Merge "Add OWNERS in build/make"
diff --git a/core/Makefile b/core/Makefile
index a23cdd4..b6a9780 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -567,25 +567,25 @@
else ifeq (true,$(BOARD_AVB_ENABLE)) # TARGET_BOOTIMAGE_USE_EXT2 != true
-$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES)
+$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH)
$(call pretty,"Target boot image: $@")
$(hide) $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $@
$(hide) $(call assert-max-image-size,$@,$(BOARD_BOOTIMAGE_PARTITION_SIZE))
$(hide) $(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
- --partition_name boot $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
.PHONY: bootimage-nodeps
-bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL)
+bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH)
@echo "make $@: ignoring dependencies"
$(hide) $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(INSTALLED_BOOTIMAGE_TARGET)
$(hide) $(call assert-max-image-size,$(INSTALLED_BOOTIMAGE_TARGET),$(BOARD_BOOTIMAGE_PARTITION_SIZE))
$(hide) $(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
- --partition_name boot $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
else ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_BOOT_SIGNER)) # BOARD_AVB_ENABLE != true
@@ -866,6 +866,10 @@
endif
endif
+ifeq ($(BOARD_AVB_ENABLE),true)
+INTERNAL_USERIMAGES_DEPS += $(AVBTOOL)
+endif
+
ifneq (true,$(TARGET_USERIMAGES_SPARSE_SQUASHFS_DISABLED))
INTERNAL_USERIMAGES_SPARSE_SQUASHFS_FLAG := -s
endif
@@ -940,12 +944,21 @@
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_subkey=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VBOOT_SIGNING_SUBKEY)" >> $(1))
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "futility=$(notdir $(FUTILITY))" >> $(1))
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_signer_cmd=$(VBOOT_SIGNER)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_signing_args=$(INTERNAL_AVB_SIGNING_ARGS)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_avbtool=$(notdir $(AVBTOOL))" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),\
+ $(if $(BOARD_AVB_SYSTEM_KEY_PATH),\
+ $(hide) echo "avb_system_key_path=$(BOARD_AVB_SYSTEM_KEY_PATH)" >> $(1)
+ $(hide) echo "avb_system_algorithm=$(BOARD_AVB_SYSTEM_ALGORITHM)" >> $(1)
+ $(hide) echo "avb_system_rollback_index_location=$(BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION)" >> $(1)))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),\
+ $(if $(BOARD_AVB_VENDOR_KEY_PATH),\
+ $(hide) echo "avb_vendor_key_path=$(BOARD_AVB_VENDOR_KEY_PATH)" >> $(1)
+ $(hide) echo "avb_vendor_algorithm=$(BOARD_AVB_VENDOR_ALGORITHM)" >> $(1)
+ $(hide) echo "avb_vendor_rollback_index_location=$(BOARD_AVB_VENDOR_ROLLBACK_INDEX_LOCATION)" >> $(1)))
$(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)),\
$(hide) echo "recovery_as_boot=true" >> $(1))
$(if $(filter true,$(BOARD_BUILD_SYSTEM_ROOT_IMAGE)),\
@@ -1149,7 +1162,7 @@
$(hide) $(AVBTOOL) add_hash_footer \
--image $(1) \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
- --partition_name boot $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS))
$(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \
$(hide) $(call assert-max-image-size,$(1),$(BOARD_BOOTIMAGE_PARTITION_SIZE)), \
@@ -1165,7 +1178,7 @@
$(INSTALLED_BOOTIMAGE_TARGET) : $(VBOOT_SIGNER)
endif
ifeq (true,$(BOARD_AVB_ENABLE))
-$(INSTALLED_BOOTIMAGE_TARGET) : $(AVBTOOL)
+$(INSTALLED_BOOTIMAGE_TARGET) : $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH)
endif
$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) $(MINIGZIP) \
$(INSTALLED_RAMDISK_TARGET) \
@@ -1235,7 +1248,6 @@
$(PDK_FUSION_SYSIMG_FILES) \
$(RECOVERY_RESOURCE_ZIP))
-
FULL_SYSTEMIMAGE_DEPS := $(INTERNAL_SYSTEMIMAGE_FILES) $(INTERNAL_USERIMAGES_DEPS)
# ASAN libraries in the system image - add dependency.
@@ -1357,6 +1369,9 @@
endif
endif
+.PHONY: sync
+sync: $(INTERNAL_SYSTEMIMAGE_FILES)
+
#######
## system tarball
define build-systemtarball-target
@@ -1739,6 +1754,8 @@
vendorimage-nodeps vnod: | $(INTERNAL_USERIMAGES_DEPS) $(DEPMOD)
$(build-vendorimage-target)
+sync: $(INTERNAL_VENDORIMAGE_FILES)
+
else ifdef BOARD_PREBUILT_VENDORIMAGE
INSTALLED_VENDORIMAGE_TARGET := $(PRODUCT_OUT)/vendor.img
$(eval $(call copy-one-file,$(BOARD_PREBUILT_VENDORIMAGE),$(INSTALLED_VENDORIMAGE_TARGET)))
@@ -1750,12 +1767,12 @@
INSTALLED_DTBOIMAGE_TARGET := $(PRODUCT_OUT)/dtbo.img
ifeq ($(BOARD_AVB_ENABLE),true)
-$(INSTALLED_DTBOIMAGE_TARGET): $(BOARD_PREBUILT_DTBOIMAGE) $(AVBTOOL)
+$(INSTALLED_DTBOIMAGE_TARGET): $(BOARD_PREBUILT_DTBOIMAGE) $(AVBTOOL) $(BOARD_AVB_DTBO_KEY_PATH)
cp $(BOARD_PREBUILT_DTBOIMAGE) $@
$(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_DTBOIMG_PARTITION_SIZE) \
- --partition_name dtbo $(INTERNAL_AVB_SIGNING_ARGS) \
+ --partition_name dtbo $(INTERNAL_AVB_DTBO_SIGNING_ARGS) \
$(BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS)
else
$(INSTALLED_DTBOIMAGE_TARGET): $(BOARD_PREBUILT_DTBOIMAGE)
@@ -1764,42 +1781,109 @@
endif
+# Convert to lower case without requiring a shell, which isn't cacheable.
+to-lower = $(subst A,a,$(subst B,b,$(subst C,c,$(subst D,d,$(subst E,e,$(subst F,f,$(subst G,g,\
+$(subst H,h,$(subst I,i,$(subst J,j,$(subst K,k,$(subst L,l,$(subst M,m,$(subst N,n,$(subst O,o,\
+$(subst P,p,$(subst Q,q,$(subst R,r,$(subst S,s,$(subst T,t,$(subst U,u,$(subst V,v,$(subst W,w,\
+$(subst X,x,$(subst Y,y,$(subst Z,z,$1))))))))))))))))))))))))))
+
# -----------------------------------------------------------------
# vbmeta image
ifeq ($(BOARD_AVB_ENABLE),true)
BUILT_VBMETAIMAGE_TARGET := $(PRODUCT_OUT)/vbmeta.img
+AVB_CHAIN_KEY_DIR := $(TARGET_OUT_INTERMEDIATES)/avb_chain_keys
-INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS := \
- --include_descriptors_from_image $(INSTALLED_BOOTIMAGE_TARGET) \
- --include_descriptors_from_image $(INSTALLED_SYSTEMIMAGE) \
+ifdef BOARD_AVB_KEY_PATH
+$(if $(BOARD_AVB_ALGORITHM),,$(error BOARD_AVB_ALGORITHM is not defined))
+else
+# If key path isn't specified, use the 4096-bit test key.
+BOARD_AVB_ALGORITHM := SHA256_RSA4096
+BOARD_AVB_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
+endif
+
+INTERNAL_AVB_SIGNING_ARGS := \
+ --algorithm $(BOARD_AVB_ALGORITHM) --key $(BOARD_AVB_KEY_PATH)
+
+BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS
+DTBO_FOOTER_ARGS := BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS
+SYSTEM_FOOTER_ARGS := BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS
+VENDOR_FOOTER_ARGS := BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS
+
+# Check and set required build variables for a chain partition.
+# $(1): the partition to enable AVB chain, e.g., BOOT or SYSTEM.
+define check-and-set-avb-chain-args
+$(eval PART := $(1))
+$(eval part=$(call to-lower,$(PART)))
+
+$(eval _key_path := BOARD_AVB_$(PART)_KEY_PATH)
+$(eval _signing_algorithm := BOARD_AVB_$(PART)_ALGORITHM)
+$(eval _rollback_index := BOARD_AVB_$(PART)_ROLLBACK_INDEX)
+$(eval _rollback_index_location := BOARD_AVB_$(PART)_ROLLBACK_INDEX_LOCATION)
+$(if $($(_key_path)),,$(error $(_key_path) is not defined))
+$(if $($(_signing_algorithm)),,$(error $(_signing_algorithm) is not defined))
+$(if $($(_rollback_index)),,$(error $(_rollback_index) is not defined))
+$(if $($(_rollback_index_location)),,$(error $(_rollback_index_location) is not defined))
+
+# Set INTERNAL_AVB_(PART)_SIGNING_ARGS
+$(eval _signing_args := INTERNAL_AVB_$(PART)_SIGNING_ARGS)
+$(eval $(_signing_args) := \
+ --algorithm $($(_signing_algorithm)) --key $($(_key_path)))
+
+$(eval INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --chain_partition $(part):$($(_rollback_index_location)):$(AVB_CHAIN_KEY_DIR)/$(part).avbpubkey)
+
+# Set rollback_index via footer args
+$(eval _footer_args := $(PART)_FOOTER_ARGS)
+$(eval $($(_footer_args)) += --rollback_index $($(_rollback_index)))
+endef
+
+ifdef BOARD_AVB_BOOT_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,BOOT))
+else
+INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --include_descriptors_from_image $(INSTALLED_BOOTIMAGE_TARGET)
+endif
+
+ifdef BOARD_AVB_SYSTEM_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,SYSTEM))
+else
+INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --include_descriptors_from_image $(INSTALLED_SYSTEMIMAGE)
+endif
ifdef INSTALLED_VENDORIMAGE_TARGET
+ifdef BOARD_AVB_VENDOR_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,VENDOR))
+else
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
--include_descriptors_from_image $(INSTALLED_VENDORIMAGE_TARGET)
endif
+endif
ifdef INSTALLED_DTBOIMAGE_TARGET
+ifdef BOARD_AVB_DTBO_KEY_PATH
+$(eval $(call check-and-set-avb-chain-args,DTBO))
+else
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
--include_descriptors_from_image $(INSTALLED_DTBOIMAGE_TARGET)
endif
+endif
+INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --padding_size 4096
+
+# Add kernel cmdline descriptor for kernel to mount system.img as root with
+# dm-verity. This works when system.img is either chained or not-chained:
+# - chained: The --setup_as_rootfs_from_kernel option will add dm-verity kernel
+# cmdline descriptor to system.img
+# - not-chained: The --include_descriptors_from_image option for make_vbmeta_image
+# will include the kernel cmdline descriptor from system.img into vbmeta.img
ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
-INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --setup_rootfs_from_kernel $(BUILT_SYSTEMIMAGE)
+BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += --setup_as_rootfs_from_kernel
endif
ifdef BOARD_AVB_ROLLBACK_INDEX
-INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --rollback_index $(BOARD_AVB_ROLLBACK_INDEX)
-endif
-
-ifndef BOARD_AVB_KEY_PATH
-# If key path isn't specified, use the 4096-bit test key.
-INTERNAL_AVB_SIGNING_ARGS := \
- --algorithm SHA256_RSA4096 \
- --key external/avb/test/data/testkey_rsa4096.pem
-else
-INTERNAL_AVB_SIGNING_ARGS := \
- --algorithm $(BOARD_AVB_ALGORITHM) --key $(BOARD_AVB_KEY_PATH)
+BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --rollback_index $(BOARD_AVB_ROLLBACK_INDEX)
endif
ifndef BOARD_BOOTIMAGE_PARTITION_SIZE
@@ -1810,26 +1894,42 @@
$(error BOARD_SYSTEMIMAGE_PARTITION_SIZE must be set for BOARD_AVB_ENABLE)
endif
+# $(1): the directory to extract public keys to
+define extract-avb-chain-public-keys
+ $(if $(BOARD_AVB_BOOT_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_BOOT_KEY_PATH) \
+ --output $(1)/boot.avbpubkey)
+ $(if $(BOARD_AVB_SYSTEM_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_SYSTEM_KEY_PATH) \
+ --output $(1)/system.avbpubkey)
+ $(if $(BOARD_AVB_VENDOR_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_VENDOR_KEY_PATH) \
+ --output $(1)/vendor.avbpubkey)
+ $(if $(BOARD_AVB_DTBO_KEY_PATH),\
+ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_DTBO_KEY_PATH) \
+ --output $(1)/dtbo.avbpubkey)
+endef
+
define build-vbmetaimage-target
$(call pretty,"Target vbmeta image: $(INSTALLED_VBMETAIMAGE_TARGET)")
+ $(hide) mkdir -p $(AVB_CHAIN_KEY_DIR)
+ $(call extract-avb-chain-public-keys, $(AVB_CHAIN_KEY_DIR))
$(hide) $(AVBTOOL) make_vbmeta_image \
$(INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS) \
$(INTERNAL_AVB_SIGNING_ARGS) \
$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS) \
--output $@
+ $(hide) rm -rf $(AVB_CHAIN_KEY_DIR)
endef
INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_VBMETAIMAGE_TARGET)
-$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE) $(INSTALLED_VENDORIMAGE_TARGET) $(INSTALLED_DTBOIMAGE_TARGET)
+$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE) $(INSTALLED_VENDORIMAGE_TARGET) $(INSTALLED_DTBOIMAGE_TARGET) $(BOARD_AVB_KEY_PATH)
$(build-vbmetaimage-target)
.PHONY: vbmetaimage-nodeps
vbmetaimage-nodeps:
$(build-vbmetaimage-target)
-# We need $(AVBTOOL) for system.img generation.
-FULL_SYSTEMIMAGE_DEPS += $(AVBTOOL)
-
endif # BOARD_AVB_ENABLE
# -----------------------------------------------------------------
@@ -2232,11 +2332,17 @@
$(hide) echo "full_recovery_image=true" >> $(zip_root)/META/misc_info.txt
endif
ifeq ($(BOARD_AVB_ENABLE),true)
- $(hide) echo "board_avb_enable=true" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_rollback_index=$(BOARD_AVB_ROLLBACK_INDEX)" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_boot_add_hash_footer_args=$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_make_vbmeta_image_args=$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS)" >> $(zip_root)/META/misc_info.txt
-endif
+ $(hide) echo "avb_enable=true" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_vbmeta_key_path=$(BOARD_AVB_KEY_PATH)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_vbmeta_algorithm=$(BOARD_AVB_ALGORITHM)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_vbmeta_args=$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_boot_add_hash_footer_args=$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt
+ifdef BOARD_AVB_BOOT_KEY_PATH
+ $(hide) echo "avb_boot_key_path=$(BOARD_AVB_BOOT_KEY_PATH)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_boot_algorithm=$(BOARD_AVB_BOOT_ALGORITHM)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_boot_rollback_index_location=$(BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION)" >> $(zip_root)/META/misc_info.txt
+endif # BOARD_AVB_BOOT_KEY_PATH
+endif # BOARD_AVB_ENABLE
ifdef BOARD_BPT_INPUT_FILES
$(hide) echo "board_bpt_enable=true" >> $(zip_root)/META/misc_info.txt
$(hide) echo "board_bpt_make_table_args=$(BOARD_BPT_MAKE_TABLE_ARGS)" >> $(zip_root)/META/misc_info.txt
@@ -2294,10 +2400,15 @@
$(hide) echo "has_dtbo=true" >> $(zip_root)/META/misc_info.txt
ifeq ($(BOARD_AVB_ENABLE),true)
$(hide) echo "dtbo_size=$(BOARD_DTBOIMG_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
- $(hide) echo "board_avb_dtbo_add_hash_footer_args=$(BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS)" \
+ $(hide) echo "avb_dtbo_add_hash_footer_args=$(BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt
+ifdef BOARD_AVB_DTBO_KEY_PATH
+ $(hide) echo "avb_dtbo_key_path=$(BOARD_AVB_DTBO_KEY_PATH)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_dtbo_algorithm=$(BOARD_AVB_DTBO_ALGORITHM)" >> $(zip_root)/META/misc_info.txt
+ $(hide) echo "avb_dtbo_rollback_index_location=$(BOARD_AVB_DTBO_ROLLBACK_INDEX_LOCATION)" \
>> $(zip_root)/META/misc_info.txt
-endif
-endif
+endif # BOARD_AVB_DTBO_KEY_PATH
+endif # BOARD_AVB_ENABLE
+endif # BOARD_PREBUILT_DTBOIMAGE
@# Run fs_config on all the system, vendor, boot ramdisk,
@# and recovery ramdisk files in the zip, and save the output
$(hide) $(call fs_config,$(zip_root)/SYSTEM,system/) > $(zip_root)/META/filesystem_config.txt
diff --git a/core/aapt2.mk b/core/aapt2.mk
index ccc4535..e34b09b 100644
--- a/core/aapt2.mk
+++ b/core/aapt2.mk
@@ -33,7 +33,7 @@
ifneq ($(my_generated_res_dirs),)
my_generated_resources_flata := $(my_compiled_res_base_dir)/gen_res.flata
$(my_generated_resources_flata): PRIVATE_SOURCE_RES_DIRS := $(my_generated_res_dirs)
-$(my_generated_resources_flata) : $(my_generated_res_dirs_deps)
+$(my_generated_resources_flata) : $(my_generated_res_dirs_deps) $(AAPT2)
@echo "AAPT2 compile $@ <- $(PRIVATE_SOURCE_RES_DIRS)"
$(call aapt2-compile-resource-dirs)
diff --git a/core/config.mk b/core/config.mk
index f5e0aa6..5895128 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -308,6 +308,7 @@
export CC_WRAPPER
export CXX_WRAPPER
+export JAVAC_WRAPPER
endif
ifdef TARGET_PREFER_32_BIT
@@ -476,6 +477,23 @@
BUILD_PLATFORM_ZIP := $(filter platform platform-java,$(MAKECMDGOALS))
+# ---------------------------------------------------------------
+# Whether we can expect a full build graph
+ALLOW_MISSING_DEPENDENCIES := $(filter true,$(ALLOW_MISSING_DEPENDENCIES))
+ifneq ($(TARGET_BUILD_APPS),)
+ALLOW_MISSING_DEPENDENCIES := true
+endif
+ifeq ($(TARGET_BUILD_PDK),true)
+ALLOW_MISSING_DEPENDENCIES := true
+endif
+ifneq ($(filter true,$(SOONG_ALLOW_MISSING_DEPENDENCIES)),)
+ALLOW_MISSING_DEPENDENCIES := true
+endif
+ifneq ($(ONE_SHOT_MAKEFILE),)
+ALLOW_MISSING_DEPENDENCIES := true
+endif
+.KATI_READONLY := ALLOW_MISSING_DEPENDENCIES
+
#
# Tools that are prebuilts for TARGET_BUILD_APPS
#
diff --git a/core/dex_preopt.mk b/core/dex_preopt.mk
index f940c72..0606c83 100644
--- a/core/dex_preopt.mk
+++ b/core/dex_preopt.mk
@@ -24,7 +24,7 @@
SYSTEM_OTHER_ODEX_FILTER ?= app/% priv-app/%
# Method returning whether the install path $(1) should be for system_other.
-install-on-system-other = $(filter-out $(PRODUCT_SYSTEM_SERVER_APPS),$(basename $(notdir $(filter $(foreach f,$(SYSTEM_OTHER_ODEX_FILTER),$(TARGET_OUT)/$(f)),$(1)))))
+install-on-system-other = $(filter-out $(PRODUCT_DEXPREOPT_SPEED_APPS) $(PRODUCT_SYSTEM_SERVER_APPS),$(basename $(notdir $(filter $(foreach f,$(SYSTEM_OTHER_ODEX_FILTER),$(TARGET_OUT)/$(f)),$(1)))))
# The default values for pre-opting: always preopt PIC.
# Conditional to building on linux, as dex2oat currently does not work on darwin.
diff --git a/core/dex_preopt_odex_install.mk b/core/dex_preopt_odex_install.mk
index a3fb410..b9c0fc6 100644
--- a/core/dex_preopt_odex_install.mk
+++ b/core/dex_preopt_odex_install.mk
@@ -152,8 +152,8 @@
endif
endif
-ifneq (,$(filter $(PRODUCT_SYSTEM_SERVER_JARS) $(PRODUCT_SYSTEM_SERVER_APPS),$(LOCAL_MODULE)))
- # Jars of system server, and apps loaded into system server should be
+ifneq (,$(filter $(PRODUCT_SYSTEM_SERVER_JARS) $(PRODUCT_DEXPREOPT_SPEED_APPS) $(PRODUCT_SYSTEM_SERVER_APPS),$(LOCAL_MODULE)))
+ # Jars of system server, apps loaded into system server, and apps the product wants to be
# compiled with the 'speed' compiler filter.
LOCAL_DEX_PREOPT_FLAGS += --compiler-filter=speed
else
diff --git a/core/droiddoc.mk b/core/droiddoc.mk
index 7e17a13..eb12630 100644
--- a/core/droiddoc.mk
+++ b/core/droiddoc.mk
@@ -130,7 +130,13 @@
##
droiddoc_templates := \
- $(sort $(shell find $(LOCAL_DROIDDOC_CUSTOM_TEMPLATE_DIR) -type f))
+ $(sort $(shell find $(LOCAL_DROIDDOC_CUSTOM_TEMPLATE_DIR) -type f $(if $(ALLOW_MISSING_DEPENDENCIES),2>/dev/null)))
+
+ifdef ALLOW_MISSING_DEPENDENCIES
+ ifndef droiddoc_templates
+ droiddoc_templates := $(LOCAL_DROIDDOC_CUSTOM_TEMPLATE_DIR)
+ endif
+endif
droiddoc := \
$(HOST_JDK_TOOLS_JAR) \
diff --git a/core/envsetup.mk b/core/envsetup.mk
index 08b2321..27cfd7f 100644
--- a/core/envsetup.mk
+++ b/core/envsetup.mk
@@ -79,23 +79,6 @@
CORRECT_BUILD_ENV_SEQUENCE_NUMBER := 13
# ---------------------------------------------------------------
-# Whether we can expect a full build graph
-ALLOW_MISSING_DEPENDENCIES := $(filter true,$(ALLOW_MISSING_DEPENDENCIES))
-ifneq ($(TARGET_BUILD_APPS),)
-ALLOW_MISSING_DEPENDENCIES := true
-endif
-ifeq ($(TARGET_BUILD_PDK),true)
-ALLOW_MISSING_DEPENDENCIES := true
-endif
-ifneq ($(filter true,$(SOONG_ALLOW_MISSING_DEPENDENCIES)),)
-ALLOW_MISSING_DEPENDENCIES := true
-endif
-ifneq ($(ONE_SHOT_MAKEFILE),)
-ALLOW_MISSING_DEPENDENCIES := true
-endif
-.KATI_READONLY := ALLOW_MISSING_DEPENDENCIES
-
-# ---------------------------------------------------------------
# The product defaults to generic on hardware
# NOTE: This will be overridden in product_config.mk if make
# was invoked with a PRODUCT-xxx-yyy goal.
@@ -207,6 +190,13 @@
TARGET_COPY_OUT_VENDOR := $(_vendor_path_placeholder)
###########################################
+#################################################################
+# Set up minimal BOOTCLASSPATH list of jars to build/execute
+# java code with dalvikvm/art.
+TARGET_CORE_JARS := core-oj core-libart conscrypt okhttp bouncycastle apache-xml
+HOST_CORE_JARS := $(addsuffix -hostdex,$(TARGET_CORE_JARS))
+#################################################################
+
# Read the product specs so we can get TARGET_DEVICE and other
# variables that we need in order to locate the output files.
include $(BUILD_SYSTEM)/product_config.mk
diff --git a/core/goma.mk b/core/goma.mk
index 4e8318a..2fb37a7 100644
--- a/core/goma.mk
+++ b/core/goma.mk
@@ -45,6 +45,7 @@
# use both ccache and gomacc.
CC_WRAPPER := $(strip $(CC_WRAPPER) $(GOMA_CC))
CXX_WRAPPER := $(strip $(CXX_WRAPPER) $(GOMA_CC))
+ JAVAC_WRAPPER := $(strip $(JAVAC_WRAPPER) $(GOMA_CC))
# gomacc can start goma client's daemon process automatically, but
# it is safer and faster to start up it beforehand. We run this as a
diff --git a/core/java.mk b/core/java.mk
index 4cb8114..8dc4b22 100644
--- a/core/java.mk
+++ b/core/java.mk
@@ -642,7 +642,7 @@
ifndef LOCAL_JACK_ENABLED
ifdef LOCAL_SDK_VERSION
ifeq (,$(filter-out current system_current test_current, $(LOCAL_SDK_VERSION)))
-proguard_injar_filters := (!junit/framework/**,!junit/runner/**,!android/test/**,!com/android/internal/util/*)
+proguard_injar_filters := (!junit/framework/**,!junit/runner/**,!junit/textui/**,!android/test/**,!com/android/internal/util/*)
endif
endif
endif
diff --git a/core/local_vndk.mk b/core/local_vndk.mk
index 5ac5f26..640aac7 100644
--- a/core/local_vndk.mk
+++ b/core/local_vndk.mk
@@ -3,7 +3,7 @@
#If LOCAL_SDK_VERSION is set, thats a more restrictive set, so they dont need LOCAL_USE_VNDK
ifndef LOCAL_IS_HOST_MODULE
ifndef LOCAL_SDK_VERSION
- ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_OEM_MODULE)))
+ ifneq (,$(filter true,$(LOCAL_VENDOR_MODULE) $(LOCAL_ODM_MODULE) $(LOCAL_OEM_MODULE) $(LOCAL_PROPRIETARY_MODULE)))
LOCAL_USE_VNDK:=true
else
ifneq (,$(filter $(TARGET_OUT_VENDOR)%,$(LOCAL_MODULE_PATH) $(LOCAL_MODULE_PATH_32) $(LOCAL_MODULE_PATH_64)))
diff --git a/core/prebuilt_internal.mk b/core/prebuilt_internal.mk
index d2b88fa..9f4c903 100644
--- a/core/prebuilt_internal.mk
+++ b/core/prebuilt_internal.mk
@@ -500,7 +500,7 @@
my_src_jar := $(intermediates.COMMON)/aar/classes.jar
$(my_src_jar) : $(my_src_aar)
- $(hide) rm -rf $(dir $@) && mkdir -p $(dir $@)
+ $(hide) rm -rf $(dir $@) && mkdir -p $(dir $@) $(dir $@)/res
$(hide) unzip -qo -d $(dir $@) $<
# Make sure the extracted classes.jar has a new timestamp.
$(hide) touch $@
@@ -520,12 +520,34 @@
ifdef LOCAL_USE_AAPT2
ifneq ($(my_src_aar),)
+LOCAL_SDK_RES_VERSION:=$(strip $(LOCAL_SDK_RES_VERSION))
+ifeq ($(LOCAL_SDK_RES_VERSION),)
+ LOCAL_SDK_RES_VERSION:=$(LOCAL_SDK_VERSION)
+endif
+
+framework_res_package_export :=
+framework_res_package_export_deps :=
+# Please refer to package.mk
+ifneq ($(LOCAL_NO_STANDARD_LIBRARIES),true)
+ifneq ($(filter-out current system_current test_current,$(LOCAL_SDK_RES_VERSION))$(if $(TARGET_BUILD_APPS),$(filter current system_current test_current,$(LOCAL_SDK_RES_VERSION))),)
+framework_res_package_export := \
+ $(HISTORICAL_SDK_VERSIONS_ROOT)/$(LOCAL_SDK_RES_VERSION)/android.jar
+framework_res_package_export_deps := $(framework_res_package_export)
+else
+framework_res_package_export := \
+ $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk
+framework_res_package_export_deps := \
+ $(dir $(framework_res_package_export))src/R.stamp
+endif
+endif
+
my_res_package := $(intermediates.COMMON)/package-res.apk
# We needed only very few PRIVATE variables and aapt2.mk input variables. Reset the unnecessary ones.
$(my_res_package): PRIVATE_AAPT2_CFLAGS :=
+$(my_res_package): PRIVATE_AAPT_FLAGS := --static-lib --no-static-lib-packages
$(my_res_package): PRIVATE_ANDROID_MANIFEST := $(intermediates.COMMON)/aar/AndroidManifest.xml
-$(my_res_package): PRIVATE_AAPT_INCLUDES :=
+$(my_res_package): PRIVATE_AAPT_INCLUDES := $(framework_res_package_export)
$(my_res_package): PRIVATE_SOURCE_INTERMEDIATES_DIR :=
$(my_res_package): PRIVATE_PROGUARD_OPTIONS_FILE :=
$(my_res_package): PRIVATE_DEFAULT_APP_TARGET_SDK :=
@@ -533,11 +555,12 @@
$(my_res_package): PRIVATE_PRODUCT_AAPT_CONFIG :=
$(my_res_package): PRIVATE_PRODUCT_AAPT_PREF_CONFIG :=
$(my_res_package): PRIVATE_TARGET_AAPT_CHARACTERISTICS :=
+$(my_res_package) : $(framework_res_package_export_deps)
full_android_manifest :=
my_res_resources :=
my_overlay_resources :=
-my_compiled_res_base_dir :=
+my_compiled_res_base_dir := $(intermediates.COMMON)/flat-res
R_file_stamp :=
proguard_options_file :=
my_generated_res_dirs := $(intermediates.COMMON)/aar/res
diff --git a/core/product.mk b/core/product.mk
index 7742cc3..34cd21c 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -114,6 +114,7 @@
PRODUCT_SYSTEM_PROPERTY_BLACKLIST \
PRODUCT_SYSTEM_SERVER_APPS \
PRODUCT_SYSTEM_SERVER_JARS \
+ PRODUCT_DEXPREOPT_SPEED_APPS \
PRODUCT_VBOOT_SIGNING_KEY \
PRODUCT_VBOOT_SIGNING_SUBKEY \
PRODUCT_VERITY_SIGNING_KEY \
diff --git a/core/product_config.mk b/core/product_config.mk
index 3623aa6..2b2d7b3 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -258,6 +258,7 @@
PRODUCT_BOOT_JARS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_BOOT_JARS))
PRODUCT_SYSTEM_SERVER_JARS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_SERVER_JARS))
PRODUCT_SYSTEM_SERVER_APPS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_SERVER_APPS))
+PRODUCT_DEXPREOPT_SPEED_APPS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEXPREOPT_SPEED_APPS))
# Find the device that this product maps to.
TARGET_DEVICE := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEVICE)
diff --git a/core/tasks/tools/build_custom_image.mk b/core/tasks/tools/build_custom_image.mk
index 8c098d6..702d8b3 100644
--- a/core/tasks/tools/build_custom_image.mk
+++ b/core/tasks/tools/build_custom_image.mk
@@ -144,3 +144,9 @@
# Archive the built image.
$(call dist-for-goals, $(my_custom_image_name) custom_images,$(my_installed_custom_image))
+
+my_staging_dir :=
+my_built_modules :=
+my_copy_dest :=
+my_copy_pairs :=
+my_pickup_files :=
diff --git a/core/tasks/tools/package-modules.mk b/core/tasks/tools/package-modules.mk
index 63fab63..629a9b2 100644
--- a/core/tasks/tools/package-modules.mk
+++ b/core/tasks/tools/package-modules.mk
@@ -4,6 +4,7 @@
# Input variables:
# my_modules: a list of module names
# my_package_name: the name of the output zip file.
+# my_copy_pairs: a list of extra files to install (in src:dest format)
# Output variables:
# my_package_zip: the path to the output zip file.
#
@@ -11,8 +12,8 @@
my_makefile := $(lastword $(filter-out $(lastword $(MAKEFILE_LIST)),$(MAKEFILE_LIST)))
my_staging_dir := $(call intermediates-dir-for,PACKAGING,$(my_package_name))
-my_built_modules :=
-my_copy_pairs :=
+my_built_modules := $(foreach p,$(my_copy_pairs),$(call word-colon,1,$(p)))
+my_copy_pairs := $(foreach p,$(my_copy_pairs),$(call word-colon,1,$(p)):$(my_staging_dir)/$(call word-colon,2,$(p)))
my_pickup_files :=
# Iterate over the modules and include their direct dependencies stated in the
@@ -67,3 +68,12 @@
$(hide) $(foreach f, $(PRIVATE_PICKUP_FILES),\
cp -RfL $(f) $(dir $@) && ) true
$(hide) cd $(dir $@) && zip -rqX $(notdir $@) *
+
+my_makefile :=
+my_staging_dir :=
+my_built_modules :=
+my_copy_dest :=
+my_copy_pairs :=
+my_pickup_files :=
+my_missing_files :=
+my_modules_and_deps :=
diff --git a/target/product/base.mk b/target/product/base.mk
index a671203..89027bf 100644
--- a/target/product/base.mk
+++ b/target/product/base.mk
@@ -23,6 +23,7 @@
appops \
am \
android.policy \
+ android.test.mock \
android.test.runner \
app_process \
applypatch \
diff --git a/target/product/core.mk b/target/product/core.mk
index 72a7e8d..5a0195e 100644
--- a/target/product/core.mk
+++ b/target/product/core.mk
@@ -68,4 +68,7 @@
KeyChain \
Telecom \
+# The set of packages we want to force 'speed' compilation on.
+PRODUCT_DEXPREOPT_SPEED_APPS += \
+
$(call inherit-product, $(SRC_TARGET_DIR)/product/core_base.mk)
diff --git a/target/product/core_minimal.mk b/target/product/core_minimal.mk
index 1cde844..5140237 100644
--- a/target/product/core_minimal.mk
+++ b/target/product/core_minimal.mk
@@ -88,20 +88,19 @@
PRODUCT_COPY_FILES += \
frameworks/native/data/etc/android.software.webview.xml:system/etc/permissions/android.software.webview.xml
+ifeq ($(TARGET_CORE_JARS),)
+$(error TARGET_CORE_JARS is empty; cannot initialize PRODUCT_BOOT_JARS variable)
+endif
+
# The order of PRODUCT_BOOT_JARS matters.
PRODUCT_BOOT_JARS := \
- core-oj \
- core-libart \
- conscrypt \
- okhttp \
+ $(TARGET_CORE_JARS) \
legacy-test \
- bouncycastle \
ext \
framework \
telephony-common \
voip-common \
ims-common \
- apache-xml \
org.apache.http.legacy.boot
# The order of PRODUCT_SYSTEM_SERVER_JARS matters.
diff --git a/target/product/core_tiny.mk b/target/product/core_tiny.mk
index 2fb450d..9a7fe8e 100644
--- a/target/product/core_tiny.mk
+++ b/target/product/core_tiny.mk
@@ -83,20 +83,19 @@
logd \
wifi-service
+ifeq ($(TARGET_CORE_JARS),)
+$(error TARGET_CORE_JARS is empty; cannot initialize PRODUCT_BOOT_JARS variable)
+endif
+
# The order matters
PRODUCT_BOOT_JARS := \
- core-oj \
- core-libart \
- conscrypt \
- okhttp \
+ $(TARGET_CORE_JARS) \
legacy-test \
- bouncycastle \
ext \
framework \
telephony-common \
voip-common \
ims-common \
- apache-xml \
nullwebview \
org.apache.http.legacy.boot
@@ -112,6 +111,9 @@
SettingsProvider \
WallpaperBackup \
+# The set of packages we want to force 'speed' compilation on.
+PRODUCT_DEXPREOPT_SPEED_APPS := \
+
PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
ro.zygote=zygote32
PRODUCT_COPY_FILES += \
diff --git a/target/product/runtime_libart.mk b/target/product/runtime_libart.mk
index a8e0dfa..b120298 100644
--- a/target/product/runtime_libart.mk
+++ b/target/product/runtime_libart.mk
@@ -16,15 +16,14 @@
# Provides a functioning ART environment without Android frameworks
+ifeq ($(TARGET_CORE_JARS),)
+$(error TARGET_CORE_JARS is empty; cannot update PRODUCT_PACKAGES variable)
+endif
+
# Minimal boot classpath. This should be a subset of PRODUCT_BOOT_JARS, and equivalent to
# TARGET_CORE_JARS.
PRODUCT_PACKAGES += \
- apache-xml \
- bouncycastle \
- core-oj \
- core-libart \
- conscrypt \
- okhttp \
+ $(TARGET_CORE_JARS)
# Additional mixins to the boot classpath.
PRODUCT_PACKAGES += \
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 1d8090a..ff7109a 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -69,7 +69,7 @@
OPTIONS.add_missing = False
OPTIONS.rebuild_recovery = False
-OPTIONS.replace_recovery_patch_files_list = []
+OPTIONS.replace_updated_files_list = []
OPTIONS.replace_verity_public_key = False
OPTIONS.replace_verity_private_key = False
OPTIONS.is_signing = False
@@ -99,8 +99,7 @@
assert which in ("system", "vendor")
simg = sparse_img.SparseImage(imgname)
- care_map_list = []
- care_map_list.append(which)
+ care_map_list = [which]
care_map_ranges = simg.care_map
key = which + "_adjusted_partition_size"
@@ -130,7 +129,7 @@
arc_name = "SYSTEM/" + fn
if arc_name in output_zip.namelist():
- OPTIONS.replace_recovery_patch_files_list.append(arc_name)
+ OPTIONS.replace_updated_files_list.append(arc_name)
else:
common.ZipWrite(output_zip, ofile.name, arc_name)
@@ -192,14 +191,14 @@
shutil.copy(dtbo_prebuilt_path, img.name)
# AVB-sign the image as needed.
- if OPTIONS.info_dict.get("board_avb_enable") == "true":
+ if OPTIONS.info_dict.get("avb_enable") == "true":
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
part_size = OPTIONS.info_dict["dtbo_size"]
# The AVB hash footer will be replaced if already present.
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "dtbo"]
- cmd.extend(shlex.split(OPTIONS.info_dict["avb_signing_args"]))
- args = OPTIONS.info_dict.get("board_avb_dtbo_add_hash_footer_args")
+ common.AppendAVBSigningArgs(cmd, "dtbo")
+ args = OPTIONS.info_dict.get("avb_dtbo_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = common.Run(cmd, stdout=subprocess.PIPE)
@@ -271,7 +270,7 @@
# by the avb tool.
is_verity_partition = "verity_block_device" in image_props
verity_supported = (image_props.get("verity") == "true" or
- image_props.get("board_avb_enable") == "true")
+ image_props.get("avb_enable") == "true")
is_avb_enable = image_props.get("avb_hashtree_enable") == "true"
if verity_supported and (is_verity_partition or is_avb_enable):
adjusted_blocks_value = image_props.get("partition_size")
@@ -334,25 +333,51 @@
img.Write()
+def AppendVBMetaArgsForPartition(cmd, partition, img_path, public_key_dir):
+ if not img_path:
+ return
+
+ # Check if chain partition is used.
+ key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path")
+ if key_path:
+ # extract public key in AVB format to be included in vbmeta.img
+ avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
+ public_key_path = os.path.join(public_key_dir, "%s.avbpubkey" % partition)
+ p = common.Run([avbtool, "extract_public_key", "--key", key_path,
+ "--output", public_key_path],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ p.communicate()
+ assert p.returncode == 0, \
+ "avbtool extract_public_key fail for partition: %r" % partition
+
+ rollback_index_location = OPTIONS.info_dict[
+ "avb_" + partition + "_rollback_index_location"]
+ cmd.extend(["--chain_partition", "%s:%s:%s" % (
+ partition, rollback_index_location, public_key_path)])
+ else:
+ cmd.extend(["--include_descriptors_from_image", img_path])
+
+
def AddVBMeta(output_zip, boot_img_path, system_img_path, vendor_img_path,
dtbo_img_path, prefix="IMAGES/"):
"""Create a VBMeta image and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
- cmd = [avbtool, "make_vbmeta_image",
- "--output", img.name,
- "--include_descriptors_from_image", boot_img_path,
- "--include_descriptors_from_image", system_img_path]
- if vendor_img_path is not None:
- cmd.extend(["--include_descriptors_from_image", vendor_img_path])
- if dtbo_img_path is not None:
- cmd.extend(["--include_descriptors_from_image", dtbo_img_path])
- if OPTIONS.info_dict.get("system_root_image") == "true":
- cmd.extend(["--setup_rootfs_from_kernel", system_img_path])
- cmd.extend(shlex.split(OPTIONS.info_dict["avb_signing_args"]))
- args = OPTIONS.info_dict.get("board_avb_make_vbmeta_image_args")
+ cmd = [avbtool, "make_vbmeta_image", "--output", img.name]
+ common.AppendAVBSigningArgs(cmd, "vbmeta")
+
+ public_key_dir = tempfile.mkdtemp(prefix="avbpubkey-")
+ OPTIONS.tempfiles.append(public_key_dir)
+
+ AppendVBMetaArgsForPartition(cmd, "boot", boot_img_path, public_key_dir)
+ AppendVBMetaArgsForPartition(cmd, "system", system_img_path, public_key_dir)
+ AppendVBMetaArgsForPartition(cmd, "vendor", vendor_img_path, public_key_dir)
+ AppendVBMetaArgsForPartition(cmd, "dtbo", dtbo_img_path, public_key_dir)
+
+ args = OPTIONS.info_dict.get("avb_vbmeta_args")
if args and args.strip():
cmd.extend(shlex.split(args))
+
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
@@ -427,17 +452,21 @@
img.Write()
-def ReplaceRecoveryPatchFiles(zip_filename):
- """Update the related files under SYSTEM/ after rebuilding recovery."""
+def ReplaceUpdatedFiles(zip_filename, files_list):
+ """Update all the zip entries listed in the files_list.
- cmd = ["zip", "-d", zip_filename] + OPTIONS.replace_recovery_patch_files_list
+ For now the list includes META/care_map.txt, and the related files under
+ SYSTEM/ after rebuilding recovery.
+ """
+
+ cmd = ["zip", "-d", zip_filename] + files_list
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
p.communicate()
output_zip = zipfile.ZipFile(zip_filename, "a",
compression=zipfile.ZIP_DEFLATED,
allowZip64=True)
- for item in OPTIONS.replace_recovery_patch_files_list:
+ for item in files_list:
file_path = os.path.join(OPTIONS.input_tmp, item)
assert os.path.exists(file_path)
common.ZipWrite(output_zip, file_path, arcname=item)
@@ -553,7 +582,7 @@
banner("dtbo")
dtbo_img_path = AddDtbo(output_zip)
- if OPTIONS.info_dict.get("board_avb_enable") == "true":
+ if OPTIONS.info_dict.get("avb_enable") == "true":
banner("vbmeta")
boot_contents = boot_image.WriteToTemp()
AddVBMeta(output_zip, boot_contents.name, system_img_path,
@@ -616,17 +645,20 @@
assert os.path.exists(img_path), "cannot find " + img_name
if care_map_list:
- file_path = "META/care_map.txt"
- if output_zip:
- common.ZipWriteStr(output_zip, file_path, '\n'.join(care_map_list))
+ care_map_path = "META/care_map.txt"
+ if output_zip and care_map_path not in output_zip.namelist():
+ common.ZipWriteStr(output_zip, care_map_path, '\n'.join(care_map_list))
else:
- with open(os.path.join(OPTIONS.input_tmp, file_path), 'w') as fp:
+ with open(os.path.join(OPTIONS.input_tmp, care_map_path), 'w') as fp:
fp.write('\n'.join(care_map_list))
+ if output_zip:
+ OPTIONS.replace_updated_files_list.append(care_map_path)
if output_zip:
common.ZipClose(output_zip)
- if OPTIONS.replace_recovery_patch_files_list:
- ReplaceRecoveryPatchFiles(output_zip.filename)
+ if OPTIONS.replace_updated_files_list:
+ ReplaceUpdatedFiles(output_zip.filename,
+ OPTIONS.replace_updated_files_list)
def main(argv):
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index de75a6b..6de9763 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -109,18 +109,19 @@
Returns:
The maximum image size or 0 if an error occurred.
"""
- cmdline = "%s add_%s_footer " % (avbtool, footer_type)
- cmdline += "--partition_size %d " % partition_size
- cmdline += "--calc_max_image_size "
- cmdline += additional_args
- (output, exit_code) = RunCommand(shlex.split(cmdline))
+ cmd =[avbtool, "add_%s_footer" % footer_type,
+ "--partition_size", partition_size, "--calc_max_image_size"]
+ cmd.extend(shlex.split(additional_args))
+
+ (output, exit_code) = RunCommand(cmd)
if exit_code != 0:
return 0
else:
return int(output)
def AVBAddFooter(image_path, avbtool, footer_type, partition_size,
- partition_name, signing_args, additional_args):
+ partition_name, key_path, algorithm,
+ additional_args):
"""Adds dm-verity hashtree and AVB metadata to an image.
Args:
@@ -129,19 +130,24 @@
footer_type: 'hash' or 'hashtree' for generating footer.
partition_size: The size of the partition in question.
partition_name: The name of the partition - will be embedded in metadata.
- signing_args: Arguments for signing the image.
+ key_path: Path to key to use or None.
+ algorithm: Name of algorithm to use or None.
additional_args: Additional arguments to pass to 'avbtool
add_hashtree_image'.
Returns:
True if the operation succeeded.
"""
- cmdline = "%s add_%s_footer " % (avbtool, footer_type)
- cmdline += "--partition_size %d " % partition_size
- cmdline += "--partition_name %s " % partition_name
- cmdline += "--image %s " % image_path
- cmdline += signing_args + " "
- cmdline += additional_args
- (_, exit_code) = RunCommand(shlex.split(cmdline))
+ cmd =[avbtool, "add_%s_footer" % footer_type,
+ "--partition_size", partition_size,
+ "--partition_name", partition_name,
+ "--image", image_path]
+
+ if key_path and algorithm:
+ cmd.extend(["--key", key_path, "--algorithm", algorithm])
+
+ cmd.extend(shlex.split(additional_args))
+
+ (_, exit_code) = RunCommand(cmd)
return exit_code == 0
def AdjustPartitionSizeForVerity(partition_size, fec_supported):
@@ -420,8 +426,8 @@
avb_footer_type = 'hashtree'
if avb_footer_type:
- avbtool = prop_dict.get("avb_avbtool")
- partition_size = int(prop_dict.get("partition_size"))
+ avbtool = prop_dict["avb_avbtool"]
+ partition_size = prop_dict["partition_size"]
# avb_add_hash_footer_args or avb_add_hashtree_footer_args.
additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"]
max_image_size = AVBCalcMaxImageSize(avbtool, avb_footer_type, partition_size,
@@ -429,7 +435,7 @@
if max_image_size == 0:
return False
prop_dict["partition_size"] = str(max_image_size)
- prop_dict["original_partition_size"] = str(partition_size)
+ prop_dict["original_partition_size"] = partition_size
if fs_type.startswith("ext"):
build_command = [prop_dict["ext_mkuserimg"]]
@@ -572,14 +578,16 @@
# Add AVB HASH or HASHTREE footer (metadata).
if avb_footer_type:
- avbtool = prop_dict.get("avb_avbtool")
- original_partition_size = int(prop_dict.get("original_partition_size"))
+ avbtool = prop_dict["avb_avbtool"]
+ original_partition_size = prop_dict["original_partition_size"]
partition_name = prop_dict["partition_name"]
- signing_args = prop_dict["avb_signing_args"]
+ # key_path and algorithm are only available when chain partition is used.
+ key_path = prop_dict.get("avb_key_path")
+ algorithm = prop_dict.get("avb_algorithm")
# avb_add_hash_footer_args or avb_add_hashtree_footer_args
additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"]
if not AVBAddFooter(out_file, avbtool, avb_footer_type, original_partition_size,
- partition_name, signing_args, additional_args):
+ partition_name, key_path, algorithm, additional_args):
return False
if run_fsck and prop_dict.get("skip_fsck") != "true":
@@ -624,8 +632,7 @@
"verity_key",
"verity_signer_cmd",
"verity_fec",
- "board_avb_enable",
- "avb_signing_args",
+ "avb_enable",
"avb_avbtool"
)
for p in common_props:
@@ -633,6 +640,11 @@
d["mount_point"] = mount_point
if mount_point == "system":
+ copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")
+ copy_prop("avb_system_add_hashtree_footer_args",
+ "avb_add_hashtree_footer_args")
+ copy_prop("avb_system_key_path", "avb_key_path")
+ copy_prop("avb_system_algorithm", "avb_algorithm")
copy_prop("fs_type", "fs_type")
# Copy the generic system fs type first, override with specific one if
# available.
@@ -650,13 +662,15 @@
copy_prop("system_squashfs_block_size", "squashfs_block_size")
copy_prop("system_squashfs_disable_4k_align", "squashfs_disable_4k_align")
copy_prop("system_base_fs_file", "base_fs_file")
- copy_prop("system_avb_hashtree_enable", "avb_hashtree_enable")
- copy_prop("system_avb_add_hashtree_footer_args",
- "avb_add_hashtree_footer_args")
copy_prop("system_extfs_inode_count", "extfs_inode_count")
elif mount_point == "system_other":
# We inherit the selinux policies of /system since we contain some of its files.
d["mount_point"] = "system"
+ copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable")
+ copy_prop("avb_system_add_hashtree_footer_args",
+ "avb_add_hashtree_footer_args")
+ copy_prop("avb_system_key_path", "avb_key_path")
+ copy_prop("avb_system_algorithm", "avb_algorithm")
copy_prop("fs_type", "fs_type")
copy_prop("system_fs_type", "fs_type")
copy_prop("system_size", "partition_size")
@@ -667,9 +681,6 @@
copy_prop("system_squashfs_compressor_opt", "squashfs_compressor_opt")
copy_prop("system_squashfs_block_size", "squashfs_block_size")
copy_prop("system_base_fs_file", "base_fs_file")
- copy_prop("system_avb_hashtree_enable", "avb_hashtree_enable")
- copy_prop("system_avb_add_hashtree_footer_args",
- "avb_add_hashtree_footer_args")
copy_prop("system_extfs_inode_count", "extfs_inode_count")
elif mount_point == "data":
# Copy the generic fs type first, override with specific one if available.
@@ -682,6 +693,11 @@
copy_prop("cache_fs_type", "fs_type")
copy_prop("cache_size", "partition_size")
elif mount_point == "vendor":
+ copy_prop("avb_vendor_hashtree_enable", "avb_hashtree_enable")
+ copy_prop("avb_vendor_add_hashtree_footer_args",
+ "avb_add_hashtree_footer_args")
+ copy_prop("avb_vendor_key_path", "avb_key_path")
+ copy_prop("avb_vendor_algorithm", "avb_algorithm")
copy_prop("vendor_fs_type", "fs_type")
copy_prop("vendor_size", "partition_size")
copy_prop("vendor_journal_size", "journal_size")
@@ -692,9 +708,6 @@
copy_prop("vendor_squashfs_block_size", "squashfs_block_size")
copy_prop("vendor_squashfs_disable_4k_align", "squashfs_disable_4k_align")
copy_prop("vendor_base_fs_file", "base_fs_file")
- copy_prop("vendor_avb_hashtree_enable", "avb_hashtree_enable")
- copy_prop("vendor_avb_add_hashtree_footer_args",
- "avb_add_hashtree_footer_args")
copy_prop("vendor_extfs_inode_count", "extfs_inode_count")
elif mount_point == "oem":
copy_prop("fs_type", "fs_type")
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 652fadf..2ad628b 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -345,6 +345,15 @@
print("%-25s = (%s) %s" % (k, type(v).__name__, v))
+def AppendAVBSigningArgs(cmd, partition):
+ """Append signing arguments for avbtool."""
+ # e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096"
+ key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path")
+ algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm")
+ if key_path and algorithm:
+ cmd.extend(["--key", key_path, "--algorithm", algorithm])
+
+
def _BuildBootableImage(sourcedir, fs_config_file, info_dict=None,
has_ramdisk=False, two_step_image=False):
"""Build a bootable image from the specified sourcedir.
@@ -480,13 +489,13 @@
img_keyblock.close()
# AVB: if enabled, calculate and add hash to boot.img.
- if info_dict.get("board_avb_enable", None) == "true":
+ if info_dict.get("avb_enable") == "true":
avbtool = os.getenv('AVBTOOL') or info_dict["avb_avbtool"]
part_size = info_dict["boot_size"]
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "boot"]
- cmd.extend(shlex.split(info_dict["avb_signing_args"]))
- args = info_dict.get("board_avb_boot_add_hash_footer_args")
+ AppendAVBSigningArgs(cmd, "boot")
+ args = info_dict.get("avb_boot_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = Run(cmd, stdout=subprocess.PIPE)
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 1c8fe65..1b0f68b 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -1168,7 +1168,7 @@
# into A/B OTA package.
target_zip = zipfile.ZipFile(target_file, "r")
if (OPTIONS.info_dict.get("verity") == "true" or
- OPTIONS.info_dict.get("board_avb_enable") == "true"):
+ OPTIONS.info_dict.get("avb_enable") == "true"):
care_map_path = "META/care_map.txt"
namelist = target_zip.namelist()
if care_map_path in namelist:
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index b9bb4d0..c661333 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -240,9 +240,8 @@
"SYSTEM/etc/update_engine/update-payload-key.pub.pem")):
pass
- # Skip META/misc_info.txt if we will replace the verity private key later.
- elif (OPTIONS.replace_verity_private_key and
- info.filename == "META/misc_info.txt"):
+ # Skip META/misc_info.txt since we will write back the new values later.
+ elif info.filename == "META/misc_info.txt":
pass
# Skip verity public key if we will replace it.
@@ -267,10 +266,9 @@
if OPTIONS.replace_ota_keys:
ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info)
- # Replace the keyid string in META/misc_info.txt.
+ # Replace the keyid string in misc_info dict.
if OPTIONS.replace_verity_private_key:
- ReplaceVerityPrivateKey(input_tf_zip, output_tf_zip, misc_info,
- OPTIONS.replace_verity_private_key[1])
+ ReplaceVerityPrivateKey(misc_info, OPTIONS.replace_verity_private_key[1])
if OPTIONS.replace_verity_public_key:
if system_root_image:
@@ -287,6 +285,9 @@
ReplaceVerityKeyId(input_tf_zip, output_tf_zip,
OPTIONS.replace_verity_keyid[1])
+ # Write back misc_info with the latest values.
+ ReplaceMiscInfoTxt(input_tf_zip, output_tf_zip, misc_info)
+
def ReplaceCerts(data):
"""Given a string of data, replace all occurences of a set
@@ -464,20 +465,12 @@
def ReplaceVerityPublicKey(targetfile_zip, filename, key_path):
- print "Replacing verity public key with %s" % key_path
- with open(key_path) as f:
- data = f.read()
- common.ZipWriteStr(targetfile_zip, filename, data)
- return data
+ print "Replacing verity public key with %s" % (key_path,)
+ common.ZipWrite(targetfile_zip, key_path, arcname=filename)
-def ReplaceVerityPrivateKey(targetfile_input_zip, targetfile_output_zip,
- misc_info, key_path):
- print "Replacing verity private key with %s" % key_path
- current_key = misc_info["verity_key"]
- original_misc_info = targetfile_input_zip.read("META/misc_info.txt")
- new_misc_info = original_misc_info.replace(current_key, key_path)
- common.ZipWriteStr(targetfile_output_zip, "META/misc_info.txt", new_misc_info)
+def ReplaceVerityPrivateKey(misc_info, key_path):
+ print "Replacing verity private key with %s" % (key_path,)
misc_info["verity_key"] = key_path
@@ -506,7 +499,21 @@
out_cmdline = out_cmdline.strip()
print "out_cmdline %s" % (out_cmdline)
common.ZipWriteStr(targetfile_output_zip, "BOOT/cmdline", out_cmdline)
- return out_cmdline
+
+
+def ReplaceMiscInfoTxt(input_zip, output_zip, misc_info):
+ """Replaces META/misc_info.txt.
+
+ Only writes back the ones in the original META/misc_info.txt. Because the
+ current in-memory dict contains additional items computed at runtime.
+ """
+ misc_info_old = common.LoadDictionaryFromLines(
+ input_zip.read('META/misc_info.txt').split('\n'))
+ items = []
+ for key in sorted(misc_info):
+ if key in misc_info_old:
+ items.append('%s=%s' % (key, misc_info[key]))
+ common.ZipWriteStr(output_zip, "META/misc_info.txt", '\n'.join(items))
def BuildKeyMap(misc_info, key_mapping_options):
@@ -627,7 +634,9 @@
sys.exit(1)
input_zip = zipfile.ZipFile(args[0], "r")
- output_zip = zipfile.ZipFile(args[1], "w")
+ output_zip = zipfile.ZipFile(args[1], "w",
+ compression=zipfile.ZIP_DEFLATED,
+ allowZip64=True)
misc_info = common.LoadInfoDict(input_zip)
diff --git a/tools/warn.py b/tools/warn.py
index be659b8..44ad368 100755
--- a/tools/warn.py
+++ b/tools/warn.py
@@ -2427,7 +2427,7 @@
if warning_pattern.match(line):
line = normalize_warning_line(line)
warning_lines.add(line)
- elif line_counter < 50:
+ elif line_counter < 100:
# save a little bit of time by only doing this for the first few lines
line_counter += 1
m = re.search('(?<=^PLATFORM_VERSION=).*', line)