = common.Run(cmd, stdout=subprocess.PIPE)
+ stdoutdata, _ = proc.communicate()
+ assert proc.returncode == 0, \
+ 'Failed to dump public key from certificate: %s\n%s' % (cert, stdoutdata)
+
package_dir = tempfile.mkdtemp(prefix='package-')
common.OPTIONS.tempfiles.append(package_dir)
+ # Signature verification with delta_generator.
payload_file = package_zip.extract('payload.bin', package_dir)
- payload = Payload(open(payload_file, 'rb'))
- payload.Init()
-
- # Extract the payload hash and metadata hash from the payload.bin.
- payload_hash_file = common.MakeTempFile(prefix='hash-', suffix='.bin')
- metadata_hash_file = common.MakeTempFile(prefix='hash-', suffix='.bin')
- cmd = ['brillo_update_payload', 'hash',
- '--unsigned_payload', payload_file,
- '--signature_size', '256',
- '--metadata_hash_file', metadata_hash_file,
- '--payload_hash_file', payload_hash_file]
- p = common.Run(cmd, stdout=subprocess.PIPE)
- p.communicate()
- assert p.returncode == 0, 'brillo_update_payload hash failed'
-
- # Payload signature verification.
- assert payload.manifest.HasField('signatures_offset')
- payload_signature = payload.ReadDataBlob(
- payload.manifest.signatures_offset, payload.manifest.signatures_size)
- VerifySignatureBlob(payload_hash_file, payload_signature)
-
- # Metadata signature verification.
- metadata_signature = payload.ReadDataBlob(
- -payload.header.metadata_signature_len,
- payload.header.metadata_signature_len)
- VerifySignatureBlob(metadata_hash_file, metadata_signature)
-
+ cmd = ['delta_generator',
+ '--in_file=' + payload_file,
+ '--public_key=' + pubkey]
+ proc = common.Run(cmd, stdout=subprocess.PIPE)
+ stdoutdata, _ = proc.communicate()
+ assert proc.returncode == 0, \
+ 'Failed to verify payload with delta_generator: %s\n%s' % (package,
+ stdoutdata)
common.ZipClose(package_zip)
# Verified successfully upon reaching here.
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 07037f1..60e2e5c 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -109,9 +109,6 @@
Specifies the threshold that will be used to compute the maximum
allowed stash size (defaults to 0.8).
- --gen_verify
- Generate an OTA package that verifies the partitions.
-
--log_diff <file>
Generate a log file that shows the differences in the source and target
builds for an incremental package. This option is only meaningful when
@@ -172,7 +169,6 @@
# Stash size cannot exceed cache_size * threshold.
OPTIONS.cache_size = None
OPTIONS.stash_threshold = 0.8
-OPTIONS.gen_verify = False
OPTIONS.log_diff = None
OPTIONS.payload_signer = None
OPTIONS.payload_signer_args = []
@@ -936,78 +932,6 @@
WriteMetadata(metadata, output_zip)
-def WriteVerifyPackage(input_zip, output_zip):
- script = edify_generator.EdifyGenerator(3, OPTIONS.info_dict)
-
- oem_props = OPTIONS.info_dict.get("oem_fingerprint_properties")
- recovery_mount_options = OPTIONS.info_dict.get(
- "recovery_mount_options")
- oem_dicts = None
- if oem_props:
- oem_dicts = _LoadOemDicts(script, recovery_mount_options)
-
- target_fp = CalculateFingerprint(oem_props, oem_dicts and oem_dicts[0],
- OPTIONS.info_dict)
- metadata = {
- "post-build": target_fp,
- "pre-device": GetOemProperty("ro.product.device", oem_props,
- oem_dicts and oem_dicts[0],
- OPTIONS.info_dict),
- "post-timestamp": GetBuildProp("ro.build.date.utc", OPTIONS.info_dict),
- }
-
- device_specific = common.DeviceSpecificParams(
- input_zip=input_zip,
- input_version=OPTIONS.info_dict["recovery_api_version"],
- output_zip=output_zip,
- script=script,
- input_tmp=OPTIONS.input_tmp,
- metadata=metadata,
- info_dict=OPTIONS.info_dict)
-
- AppendAssertions(script, OPTIONS.info_dict, oem_dicts)
-
- script.Print("Verifying device images against %s..." % target_fp)
- script.AppendExtra("")
-
- script.Print("Verifying boot...")
- boot_img = common.GetBootableImage(
- "boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
- boot_type, boot_device = common.GetTypeAndDevice(
- "/boot", OPTIONS.info_dict)
- script.Verify("%s:%s:%d:%s" % (
- boot_type, boot_device, boot_img.size, boot_img.sha1))
- script.AppendExtra("")
-
- script.Print("Verifying recovery...")
- recovery_img = common.GetBootableImage(
- "recovery.img", "recovery.img", OPTIONS.input_tmp, "RECOVERY")
- recovery_type, recovery_device = common.GetTypeAndDevice(
- "/recovery", OPTIONS.info_dict)
- script.Verify("%s:%s:%d:%s" % (
- recovery_type, recovery_device, recovery_img.size, recovery_img.sha1))
- script.AppendExtra("")
-
- system_tgt = GetImage("system", OPTIONS.input_tmp)
- system_tgt.ResetFileMap()
- system_diff = common.BlockDifference("system", system_tgt, src=None)
- system_diff.WriteStrictVerifyScript(script)
-
- if HasVendorPartition(input_zip):
- vendor_tgt = GetImage("vendor", OPTIONS.input_tmp)
- vendor_tgt.ResetFileMap()
- vendor_diff = common.BlockDifference("vendor", vendor_tgt, src=None)
- vendor_diff.WriteStrictVerifyScript(script)
-
- # Device specific partitions, such as radio, bootloader and etc.
- device_specific.VerifyOTA_Assertions()
-
- script.SetProgress(1.0)
- script.AddToZip(input_zip, output_zip, input_path=OPTIONS.updater_binary)
- metadata["ota-required-cache"] = str(script.required_cache)
- WriteMetadata(metadata, output_zip)
-
-
def WriteABOTAPackageWithBrilloScript(target_file, output_file,
source_file=None):
"""Generate an Android OTA package that has A/B update payload."""
@@ -1320,8 +1244,6 @@
except ValueError:
raise ValueError("Cannot parse value %r for option %r - expecting "
"a float" % (a, o))
- elif o == "--gen_verify":
- OPTIONS.gen_verify = True
elif o == "--log_diff":
OPTIONS.log_diff = a
elif o == "--payload_signer":
@@ -1355,7 +1277,6 @@
"verify",
"no_fallback_to_full",
"stash_threshold=",
- "gen_verify",
"log_diff=",
"payload_signer=",
"payload_signer_args=",
@@ -1484,12 +1405,8 @@
print("--- can't determine the cache partition size ---")
OPTIONS.cache_size = cache_size
- # Generate a verify package.
- if OPTIONS.gen_verify:
- WriteVerifyPackage(input_zip, output_zip)
-
# Generate a full OTA.
- elif OPTIONS.incremental_source is None:
+ if OPTIONS.incremental_source is None:
WriteFullOTAPackage(input_zip, output_zip)
# Generate an incremental OTA. It will fall back to generate a full OTA on