| Age | Commit message (Collapse) | Author |
|---|
|
Added SPDX-license-identifier-Apache-2.0 to:
applypatch/Android.bp
bootloader_message/Android.bp
edify/Android.bp
fuse_sideload/Android.bp
install/Android.bp
minadbd/Android.bp
minui/Android.bp
otautil/Android.bp
recovery_ui/Android.bp
recovery_utils/Android.bp
tests/Android.bp
tools/image_generator/Android.bp
tools/recovery_l10n/Android.bp
uncrypt/Android.bp
update_verifier/Android.bp
updater/Android.bp
updater/Android.mk
updater_sample/Android.bp
updater_sample/tests/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-MIT
SPDX-license-identifier-OFL
to:
Android.bp
Android.mk
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I3da761b525452838977297f773974000d4de7bd6
|
|
This solves the build failured on mac, and we don't really need a
host binary.
Test: mma
Change-Id: I55b74f411fb5385417d474b753c830c855db7794
|
|
libz contain platform dependent optimization flags, and sometimes that
cause reconstruction of blobs to fail. Use libz_stable instead
Bug: 177076632
Test: treehugger
Change-Id: I3a8c1591672537d1c754b2bc5b26f939dd80ed47
|
|
On 32bit devices, an ZipEntry64 may have size > 2^32, we should check
for such cases before attempting to allocate memory.
Test: mm -j
Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
|
|
There's already library support for zip64 in libziparchive. We just need
to start using the new APIs.
Bug: 167951876
Test: Sideload a large ota package in recovery
Change-Id: I652741965f28de079d873c6822317ee9fa855201
|
|
https: //source.android.com/setup/contribute/respectful-code
Bug: 161896447
Test: Unit tests pass
Change-Id: I0f3f0333dbccc94241a096ca5d3d9bc28c281492
|
|
The following warnngs generate when compile with WITH_TIDY=1
.../bootable/recovery/applypatch/imgdiff.cpp:968:7: warning: 'src_ranges' used after it was moved [bugprone-use-after-move]
src_ranges.Clear();
^
.../bootable/recovery/applypatch/imgdiff.cpp:966:27: note: move occurred here
split_src_ranges->push_back(std::move(src_ranges));
The logic itself seems correct since the class is meant to be cleared
after move. I feel the std::move in 966 is actually useful to call the
move constructor in RangeSet. So I just modify L968 to suppress the
warning.
Less important ones:
bootable/recovery/applypatch/applypatch_modes.cpp:79:34: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/applypatch/imgdiff.cpp:1038:30: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/applypatch/imgdiff.cpp:1054:48: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
bootable/recovery/updater/include/private/commands.h:310:16: warning: std::move of the variable 'patch' of the trivially-copyable type 'PatchInfo' has no effect; remove std::move() [performance-move-const-arg]
bootable/recovery/updater/install.cpp:663:43: warning: passing result of std::move() as a const reference argument; no move will actually happen [performance-move-const-arg]
Bug: 150955971
Test: build
Change-Id: Ieb75f0229c47d470d4f5ac93fab39c5698d3f914
|
|
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This makes the applypatch executable a vendor module.
This change supports making dependencies of the applypatch executable available
to applypatch, which is now on vendor.
Since install-recovery.sh is now a vendor service, we add the
applypatch/vendor_flash_recovery.rc file to /vendor/etc/init to start the
service.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I01c0800ee6078aa6c9d716d5f154ad2d63c7af84
|
|
And set it to false when installing recovery image via applypatch. We
only need to back up the source partition when doing in-place update
(e.g. when updating a given partition under recovery). When installing
recovery image via applypatch, we won't touch the source partition (i.e.
/boot).
Removing the backup step also allows dropping the dac_override_allowed
permission. Previously it was needed due to the access to /cache.
Because applypatch runs as root:root, while /cache is owned by
system:cache with 0770.
Bug: 68319577
Test: Invoke the code that installs recovery image; check that recovery
is installed successfully without denials.
Test: recovery_unit_test passes on taimen.
Change-Id: I549a770b511762189d6672a2835b6e403d695919
|
|
Prior to this CL, applypatch was the only user of libbrotli.so and
libbz.so (update_engine and puffin have been using the static versions).
This CL switches applypatch to their static versions to save space in
/system.
Sizes prior to the change (aosp_taimen-userdebug):
/system/bin/applypatch 91296
/system/lib64/libbrotli.so 688536
/system/lib64/libbz.so 79560
After:
/system/bin/applypatch 272368
Test: `m dist`
Test: Check the built blueline-userdebug target. libbrotli.so and
libbz.so are not installed.
Change-Id: I08422a0d5a287bbac69aa9f6cfd9c97e5b2e9078
|
|
Tested by running recovery_unit_test as described in
https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/README.md
Attempted to build and boot a recovery image with the
same change to confirm it still works, but
m recoveryimage-nodeps
fails for me.
Bug: 140940227
Test: See above
Change-Id: I00545968a0e5684823e505f2ddbe7e993319b5d4
|
|
Stop building libimgpatch as it's merely a subset of libapplypatch.
Test: unit tests pass
Change-Id: I0735ec053344404434a50e53a36e3f55964c2e4f
|
|
Stop building libimgdiff on device because we are only running
patching there.
Test: unit tests pass
Change-Id: I4225c6b52a536617301a64c405e325799a303b40
|
|
Bug: http://b/129068177
Test: treehugger
Change-Id: I3c8f70b0d8cc5dc6b3b4439dbe0b9a5bd85003c4
|
|
Bug: http://b/129068177
Test: treehugger
Change-Id: I618bbcf38914dd81e042e0cfd1976ff26274dc30
|
|
The expression "!fd" calls the implicit conversion to int, but comparing
the raw fd against 0 does not work, since open() and other POSIX calls
returning a file descriptor use -1 to signal an error.
Test: m recovery
Change-Id: I0847c276f39cb9dd09c7ffb96951276113418fc8
|
|
bootable/recovery/applypatch/imgpatch.cpp:57:3: error: comparison of integers of different signs: 'unsigned int' and 'int' [-Werror,-Wsign-compare]
CHECK_GT(expected_target_length, 0);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bootable/recovery/applypatch/freecache.cpp:145:50: error: comparison of integers of different signs: 'long' and '__fsblkcnt64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
if (sf.f_bsize == 0 || free_space / sf.f_bsize != sf.f_bavail) {
~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~
bootable/recovery/applypatch/freecache.cpp:190:16: error: comparison of integers of different signs: 'int64_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
if (free_now >= bytes_needed) {
~~~~~~~~ ^ ~~~~~~~~~~~~
bootable/recovery/applypatch/freecache.cpp:233:18: error: comparison of integers of different signs: 'int64_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
if (free_now >= bytes_needed) {
~~~~~~~~ ^ ~~~~~~~~~~~~
Test: `mmma -j bootable/recovery/applypatch` with -Wsign-compare
Test: Run recovery_unit_test on marlin.
Change-Id: I4aa1fd0f9b7205b9e4e50874fc4bccb62951e7fe
|
|
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: Id72e24dd00eb451565d90cff6e049f4f4b844ea2
|
|
applypatch() was initially designed for file-based OTA, operating on
individual files. It was later extended to allow patching eMMC targets
as a whole, in favor of block-based updates.
As we have deprecated file-based OTA since Oreo, part of the code in
applypatch() has become obsolete. This CL refactors the related
functions, by removing the obsolete logic and focusing on eMMC targets.
Since this CL substantially changes applypatch APIs, it adds new
functions to avoid unintentionally mixing them together. In particular,
it removes `applypatch()`, `applypatch_check()`, `applypatch_flash()`,
and adds `PatchPartition()`, `PatchPartitionCheck()`, `FlashPartition()`
and `CheckPartition()`. It also replaces the old Edify functions
`apply_patch()` and `apply_patch_check()` with `patch_partition()` and
`patch_partition_check()` respectively.
This CL requires matching changes to OTA generation script (in the same
topic).
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Test: `m dist` with non-A/B target. Verify
/system/bin/install-recovery.sh on device.
Test: `m dist` with non-A/B target using BOARD_USES_FULL_RECOVERY_IMAGE.
Verify /system/bin/install-recovery.sh on device.
Test: Install an incremental OTA with the new updater and scripts.
Change-Id: Ia34a90114bb227f4216eb478c22dc98c8194cb7f
|
|
Now it's less beneficial to inject I/O faults since we don't see many of
them. Remove the library that mocks I/O failures. And switch to android::base
I/O when possible.
Bug: 113032079
Test: unit tests pass
Change-Id: I9f2a92b7ba80f4da6ff9e2abc27f2680138f942c
|
|
This applies to the standalone applypatch executable
(/system/bin/applypatch on device). This executable is only used when
installing (via patching or flashing) a recovery image on non-A/B
device.
This CL removes the support for patching non-eMMC targets from
applypatch that has been deprecated as part of file-based OTA. For
patching eMMC targets, it also drops the support for accepting multiple
patches (not useful, since the source file must be fixed).
This CL needs the matching change in the same topic, which writes the
script of "/system/bin/install-recovery.sh". Note that this CL doesn't
chanage the applypatch API signatures, in order to minimize the CL size.
*BEFORE*
usage: /system/bin/applypatch [-b <bonus-file>] <src-file> <tgt-file> <tgt-sha1> <tgt-size> [<src-sha1>:<patch> ...]
or /system/bin/applypatch -c <file> [<sha1> ...]
or /system/bin/applypatch -l
Filenames may be of the form
EMMC:<partition>:<len_1>:<sha1_1>:<len_2>:<sha1_2>:...
to specify reading from or writing to an EMMC partition.
*AFTER*
Usage:
check mode
applypatch --check EMMC:<target-file>:<target-size>:<target-sha1>
flash mode
applypatch --flash <source-file>
--target EMMC:<target-file>:<target-size>:<target-sha1>
patch mode
applypatch [--bonus <bonus-file>]
--patch <patch-file>
--target EMMC:<target-file>:<target-size>:<target-sha1>
--source EMMC:<source-file>:<source-size>:<source-sha1>
show license
applypatch --license
Bug: 110106408
Test: Run recovery_component_test and recovery_unit_test on marlin.
Test: Build a non-A/B target that has /system/bin/install-recovery.sh.
Verify that it installs recovery image successfully.
Test: Build a non-A/B target that has /system/bin/install-recovery.sh in
flashing mode. Verify that it installs recovery image successfully.
Change-Id: I71f9a71fb457e6f663e0b5511946949e65b4b78c
|
|
They are doing exactly the same thing, except for the slightly different
error return value (1 vs -1).
int CacheSizeCheck(size_t bytes);
int MakeFreeSpaceOnCache(size_t bytes_needed);
This CL consolidates the two functions and uses bool as its return type.
// Checks whether /cache partition has at least 'bytes'-byte free space. Returns true immediately
// if so. Otherwise, it will try to free some space by removing older logs, checks again and
// returns the checking result.
bool CheckAndFreeSpaceOnCache(size_t bytes);
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I94a96934d2b18713f8f39ad5aa96a02c98d87963
|
|
Prior to this CL, FreeSpaceForFile() was returning `size_t`, which may
overflow on ILP32 when called on a partition with 4GiB+ free space.
Additionally, it was returning static_cast<size_t>(-1) on error, but the
caller in freecache.cpp didn't check for that.
This CL changes its return type to `int64_t`, and moves the function
into freecache.cpp since there's no external caller.
Test: Run recovery_unit_test on marlin.
Test: Code search shows no external user of FreeSpaceForFile().
Change-Id: I00f501a057726e1f1ab69f367c46c77b30f2d774
|
|
Test: mmma -j bootable/recovery
Test: Run recovery_unit_test on marlin.
Change-Id: Iaa326cd26211d527071cc64a928e59a96271b111
|
|
We already know the flakiness happens in bspatch, and the issue is
tracked in b/80193170.
Bug: 67849209
Test: unit tests pass
Change-Id: Ib4772b8f2f0225125096fe7407d083b5bb542cfb
|
|
Test: mmma -j bootable/recovery
Test: Run recovery_component_test and recovery_unit_test on marlin.
Change-Id: I4b240e3e771c387b9694be9c0f2f74e0265ab4cb
|
|
|
|
Also fix an error-pone behavior in previous code when verifying an eMMC
target. As long as it loads the partition content successfully according
to the SHAs embedded in the filename, it shouldn't further check against
the SHAs given in the second argument. Because the loaded contents
relate to a specific partition size.
For example:
apply_patch_check(
"EMMC:/boot.img:src_size:src_hash:tgt_size:tgt_hash",
"src_hash");
Assume "/boot.img" already has the desired hash of "tgt_hash", the
previous code would give wrong verification result. The issue can be
addressed by additionally listing "tgt_hash" as one of the desired SHAs
(or by applying this CL).
Bug: 110106408
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I8daafdbecd083f687e24d563ab089caa25667633
|
|
Note that the code exists in debugging path only, and won't be hit
unless device has flaky flash.
Test: Run recovery_unit_test and recovery_component_test on marlin.
Change-Id: I0c71adc271f08f00e3eabd9d14cd8af3186c5bae
|
|
Test: mmma -j bootable/recovery
Test: Run recovery_component_test on marlin.
Change-Id: Ifcf244346a88dac833d91b169a4c2aee1fe677f1
|
|
Test: mmma -j bootable/recovery
Test: Run recovery_component_test on marlin.
Change-Id: I3a4e32eb2c1e231c6690a50571edc66341b8d50a
|
|
Also two minor changes (other than renaming some parameters):
- Added constness to the first parameter of FindMatchingPatch();
- Declared WriteToPartition() as static.
Bug: 110106408
Test: mmma -j bootable/recovery
Change-Id: I388958c944a23ce4a38a757ce2249f6a89dd4f03
|
|
The imgpatch will fail on empty deflates because the bspatch won't call
the sink function if the target length is zero.
Instead of compressing an empty string, it's cleaner to not generate such
empty deflate chunks in the patch. Therefore, we can just convert the
chunk type to raw if the target length is smaller than the patch data.
Also adjust some unit tests and add the testdata gzipped_source &
gzipped_target. These two files are ~1K each and are generated by
gzipping two slightly different regular files.
Bug: 79265132
Test: unit tests pass, imgpatch applys successfully on the given src/tgt
Change-Id: I6bfff3251918137f6762a6f9e9551642371a1124
|
|
Save the target file to tempfile upon unittest failures so that we can
try to decompress the deflate chunks in the flaky unittests. And print
the zlib version in case that gets changed.
Also the SHA1 of the uncompressed data seems correct; so only keep the
final SHA1 to double confirm.
Bug: 67849209
Test: recovery_component_test
Change-Id: Ic6447c2b75c29379d6844cd23a0ff1c4305694a0
|
|
|
|
We have a general need for overriding more paths (e.g. "/tmp"), mostly
for testing purpose. Rename CacheLocation to Paths, and use that to
manage TEMPORARY_{INSTALL,LOG}_FILE.
Test: mmma -j bootable/recovery
Test: recovery_component_test
Change-Id: Ia8ce8e5695df37ca434f13ac4d3206de1e8e9396
|
|
Dump the SHA1 of the uncompressed data in applypatch to confirm if we
are at least doing the bspatch part correctly. (I expect so since the actual
length of the uncompressed data matches the expected length).
Also try to decompress the deflate chunk inside the recovery image for
these two flacky tests. In theory, there shouldn't be randomness in
zlib; so we would know if we process the data wrongly if the deflate fails
to decompress.
Bug: 67849209
Test: recovery_component_test
Change-Id: Id947522153b1eeb0d10d161298a96fb045f92018
|
|
The apply patch test should have a deterministic way to append patch
data. Add debug logs to dump the length and SHA1 of each step to further
track down the flakiness.
Also redirect the debug logging to stdout in case the logcat becomes too
chatty.
Bug: 67849209
Test: Run recovery_component_test
Change-Id: I42bafef2d9dee599719ae57840b3d8c00d243ebd
|
|
As they're accepting the SinkFn callback, it makes more sense to leave
the work to their callers.
Test: mmma -j bootable/recovery
Test: Run recovery_component_test on marlin.
Test: No other active user of the two functions.
Change-Id: I8d67b38ce037925442296f136b483e0c71983777
|
|
After splitting the previously flaky
ApplyPatchModesTest#PatchModeEmmcTarget tests,
PatchModeEmmcTargetWithMultiplePatches now becomes the sole victim. This
CL dumps additional info to narrow down the cause.
Bug: 67849209
Test: `recovery_component_test` on marlin.
Test: It dumps additional info after using corrupt bonus.file.
Change-Id: Ic5436de457cc882a51d03f49d5cee70077f7d3df
|
|
We set the limit of the max stash size to 80% of cache size. But the
cache space can still be insufficient for the update if the log files
occupy a large chunk of /cache. So remove the old logs for now to make
room for the update.
Bug: 77528881
Test: unit tests pass
Change-Id: Ia8bcb0ace11f8164ad9290bfb360e08e31d282cb
|
|
This class allows us to set the following locations dynamically:
cache_temp_source, last_command_file, stash_directory_base.
In the updater's main function, we reset the values of these variables
to their default locations in /cache; while we can set them to temp
files in unit tests or host simulation.
Test: unit tests pass
Change-Id: I528652650caa41373617ab055d41b1f1a4ec0f87
|
|
In the split mode of imgdiff, we used to assume that the size of a split
target chunk is always greater than the blocksize i.e. 4096. This may
lead to the following assertion failure:
I0221 04:57:33.451323 818464 common.py:205 imgdiff F 02-21 04:57:33 821203 821203 imgdiff.cpp:999]
Check failed: tgt_size >= BLOCK_SIZE (tgt_size=476, BLOCK_SIZE=4096)
This CL removes the assumption and handles the edge cases.
Test: generate and verify the incremental update for TFs in the bug; unit test passes
Bug: 73757557
Bug: 73711365
Change-Id: Iadbb4ee658995f5856cd488f3793980881a59620
|
|
The sdk_mac on build server fails with the error:
bootable/recovery/applypatch/freecache.cpp:23:10: fatal error: 'sys/statfs.h' file not found
So we will disable libapplypatch on mac.
Test: the library still builds on linux; and check the other host targets in the same cl.
Change-Id: Ie4a30708726e51c810f7ad7f1085d38154076cca
|
|
When running the update simulation, we choose to skip the cache size
check for now due to the lack of "/cache" on host. And in later cls we
can implement a cache size estimator to make the check more constrained.
Also build the host version of support libraries.
Test: unit test pass
Change-Id: I3ed93c857fd02f7b62f5baba9130f75c3236e717
|
|
It used to keep track of the stat(2) info (e.g. st_mode/st_gid/st_uid)
while patching a file in file-based OTA.
Test: Build and use the new updater to apply an update on bullhead.
Change-Id: Ibf8f0f4b14298a9489bf24a2678bb279c5d9c8f3
|
|
|
|
Also add a verbose option. And we won't print messages of 'info'
severity unless '-v' is present.
Test: run imgdiff and check the logs.
Change-Id: I1b90874baea8e72e2a2323a0b63bc5d35e653e6b
|
|
Apply{BSDiff,Image}Patch."
|
|
Apply{BSDiff,Image}Patch.
It used to be "const Value*", but nullptr won't be a valid input.
Test: recovery_host_test; recovery_component_test
Change-Id: I904b5689ac3e64504088bf0544c9fb5d45a52243
|
