diff options
| -rw-r--r-- | core/Makefile | 42 | ||||
| -rw-r--r-- | core/build_id.mk | 2 | ||||
| -rwxr-xr-x | core/main.mk | 5 | ||||
| -rw-r--r-- | core/sysprop.mk | 2 | ||||
| -rw-r--r-- | core/tasks/art-host-tests.mk | 1 | ||||
| -rw-r--r-- | target/product/gsi_release.mk | 3 | ||||
| -rw-r--r-- | target/product/iorap_large_memory_config.mk | 4 | ||||
| -rw-r--r-- | tools/releasetools/apex_utils.py | 9 | ||||
| -rwxr-xr-x | tools/releasetools/sign_target_files_apks.py | 49 |
9 files changed, 84 insertions, 33 deletions
diff --git a/core/Makefile b/core/Makefile index 1b836cee7c..14b2e3c745 100644 --- a/core/Makefile +++ b/core/Makefile @@ -2645,6 +2645,48 @@ endif # TARGET_NO_KERNEL endif # INSTALLED_BOOTIMAGE_TARGET endif # BOARD_BUILD_SYSTEM_ROOT_IMAGE is not true +ifeq ($(BUILDING_VENDOR_BOOT_IMAGE),true) +ifeq ($(BUILDING_RAMDISK_IMAGE),true) +# ----------------------------------------------------------------- +# vendor test harness ramdisk, which is a vendor ramdisk combined with +# a test harness ramdisk. + +INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET := $(call intermediates-dir-for,PACKAGING,vendor_boot-test-harness)/vendor_ramdisk-test-harness.cpio$(RAMDISK_EXT) + +# Exclude recovery files in the default vendor ramdisk if including a standalone +# recovery ramdisk in vendor_boot. +ifeq (true,$(BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT)) +ifneq (true,$(BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT)) +$(INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET): $(INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP) +$(INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET): PRIVATE_ADDITIONAL_DIR := $(TARGET_RECOVERY_ROOT_OUT) +endif +endif + +# The vendor test harness ramdisk combines vendor ramdisk and test harness ramdisk. +$(INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET): $(INTERNAL_VENDOR_RAMDISK_TARGET) $(INSTALLED_TEST_HARNESS_RAMDISK_TARGET) +$(INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET): $(MKBOOTFS) | $(COMPRESSION_COMMAND_DEPS) + $(MKBOOTFS) -d $(TARGET_OUT) $(TARGET_VENDOR_RAMDISK_OUT) $(TARGET_TEST_HARNESS_RAMDISK_OUT) $(PRIVATE_ADDITIONAL_DIR) | $(COMPRESSION_COMMAND) > $@ + +# ----------------------------------------------------------------- +# vendor_boot-test-harness.img. +INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET := $(PRODUCT_OUT)/vendor_boot-test-harness.img + +ifneq ($(BOARD_AVB_VENDOR_BOOT_KEY_PATH),) +$(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET): $(AVBTOOL) $(BOARD_AVB_VENDOR_BOOT_TEST_KEY_PATH) +endif + +# Depends on vendor_boot.img and vendor_ramdisk-test-harness.cpio$(RAMDISK_EXT) to build the new vendor_boot-test-harness.img +$(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INSTALLED_VENDOR_BOOTIMAGE_TARGET) +$(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET): $(INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET) +$(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET): $(INTERNAL_VENDOR_RAMDISK_FRAGMENT_TARGETS) + $(call pretty,"Target vendor_boot test harness image: $@") + $(MKBOOTIMG) $(INTERNAL_VENDOR_BOOTIMAGE_ARGS) $(BOARD_MKBOOTIMG_ARGS) --vendor_ramdisk $(INTERNAL_VENDOR_TEST_HARNESS_RAMDISK_TARGET) $(INTERNAL_VENDOR_RAMDISK_FRAGMENT_ARGS) --vendor_boot $@ + $(call assert-max-image-size,$@,$(BOARD_VENDOR_BOOTIMAGE_PARTITION_SIZE)) + $(if $(BOARD_AVB_VENDOR_BOOT_KEY_PATH),$(call test-key-sign-vendor-bootimage,$@)) + +endif # BUILDING_RAMDISK_IMAGE +endif # BUILDING_VENDOR_BOOT_IMAGE + # Creates a compatibility symlink between two partitions, e.g. /system/vendor to /vendor # $1: from location (e.g $(TARGET_OUT)/vendor) # $2: destination location (e.g. /vendor) diff --git a/core/build_id.mk b/core/build_id.mk index b0e291ae49..1eeaf24bad 100644 --- a/core/build_id.mk +++ b/core/build_id.mk @@ -18,4 +18,4 @@ # (like "CRB01"). It must be a single word, and is # capitalized by convention. -BUILD_ID=SP1A.210803.001 +BUILD_ID=SP1A.210811.001 diff --git a/core/main.mk b/core/main.mk index 0826105b72..f1f92fed5e 100755 --- a/core/main.mk +++ b/core/main.mk @@ -1551,6 +1551,9 @@ vendorbootimage: $(INSTALLED_VENDOR_BOOTIMAGE_TARGET) .PHONY: vendorbootimage_debug vendorbootimage_debug: $(INSTALLED_VENDOR_DEBUG_BOOTIMAGE_TARGET) +.PHONY: vendorbootimage_test_harness +vendorbootimage_test_harness: $(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET) + .PHONY: vendorramdisk vendorramdisk: $(INSTALLED_VENDOR_RAMDISK_TARGET) @@ -1616,6 +1619,7 @@ droidcore-unbundled: $(filter $(HOST_OUT_ROOT)/%,$(modules_to_install)) \ $(INSTALLED_VENDORIMAGE_TARGET) \ $(INSTALLED_VENDOR_BOOTIMAGE_TARGET) \ $(INSTALLED_VENDOR_DEBUG_BOOTIMAGE_TARGET) \ + $(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET) \ $(INSTALLED_VENDOR_RAMDISK_TARGET) \ $(INSTALLED_VENDOR_DEBUG_RAMDISK_TARGET) \ $(INSTALLED_ODMIMAGE_TARGET) \ @@ -1835,6 +1839,7 @@ else ifeq ($(TARGET_BUILD_UNBUNDLED),$(TARGET_BUILD_UNBUNDLED_IMAGE)) $(INSTALLED_TEST_HARNESS_RAMDISK_TARGET) \ $(INSTALLED_TEST_HARNESS_BOOTIMAGE_TARGET) \ $(INSTALLED_VENDOR_DEBUG_BOOTIMAGE_TARGET) \ + $(INSTALLED_VENDOR_TEST_HARNESS_BOOTIMAGE_TARGET) \ $(INSTALLED_VENDOR_RAMDISK_TARGET) \ $(INSTALLED_VENDOR_DEBUG_RAMDISK_TARGET) \ ) diff --git a/core/sysprop.mk b/core/sysprop.mk index 654cbebbcf..249212d1b9 100644 --- a/core/sysprop.mk +++ b/core/sysprop.mk @@ -414,7 +414,7 @@ INSTALLED_ODM_BUILD_PROP_TARGET := $(TARGET_OUT_ODM)/etc/build.prop $(eval $(call build-properties,\ odm,\ $(INSTALLED_ODM_BUILD_PROP_TARGET),\ - $(_prop_files),\ + $(_prop_files_),\ $(_prop_vars_),\ $(empty),\ $(empty),\ diff --git a/core/tasks/art-host-tests.mk b/core/tasks/art-host-tests.mk index d771b063e9..b9a349d0a1 100644 --- a/core/tasks/art-host-tests.mk +++ b/core/tasks/art-host-tests.mk @@ -29,6 +29,7 @@ $(art_host_tests_zip) : PRIVATE_HOST_SHARED_LIBS := $(my_host_shared_lib_for_art $(art_host_tests_zip) : $(COMPATIBILITY.art-host-tests.FILES) $(my_host_shared_lib_for_art_host_tests) $(SOONG_ZIP) echo $(sort $(COMPATIBILITY.art-host-tests.FILES)) | tr " " "\n" > $@.list grep $(HOST_OUT_TESTCASES) $@.list > $@-host.list || true + $(hide) touch $@-host-libs.list $(hide) for shared_lib in $(PRIVATE_HOST_SHARED_LIBS); do \ echo $$shared_lib >> $@-host-libs.list; \ done diff --git a/target/product/gsi_release.mk b/target/product/gsi_release.mk index 8591a83e06..d924d0bc11 100644 --- a/target/product/gsi_release.mk +++ b/target/product/gsi_release.mk @@ -71,3 +71,6 @@ PRODUCT_BUILD_USERDATA_IMAGE := false PRODUCT_BUILD_VENDOR_IMAGE := false PRODUCT_BUILD_SUPER_PARTITION := false PRODUCT_BUILD_SUPER_EMPTY_IMAGE := false + +# Always build modules from source +MODULE_BUILD_FROM_SOURCE := true diff --git a/target/product/iorap_large_memory_config.mk b/target/product/iorap_large_memory_config.mk index 9aa664214d..0c6c89af93 100644 --- a/target/product/iorap_large_memory_config.mk +++ b/target/product/iorap_large_memory_config.mk @@ -12,7 +12,3 @@ # See the License for the specific language governing permissions and # limitations under the License. # - -# Disable Camera pinner by default -PRODUCT_PRODUCT_PROPERTIES += \ - pinner.pin_camera=false diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py index 893266f95a..ef4c69cb2e 100644 --- a/tools/releasetools/apex_utils.py +++ b/tools/releasetools/apex_utils.py @@ -340,6 +340,8 @@ def SignUncompressedApex(avbtool, apex_file, payload_key, container_key, zip_items = apex_fd.namelist() payload_info = ParseApexPayloadInfo(avbtool, payload_file) + if no_hashtree is None: + no_hashtree = payload_info.get("Tree Size", 0) == 0 SignApexPayload( avbtool, payload_file, @@ -385,8 +387,8 @@ def SignUncompressedApex(avbtool, apex_file, payload_key, container_key, def SignCompressedApex(avbtool, apex_file, payload_key, container_key, - container_pw, apk_keys, codename_to_api_level_map, - no_hashtree, signing_args=None): + container_pw, apk_keys, codename_to_api_level_map, + no_hashtree, signing_args=None): """Signs the current compressed APEX with the given payload/container keys. Args: @@ -516,6 +518,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, raise ApexInfoError( 'Failed to get type for {}:\n{}'.format(apex_file, e)) + def GetApexInfoFromTargetFiles(input_file, partition, compressed_only=True): """ Get information about system APEX stored in the input_file zip @@ -558,7 +561,7 @@ def GetApexInfoFromTargetFiles(input_file, partition, compressed_only=True): for apex_filename in os.listdir(target_dir): apex_filepath = os.path.join(target_dir, apex_filename) if not os.path.isfile(apex_filepath) or \ - not zipfile.is_zipfile(apex_filepath): + not zipfile.is_zipfile(apex_filepath): logger.info("Skipping %s because it's not a zipfile", apex_filepath) continue apex_info = ota_metadata_pb2.ApexInfo() diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 2859948d1a..0842af9018 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -428,7 +428,7 @@ def SignApk(data, keyname, pw, platform_api_level, codename_to_api_level_map, if is_compressed: uncompressed = tempfile.NamedTemporaryFile() with gzip.open(unsigned.name, "rb") as in_file, \ - open(uncompressed.name, "wb") as out_file: + open(uncompressed.name, "wb") as out_file: shutil.copyfileobj(in_file, out_file) # Finally, close the "unsigned" file (which is gzip compressed), and then @@ -468,7 +468,7 @@ def SignApk(data, keyname, pw, platform_api_level, codename_to_api_level_map, # Recompress the file after it has been signed. compressed = tempfile.NamedTemporaryFile() with open(signed.name, "rb") as in_file, \ - gzip.open(compressed.name, "wb") as out_file: + gzip.open(compressed.name, "wb") as out_file: shutil.copyfileobj(in_file, out_file) data = compressed.read() @@ -484,21 +484,21 @@ def SignApk(data, keyname, pw, platform_api_level, codename_to_api_level_map, def IsBuildPropFile(filename): return filename in ( - "SYSTEM/etc/prop.default", - "BOOT/RAMDISK/prop.default", - "RECOVERY/RAMDISK/prop.default", + "SYSTEM/etc/prop.default", + "BOOT/RAMDISK/prop.default", + "RECOVERY/RAMDISK/prop.default", - "VENDOR_BOOT/RAMDISK/default.prop", - "VENDOR_BOOT/RAMDISK/prop.default", + "VENDOR_BOOT/RAMDISK/default.prop", + "VENDOR_BOOT/RAMDISK/prop.default", - # ROOT/default.prop is a legacy path, but may still exist for upgrading - # devices that don't support `property_overrides_split_enabled`. - "ROOT/default.prop", + # ROOT/default.prop is a legacy path, but may still exist for upgrading + # devices that don't support `property_overrides_split_enabled`. + "ROOT/default.prop", - # RECOVERY/RAMDISK/default.prop is a legacy path, but will always exist - # as a symlink in the current code. So it's a no-op here. Keeping the - # path here for clarity. - "RECOVERY/RAMDISK/default.prop") or filename.endswith("build.prop") + # RECOVERY/RAMDISK/default.prop is a legacy path, but will always exist + # as a symlink in the current code. So it's a no-op here. Keeping the + # path here for clarity. + "RECOVERY/RAMDISK/default.prop") or filename.endswith("build.prop") def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, @@ -561,7 +561,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, # We've asserted not having a case with only one of them PRESIGNED. if (payload_key not in common.SPECIAL_CERT_STRINGS and - container_key not in common.SPECIAL_CERT_STRINGS): + container_key not in common.SPECIAL_CERT_STRINGS): print(" signing: %-*s container (%s)" % ( maxsize, name, container_key)) print(" : %-*s payload (%s)" % ( @@ -575,7 +575,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, key_passwords, apk_keys, codename_to_api_level_map, - no_hashtree=True, + no_hashtree=None, # Let apex_util determine if hash tree is needed signing_args=OPTIONS.avb_extra_args.get('apex')) common.ZipWrite(output_tf_zip, signed_apex, filename) @@ -658,7 +658,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, # Updates system_other.avbpubkey in /product/etc/. elif filename in ( "PRODUCT/etc/security/avb/system_other.avbpubkey", - "SYSTEM/product/etc/security/avb/system_other.avbpubkey"): + "SYSTEM/product/etc/security/avb/system_other.avbpubkey"): # Only update system_other's public key, if the corresponding signing # key is specified via --avb_system_other_key. signing_key = OPTIONS.avb_keys.get("system_other") @@ -671,7 +671,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, # Should NOT sign boot-debug.img. elif filename in ( "BOOT/RAMDISK/force_debuggable", - "BOOT/RAMDISK/first_stage_ramdisk/force_debuggable"): + "BOOT/RAMDISK/first_stage_ramdisk/force_debuggable"): raise common.ExternalError("debuggable boot.img cannot be signed") # A non-APK file; copy it verbatim. @@ -762,7 +762,8 @@ def ReplaceCerts(data): # it's only checking entries with global seinfo at the moment (i.e. ignoring # the ones with inner packages). (Bug: 69479366) root = ElementTree.fromstring(data) - signatures = [signer.attrib['signature'] for signer in root.findall('signer')] + signatures = [signer.attrib['signature'] + for signer in root.findall('signer')] assert len(signatures) == len(set(signatures)), \ "Found duplicate entries after cert replacement: {}".format(data) @@ -807,7 +808,7 @@ def RewriteProps(data): if line and line[0] != '#' and "=" in line: key, value = line.split("=", 1) if (key.startswith("ro.") and - key.endswith((".build.fingerprint", ".build.thumbprint"))): + key.endswith((".build.fingerprint", ".build.thumbprint"))): pieces = value.split("/") pieces[-1] = EditTags(pieces[-1]) value = "/".join(pieces) @@ -1000,7 +1001,7 @@ def ReplaceAvbSigningKeys(misc_info): ReplaceAvbPartitionSigningKey(partition) for custom_partition in misc_info.get( - "avb_custom_images_partition_list", "").strip().split(): + "avb_custom_images_partition_list", "").strip().split(): ReplaceAvbPartitionSigningKey(custom_partition) @@ -1065,7 +1066,7 @@ def BuildKeyMap(misc_info, key_mapping_options): devkeydir + "/shared": d + "/shared", devkeydir + "/platform": d + "/platform", devkeydir + "/networkstack": d + "/networkstack", - }) + }) else: OPTIONS.key_map[s] = d @@ -1168,8 +1169,8 @@ def ReadApexKeysInfo(tf_zip): if container_cert == 'PRESIGNED' and container_private_key == 'PRESIGNED': container_key = 'PRESIGNED' elif CompareKeys( - container_cert, OPTIONS.public_key_suffix, - container_private_key, OPTIONS.private_key_suffix): + container_cert, OPTIONS.public_key_suffix, + container_private_key, OPTIONS.private_key_suffix): container_key = container_cert[:-len(OPTIONS.public_key_suffix)] else: raise ValueError("Failed to parse container keys: \n{}".format(line)) |