| Age | Commit message (Collapse) | Author |
|---|
|
Bug: 195274797
Test: ./apxer/runtests.sh
Change-Id: I19019d2809496bfc37eca1964e58a4e04d8bbbe7
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
|
|
The new flag --payload_fs_type enables the user to choose between ext4
and f2fs for apex_payload.img
Test: ./runtests.sh
Bug: 158453869
Change-Id: I2858d834924c5cec0f809c4f5c8b2e622b8fdf47
Merged-In: I2858d834924c5cec0f809c4f5c8b2e622b8fdf47
|
|
Bug: 155771970
Test: build an arbitrary APEX (e.g. com.android.runtime)
$ unzip com.android.runtime.apex
$ avbtool info_image --image apex_payload.img | grep Hash
Hashtree descriptor:
Hash Block Size: 4096 bytes
Hash Algorithm: sha256
Test: compare the APEX size before and after the change: no difference
Merged-In: I8924349287d38a72be1058424a100c1981f656d1
(cherry picked from commit 85f60588d44baa1bd9cf066fabeb3f4b3f29e323)
Change-Id: I8924349287d38a72be1058424a100c1981f656d1
|
|
This CL enables building APEXs with an unsigned payload, but still with
the outer container APK/Jar-signed.
Bug: 148447155
Test: atest --host apexer_test. built a module with unsigned payload.
Change-Id: I3e18124e0fba832c4890d7298add8910b879662c
|
|
This will help signing tools to preserve correct package_name and
logging_parent tag of the outer APK container of an APEX
Test: apexer_test
Bug: 152084536
Change-Id: I7569acf20efe6ff64c3bdc7c43c07a0690c27bee
|
|
The flag instructs apexer to output the payload before it is signed by
avbtool.
The CL also contains new test to ensure that when the unsigned payload
is signed by avbtool, it is same as the payload we get when we unzip an
apex.
Bug: 149993331
Test: atest --host apexer_test
Change-Id: I0c0c29ee2fabaa447f5844e71949a00778b1d935
|
|
The flag instructs apexer to output only the payload instead of the
complete apex. The payload is signed.
The CL also contains new test to ensure the payload only output from
apexer is same as what we get when we unzip an apex.
Bug: 149993331
Test: atest --host apexer_test
Change-Id: I545fcd6e84ea1eb7f55638ca51ff239912758930
|
|
BUG: 148198056
Change-Id: I626d80dbe34ab8f0f3205d65a1df24efe76af009
|
|
|
|
In the build signing environment, we don't necessary have access to the
physical private key. And we work around it by passing an extra signing_helper
to the avbtool instead of a private key. Since we need to perform signing
to add the hashtree footer when rebuilding the apex image; apexer should recognize
the signing_helper and pass it to avbtool.
Bug: 148627666
Test: Call apexer with the argument
Change-Id: Ibf75d629d369bdbf4e3305b59eb495ccbfdc6428
|
|
Bug: 147691496
Test: atest --host apexer_test (in later CL)
Change-Id: I8b369810e05e3d0416e0eb9cb1e1d3bf8dd18de2
|
|
This allows for codename.fingerprint format to be specified for minSdkVersion
BUG: 130541924
Exempt-From-Owner-Approval: baligh@ - Initial CL was approved.
Change-Id: I971418ed6515d503bcc10a169b13b3c27ae82c64
|
|
The command line file in build_info pb causes some non-determinism in
the output (e.g. if directories are named differently). Removing this
by default since it has mostly debugging uses.
Test: m com.android.tzdata; inspect output.
Change-Id: I168b7ffba66657b8c60396e7c3c3f132f8cb1f23
|
|
This allows re-packing an APEX even if the original metadata such as
selinux file_contexts and canned_fs_config, and the original
AndroidManifest.xml, before aapt2 compiles it in binary format.
The flags that are relevant to the output are not automatically
restored, but the command_line debug field makes them all visible.
With this information, it is possible to repack an APEX to an identical
version (sha1sum verifiable) of itself.
Bug: 144477678
Test: Manual invocations of apexer with full parameters +
include_build_info, and subsequently with build_info parameter using
only data available in the apex given in input + private keys for
signing. Example:
1.
m com.android.conscrypt
2.
mkdir ${TMP_APEX_OUTPUT_WORKDIR}
unzip -d ${TMP_APEX_OUTPUT_WORKDIR} com.android.conscrypt.apex
mkdir ${TMP_APEX_OUTPUT_WORKDIR}/payload
deapexer extract ${OUTPUT_APEX_1_A} ${TMP_APEX_OUTPUT_WORKDIR}/payload
rm ${TMP_APEX_OUTPUT_WORKDIR}/payload/apex_manifest.{json,pb}
rmdir ${TMP_APEX_OUTPUT_WORKDIR}/payload/lost+found
3.
APEXER_TOOL_PATH=out/soong/host/linux-x86/bin:prebuilts/sdk/tools/linux/bin
\
out/soong/host/linux-x86/bin/apexer \
--force \
--manifest ${TMP_APEX_OUTPUT_WORKDIR}/apex_manifest.pb \
--build_info ${TMP_APEX_OUTPUT_WORKDIR}/apex_build_info.pb \
--include_build_info \
--payload_type image \
--key external/conscrypt/apex/com.android.conscrypt.pem \
--pubkey ${TMP_APEX_OUTPUT_WORKDIR}/apex_pubkey \
--assets_dir ${TMP_APEX_OUTPUT_WORKDIR}/assets \
--no_hashtree \
--manifest_json ${TMP_APEX_OUTPUT_WORKDIR}/apex_manifest.json \
${TMP_APEX_OUTPUT_WORKDIR}/payload \
${TMP_APEX_OUTPUT}
4. verified that the two apexes are identical (modulo the command_line
string in the build_info proto
Change-Id: Ibe5833d9d11b9c35ec4b929f4ae693d65fdd26d5
|
|
apex_manifest_full.json was only for debugging purpose and is equavalent
to apex_manifest.pb.
Bug: 143951586
Test: m nothing (soong tests)
Test: m com.android.apex.cts.shim.v1
Test: m com.android.conscrypt (any Q-launching apex)
&& deapexer list <apex> shows apex_manifest.json also
Change-Id: I9f59b92e9c10aeb3844db4091ee090b21f4976dd
|
|
Bug: 144533348
Test: m
Change-Id: I07115c5cdadce2b386043a51f6d93990b61cd834
|
|
apexer adds apex_manifest.pb as well as Q-compatible json and R+ json.
apexd on Q can't understand newly added properties in
apex_manifest.json, which prevents from installed APEX packages built
with new properties.
apexer accepts three of apex_mainfest(.json, _full.json, .pb) from
commandline, and then put them in the apex container and image in it.
Bug: 143654022
Test: m -j
Change-Id: I8752b0c21af747be6fc5c3a04d1cb114d789c77e
|
|
For some apexes(e.g. VNDK apex for current version), the apex name is
determined dynamically. To support this scenario, apexer can just ignore
given key filename(--key).
Test: m com.android.vndk.current
Change-Id: Ibe0cd1dac1367d397820dd582a92f05e050f4a46
|
|
This option is passed to avbtool so that it can omit hashtree of the
payload image.
It is used by apex build rule when it is not Unbundled_build.
Bug: 139957269
Test: m {apex, e.g. com.android.resolv}
Test: jar -x --file $OUT/apex/com.android.resolv.apex
Test: avbtool info_image --image apex_payload.img
Test: check if tree size is zero
Change-Id: Ib2ef6e591df82a4826dba7d998cd81b7176d7bb1
|
|
This allows supplemental resource files (e.g. NOTICE output) to be
included in the APEX under assets.
Bug: 135218846
Test: Built Mainline modules + manual inspection
Change-Id: Iafdbc9012ea72a2298b84e70779282c00f191f31
|
|
Test: presubmit tests
Change-Id: Ifa233810fb0b78933c69a19c30f17379853c3de6
|
|
APEXes exist starting from Q (29). So updating the min version value to
29.
Note: APEXes that are mainline modules for Q (e.g. timezone, conscrypt,
...) are still having min sdk version set to 28 to support beta devices.
When we no longer need to support them, we should remove the hard-coded
min sdk version from the AndroidManifest.xml for the APEXes.
Bug: 131128233
Test: m com.android.runtime.debug and check its min sdk version number
Merged-In: Idfaee55c2efb1bbb81c15368001badf95d407782
Change-Id: Idfaee55c2efb1bbb81c15368001badf95d407782
(cherry picked from commit 5331936773b9d101b73a682f312b1c0b23980297)
|
|
The source of truth for an APEX version name is the
manifest.json file, which is propagated via aapt to
the AndroidManifest.xml.
Test: adb shell cmd apexservice getAllPackages
Test: Add versionName field to an apex manifest.json,
make and then run aapt dump badging to the path of the output.
Bug: 118739827
Change-Id: I4648237847d06d69016a72b620d5c8588d852c69
|
|
Missing minSdkVersion causes a problem when an APEX is re-signed with
sign_target_files_apks. Specifically, if the value is missing, SignApk
uses the most conservative algorithm SHA1withRSA which is being
deprecated. To fix the problem, when an APEX is built, the default
minSdkVersion is specified to ensure that all APEXes have minSdkVersion
set.
Bug: 131128233
Test: m com.android.runtime.debug; aapt dump badging <path_to_the_apex>
shows minSdkVersion
Merged-In: Ibc44b094052ea7a8ed96f9f464c55d48af37b04e
Change-Id: Ibc44b094052ea7a8ed96f9f464c55d48af37b04e
(cherry picked from commit 183acd9b93a28798e00c19fdc04bc7ae8b32a787)
|
|
It is used to set the target sdk version of the APEX for targeting.
Bug: 130541924
Test: m
Merged-In: I7178322bc8114bbe4992e68e3a0cda5ff3d2ae97
Change-Id: I7178322bc8114bbe4992e68e3a0cda5ff3d2ae97
(cherry picked from commit f40a093ceed68f998cd8f9a552da8936e4f24378)
|
|
This reverts commit 066a2e0f2fbf5f8a843552461d885010f1e63b7d.
Reason for revert: aosp/936938 fixes the problem
Change-Id: Ic1329914fa28b00e3b2db048e0ad38fe65e4aac5
|
|
This reverts commit 4d1634160d7dbd850140c917072f73f1063a60d3.
Reason for revert:
b/129547377
Broken test: suite/test-mapping-presubmit-retry_cloud-tf on aosp-master
Change-Id: I804a380114a567c999a7c96198c66e8c8e6f7d22
|
|
The reason this caused non-deterministic images earlier is that larger
inodes have the 'crtime' attribute inline, and, due to a missing
E2FSPROGS_FAKE_TIME, this attribute was set to the current time instead
of a fixed time.
Bug: 122991714
Test: rebuild apex.apexd_test.apex several times, check hash
Change-Id: I0e05dbd25d19a5219d5e0f2bd2e1ba057ad2cc8d
|
|
Add a --apexer_tool_path flag that can be used instead of the
APEXER_TOOL_PATH environment variable.
Test: apexer --help
Test: m com.android.support.apexer
Test: Build manual apex using --apexer_tool_path
Change-Id: I51e689a322574df6d2c4d29823e7bbe778b8e335
|
|
In order to run this tool outside of the build system we need to be
able to use something other than a hardcoded location for the current
sdks android.jar.
Test: m com.android.runtime.debug
Bug: 119332365
Bug: 119332362
Change-Id: I8f7f3cc39a91e96b4de727e906f253ba451f7806
|
|
AndroidManifest.xml file can be specified via the 'androidManifest'
property in the apex module type. It can be used to have a custom
AndroidManifest.xml that have additional tags (such as <uses-sdk> or
<uses-feature>) for precise tageting.
The property is optiona; if unspecified, the one is auto-generated as
before.
Bug: 123857186
Test: m apex_test_build_features
Change-Id: I0d28438e9463f8f544047bf5c89dc76066b7dbab
|
|
It appears to introduce non-determinism. Update the digest as well.
Bug: 122991714
Test: builds, atest apex_file_test passes for multiple runs
Change-Id: Id6cee105bde0ca496bafbe7119da96bda4dead34
|
|
- increase inode size to 256 in order not to break localization of
sepolicy in xattr
- reduce the # of inodes to the number of files/dirs counts
- duplicated blocks are shared
Bug: 122991714
Test: m. system boots to the UI
Test: m com.android.runtime.debug
Compare the sizeof the built file
Before: 109846528
After: 102719762
Change-Id: Ieff0ac318731b3b9ab113d4a35da13e1f5f11676
|
|
By default, the app package name of an APEX is equal to the apex package
name. The new --override_apk_package_name option is used to override the
behavior.
In practice, one can use this option by setting
PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES := <apex_name>:<manifest_name>
Test: m with PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES for
1) an APK in Android.mk
2) an APK in ANdroid.bp
3) an APEX
and check that manifest names are modified as specified
Change-Id: Idb30015205c572013a6d193b776409d32452ffb8
|
|
Remove ApexManifest class and use proto object directly.
Add postInstallHook field in proto message schema as it is present in
apexd.
Bug: 116129963
Test: ./apexer/runtests.sh
Change-Id: Iaca472c942c1546ff74761d450155530d446447d
|
|
This reverts commit 0fe26b1e6832d7fe6c19e728c21fdc0e9be2ed44.
Reason for revert: Testing the breakage.
Bug: 122067734
Test: Import error not deterministically reproducible. 'embedded_launcher: true' may remove the import error as suggested in the bug discussion thread.
Change-Id: Iefd8c6c05c7bcf83a51aeed141eaaca436eed3cc
|
|
The public key file is embedded in the zip container of the APEX with
the name 'apex_pubkey'. In debuggable builds, the bundled public key
will be used as a fallback when no matching public key is found in the
built-in partitions (e.g. /system/etc/security/apex).
This is useful for testing-purpose APEXes; the public key for the APEXes
do not need to be force installed on the device, which requires rooting.
Bug: 122047804
Test: add 'installable: false' to the apex_key
'com.android.apex.test_package.key'. mma under
/system/apex/apexd/apexd_testdata. unzip the built APEX. The public key
(renamed to apex_pubkey) is found in the zip container.
Change-Id: I07be3be8ae763c12dc0541fec2b172b5f11bbafd
|
|
This reverts commit 7e021e8dcae1098eccf972eb9e71448134fdc08b.
Reason for revert: build break
Change-Id: I6fbd8176ec7d4124c49d07f07ca9cd21a54caad3
|
|
Validate necessary fields in the manifest using protobuf.
Add class for apex manifest for better usability of the JSON fields.
Test: ./runtests.sh
Bug: 116129963
Change-Id: Icf5091ebc9fb4faca437cada3b93cd98c4b77ba6
|
|
This reverts commit 1486e178485b47094ac93f26624102106c1ecb89.
The added option (-U, and -E) are moved in front of the positional
parameters (image file name and block size).
Bug: 120811390
Test: Build two com.android.tzdata APEXes without changing the source
The two APEXes are identical.
Change-Id: I489bb809cdd4baf7dc56801fbc5bf68219e726d1
|
|
This reverts commit 0a7e57c0e9c6122ac582e94dd465571c632add3b.
Reason for revert: Breaks Mac builds
Change-Id: I7be1854839ee8d4eddd060fe84c8be27f520c490
|
|
Output of apexer is now deterministic. Unless the input files are
changed, the output is not changed across different runs.
Bug: 120811390
Test: Build two com.android.tzdata APEXes without changing the source
The two APEXes are identical.
Change-Id: I56657493bb54a859f18deb276edb68d6c9ee8f9e
|
|
These are apex files with the payload being a zip file instead of an
FS image. This makes them easier to use by other tools without root.
Test: build
Bug: 120436895
Change-Id: I8c9eb6c1baa8a2bbf92fb4be4f6d89088245ee90
|
|
To help diagnose issues.
Test: m
Test: manual
Change-Id: I7f7265f5bd1eb2e2296099dcfbd020b312aff21f
|
|
Two APEXes having differnet bundle names cannot be signed with the same
APEX key. This is prohibited both by the build system and by the apexd
at runtime.
Test APEXs and keys are updated accordingly.
Bug: 115721587
Test: m checkbuild
Test: device boots, adb shell; su; setenforce 0; cmd apexservice
getActivePackages shows the installed APEXes.
Test: atest apexservice_test apex_file_test apex_manifest_test
Change-Id: I07ed767b2dcd08f93ef98cc139d911121b016f9f
|
|
manifest.json -> apex_manifest.json
image.img -> apex_payload.img
Bug: 119672727
Test: m, installed on device, boots. tests succeed.
Change-Id: I3d03647f76f146b582d2335a26eeac9a5c278f29
|
|
Version code attribute was missing android namespace.
Test: Manually.
Change-Id: I809a6a77c69cb04ba053293dc4300b3ae515eb9f
|
|
Bug: 119768180
Test: m apex.test
[ 99% 5758/5761] //system/apex:apex.test apex [common]
[100% 5761/5761] Install: out/target/product/walleye/system/apex/apex.test.apex
Change-Id: Ia7bb715cbecdda4e11691e11d94e130f084d0012
|
|
This seem to be against the reality (since most APEXes will have code -
shared libs, java libraries, ...). But this is required because APEX
does not have classes.dex and other intra around APK is ensuring this.
Test: m apex.test
Change-Id: I8384fbaa4bc3606fbbd4ef9fc22357268051af9b
|
|
The name of the key used to sign an APEX is recorded in the vb metadata
structure. When verifying the APEX, the name is retrived to find the
corresponding public key from the /system/etc/security/apex directory.
Bug: 115721587
Test: m apex.test; m
/apex/com.android.example.apex@1 exists
Change-Id: I55a1695483515a8f4ac7d593d11675d9dd340b36
|
