| Age | Commit message (Collapse) | Author |
|---|
|
Bug: 195274797
Test: ./apxer/runtests.sh
Change-Id: I19019d2809496bfc37eca1964e58a4e04d8bbbe7
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
|
|
The new flag --payload_fs_type enables the user to choose between ext4
and f2fs for apex_payload.img
Test: ./runtests.sh
Bug: 158453869
Change-Id: I2858d834924c5cec0f809c4f5c8b2e622b8fdf47
Merged-In: I2858d834924c5cec0f809c4f5c8b2e622b8fdf47
|
|
Both apexer and apexer_test apply sha256 to be algorithm of the hashtree.
This patch updates the command line 'avbtool' to apply sha256 in
apexer_test.py.
Fixes: 157447952
Test: atest --host apexer_test
Change-Id: I5e4986e0bc54cb87d9ba5cb8fb9b545d09dc1c1d
|
|
Bug: 155771970
Test: build an arbitrary APEX (e.g. com.android.runtime)
$ unzip com.android.runtime.apex
$ avbtool info_image --image apex_payload.img | grep Hash
Hashtree descriptor:
Hash Block Size: 4096 bytes
Hash Algorithm: sha256
Test: compare the APEX size before and after the change: no difference
Merged-In: I8924349287d38a72be1058424a100c1981f656d1
(cherry picked from commit 85f60588d44baa1bd9cf066fabeb3f4b3f29e323)
Change-Id: I8924349287d38a72be1058424a100c1981f656d1
|
|
This CL enables building APEXs with an unsigned payload, but still with
the outer container APK/Jar-signed.
Bug: 148447155
Test: atest --host apexer_test. built a module with unsigned payload.
Change-Id: I3e18124e0fba832c4890d7298add8910b879662c
|
|
This will help signing tools to preserve correct package_name and
logging_parent tag of the outer APK container of an APEX
Test: apexer_test
Bug: 152084536
Change-Id: I7569acf20efe6ff64c3bdc7c43c07a0690c27bee
|
|
min_sdk_version: 29 implies that the module should support Android10.
Bug: 150431944
Test: m
Merged-In: Ic5be0f6cb21a2599f5cfe330278872fef65b6c62
Change-Id: Ic5be0f6cb21a2599f5cfe330278872fef65b6c62
(cherry picked from commit 18e14b269fed65ae83ac581e06b054745c3c04e1)
Exempt-From-Owner-Approval: cp from aosp
|
|
Verifies that re-packing an unsigned image generates an equivalent
unsigned image.
Bug: 150942423
Test: apexer_test
Change-Id: I0a0d0f9e2a1a0ce8f1f267feda4d19d2649ad5d7
|
|
The flag instructs apexer to output the payload before it is signed by
avbtool.
The CL also contains new test to ensure that when the unsigned payload
is signed by avbtool, it is same as the payload we get when we unzip an
apex.
Bug: 149993331
Test: atest --host apexer_test
Change-Id: I0c0c29ee2fabaa447f5844e71949a00778b1d935
|
|
The flag instructs apexer to output only the payload instead of the
complete apex. The payload is signed.
The CL also contains new test to ensure the payload only output from
apexer is same as what we get when we unzip an apex.
Bug: 149993331
Test: atest --host apexer_test
Change-Id: I545fcd6e84ea1eb7f55638ca51ff239912758930
|
|
This CL adds a unit test that verifies that we can produce an identical
APEX using only apex_build_info.pb and the original signing keys.
Bug: 147691496
Test: atest --host apexer_test
Change-Id: Ib9f78d6f7cece541e8046ed6227e5ab12c2eabe8
Merged-In: Ib9f78d6f7cece541e8046ed6227e5ab12c2eabe8
|
|
BUG: 148198056
Change-Id: I626d80dbe34ab8f0f3205d65a1df24efe76af009
|
|
|
|
In the build signing environment, we don't necessary have access to the
physical private key. And we work around it by passing an extra signing_helper
to the avbtool instead of a private key. Since we need to perform signing
to add the hashtree footer when rebuilding the apex image; apexer should recognize
the signing_helper and pass it to avbtool.
Bug: 148627666
Test: Call apexer with the argument
Change-Id: Ibf75d629d369bdbf4e3305b59eb495ccbfdc6428
|
|
Bug: 147691496
Test: atest --host apexer_test (in later CL)
Change-Id: I8b369810e05e3d0416e0eb9cb1e1d3bf8dd18de2
|
|
This allows for codename.fingerprint format to be specified for minSdkVersion
BUG: 130541924
Exempt-From-Owner-Approval: baligh@ - Initial CL was approved.
Change-Id: I971418ed6515d503bcc10a169b13b3c27ae82c64
|
|
The command line file in build_info pb causes some non-determinism in
the output (e.g. if directories are named differently). Removing this
by default since it has mostly debugging uses.
Test: m com.android.tzdata; inspect output.
Change-Id: I168b7ffba66657b8c60396e7c3c3f132f8cb1f23
|
|
This allows re-packing an APEX even if the original metadata such as
selinux file_contexts and canned_fs_config, and the original
AndroidManifest.xml, before aapt2 compiles it in binary format.
The flags that are relevant to the output are not automatically
restored, but the command_line debug field makes them all visible.
With this information, it is possible to repack an APEX to an identical
version (sha1sum verifiable) of itself.
Bug: 144477678
Test: Manual invocations of apexer with full parameters +
include_build_info, and subsequently with build_info parameter using
only data available in the apex given in input + private keys for
signing. Example:
1.
m com.android.conscrypt
2.
mkdir ${TMP_APEX_OUTPUT_WORKDIR}
unzip -d ${TMP_APEX_OUTPUT_WORKDIR} com.android.conscrypt.apex
mkdir ${TMP_APEX_OUTPUT_WORKDIR}/payload
deapexer extract ${OUTPUT_APEX_1_A} ${TMP_APEX_OUTPUT_WORKDIR}/payload
rm ${TMP_APEX_OUTPUT_WORKDIR}/payload/apex_manifest.{json,pb}
rmdir ${TMP_APEX_OUTPUT_WORKDIR}/payload/lost+found
3.
APEXER_TOOL_PATH=out/soong/host/linux-x86/bin:prebuilts/sdk/tools/linux/bin
\
out/soong/host/linux-x86/bin/apexer \
--force \
--manifest ${TMP_APEX_OUTPUT_WORKDIR}/apex_manifest.pb \
--build_info ${TMP_APEX_OUTPUT_WORKDIR}/apex_build_info.pb \
--include_build_info \
--payload_type image \
--key external/conscrypt/apex/com.android.conscrypt.pem \
--pubkey ${TMP_APEX_OUTPUT_WORKDIR}/apex_pubkey \
--assets_dir ${TMP_APEX_OUTPUT_WORKDIR}/assets \
--no_hashtree \
--manifest_json ${TMP_APEX_OUTPUT_WORKDIR}/apex_manifest.json \
${TMP_APEX_OUTPUT_WORKDIR}/payload \
${TMP_APEX_OUTPUT}
4. verified that the two apexes are identical (modulo the command_line
string in the build_info proto
Change-Id: Ibe5833d9d11b9c35ec4b929f4ae693d65fdd26d5
|
|
apex_manifest_full.json was only for debugging purpose and is equavalent
to apex_manifest.pb.
Bug: 143951586
Test: m nothing (soong tests)
Test: m com.android.apex.cts.shim.v1
Test: m com.android.conscrypt (any Q-launching apex)
&& deapexer list <apex> shows apex_manifest.json also
Change-Id: I9f59b92e9c10aeb3844db4091ee090b21f4976dd
|
|
Since protobuf binary format (.pb) is not human-readable, add 'info'
command to deapexer tool to print APEX manifest from APEX file in JSON
format.
Bug: 143951586
Test: deapexer info com.android.runtime.apex # prints
Change-Id: Ib09e088cb28d651852233bdedd94c2c95be1df67
|
|
Bug: 144533348
Test: m
Change-Id: I07115c5cdadce2b386043a51f6d93990b61cd834
|
|
apexer adds apex_manifest.pb as well as Q-compatible json and R+ json.
apexd on Q can't understand newly added properties in
apex_manifest.json, which prevents from installed APEX packages built
with new properties.
apexer accepts three of apex_mainfest(.json, _full.json, .pb) from
commandline, and then put them in the apex container and image in it.
Bug: 143654022
Test: m -j
Change-Id: I8752b0c21af747be6fc5c3a04d1cb114d789c77e
|
|
For some apexes(e.g. VNDK apex for current version), the apex name is
determined dynamically. To support this scenario, apexer can just ignore
given key filename(--key).
Test: m com.android.vndk.current
Change-Id: Ibe0cd1dac1367d397820dd582a92f05e050f4a46
|
|
This option is passed to avbtool so that it can omit hashtree of the
payload image.
It is used by apex build rule when it is not Unbundled_build.
Bug: 139957269
Test: m {apex, e.g. com.android.resolv}
Test: jar -x --file $OUT/apex/com.android.resolv.apex
Test: avbtool info_image --image apex_payload.img
Test: check if tree size is zero
Change-Id: Ib2ef6e591df82a4826dba7d998cd81b7176d7bb1
|
|
This allows supplemental resource files (e.g. NOTICE output) to be
included in the APEX under assets.
Bug: 135218846
Test: Built Mainline modules + manual inspection
Change-Id: Iafdbc9012ea72a2298b84e70779282c00f191f31
|
|
Test: presubmit tests
Change-Id: Ifa233810fb0b78933c69a19c30f17379853c3de6
|
|
This change adds a new property noCode to the apex manifest. When the
property is set to true, the APEX is mounted with MS_NOEXEC to prevent
execution of code from the APEX. This can be used for data-only APEXes
like the timezone APEX or bootanim APEX.
Bug: 129030458
Test: atest apex_manifest_test
atest apexservice_test
Change-Id: Iee1087036d4783f4b77483df026e1509f3c3266c
|
|
APEXes exist starting from Q (29). So updating the min version value to
29.
Note: APEXes that are mainline modules for Q (e.g. timezone, conscrypt,
...) are still having min sdk version set to 28 to support beta devices.
When we no longer need to support them, we should remove the hard-coded
min sdk version from the AndroidManifest.xml for the APEXes.
Bug: 131128233
Test: m com.android.runtime.debug and check its min sdk version number
Merged-In: Idfaee55c2efb1bbb81c15368001badf95d407782
Change-Id: Idfaee55c2efb1bbb81c15368001badf95d407782
(cherry picked from commit 5331936773b9d101b73a682f312b1c0b23980297)
|
|
The source of truth for an APEX version name is the
manifest.json file, which is propagated via aapt to
the AndroidManifest.xml.
Test: adb shell cmd apexservice getAllPackages
Test: Add versionName field to an apex manifest.json,
make and then run aapt dump badging to the path of the output.
Bug: 118739827
Change-Id: I4648237847d06d69016a72b620d5c8588d852c69
|
|
Missing minSdkVersion causes a problem when an APEX is re-signed with
sign_target_files_apks. Specifically, if the value is missing, SignApk
uses the most conservative algorithm SHA1withRSA which is being
deprecated. To fix the problem, when an APEX is built, the default
minSdkVersion is specified to ensure that all APEXes have minSdkVersion
set.
Bug: 131128233
Test: m com.android.runtime.debug; aapt dump badging <path_to_the_apex>
shows minSdkVersion
Merged-In: Ibc44b094052ea7a8ed96f9f464c55d48af37b04e
Change-Id: Ibc44b094052ea7a8ed96f9f464c55d48af37b04e
(cherry picked from commit 183acd9b93a28798e00c19fdc04bc7ae8b32a787)
|
|
It is used to set the target sdk version of the APEX for targeting.
Bug: 130541924
Test: m
Merged-In: I7178322bc8114bbe4992e68e3a0cda5ff3d2ae97
Change-Id: I7178322bc8114bbe4992e68e3a0cda5ff3d2ae97
(cherry picked from commit f40a093ceed68f998cd8f9a552da8936e4f24378)
|
|
|
|
This reverts commit 066a2e0f2fbf5f8a843552461d885010f1e63b7d.
Reason for revert: aosp/936938 fixes the problem
Change-Id: Ic1329914fa28b00e3b2db048e0ad38fe65e4aac5
|
|
|
|
This reverts commit 4d1634160d7dbd850140c917072f73f1063a60d3.
Reason for revert:
b/129547377
Broken test: suite/test-mapping-presubmit-retry_cloud-tf on aosp-master
Change-Id: I804a380114a567c999a7c96198c66e8c8e6f7d22
|
|
Test: N/A - comment change only.
Change-Id: I10eb13f4ac02ca2477623817d358f7e423e93ff2
|
|
The reason this caused non-deterministic images earlier is that larger
inodes have the 'crtime' attribute inline, and, due to a missing
E2FSPROGS_FAKE_TIME, this attribute was set to the current time instead
of a fixed time.
Bug: 122991714
Test: rebuild apex.apexd_test.apex several times, check hash
Change-Id: I0e05dbd25d19a5219d5e0f2bd2e1ba057ad2cc8d
|
|
This file has the side effect of triggering tests from system/apex/apexd
whenever another test mapping file references system/apex/tests. The
reason for this is that test mapping for a given directory are
inherited implicitly from all the top directories.
Test: atest --test_mapping (with various combinations)
Change-Id: Id82e24326b28a794667f3fa9b4f67a2507014dfa
|
|
Add a --apexer_tool_path flag that can be used instead of the
APEXER_TOOL_PATH environment variable.
Test: apexer --help
Test: m com.android.support.apexer
Test: Build manual apex using --apexer_tool_path
Change-Id: I51e689a322574df6d2c4d29823e7bbe778b8e335
|
|
This host, zipapex contains all binaries and libraries needed to
create apexs outside of the soong build-system.
Test: m com.android.support.apexer
Test: ./art/tools/build_linux_bionic.sh com.android.support.apexer
Bug: 119332365
Bug: 119332362
Bug: 124439236
Change-Id: I12ce2353a3c048aaeabe468faca6d7975e104aba
|
|
In order to run this tool outside of the build system we need to be
able to use something other than a hardcoded location for the current
sdks android.jar.
Test: m com.android.runtime.debug
Bug: 119332365
Bug: 119332362
Change-Id: I8f7f3cc39a91e96b4de727e906f253ba451f7806
|
|
AndroidManifest.xml file can be specified via the 'androidManifest'
property in the apex module type. It can be used to have a custom
AndroidManifest.xml that have additional tags (such as <uses-sdk> or
<uses-feature>) for precise tageting.
The property is optiona; if unspecified, the one is auto-generated as
before.
Bug: 123857186
Test: m apex_test_build_features
Change-Id: I0d28438e9463f8f544047bf5c89dc76066b7dbab
|
|
|
|
It appears to introduce non-determinism. Update the digest as well.
Bug: 122991714
Test: builds, atest apex_file_test passes for multiple runs
Change-Id: Id6cee105bde0ca496bafbe7119da96bda4dead34
|
|
- increase inode size to 256 in order not to break localization of
sepolicy in xattr
- reduce the # of inodes to the number of files/dirs counts
- duplicated blocks are shared
Bug: 122991714
Test: m. system boots to the UI
Test: m com.android.runtime.debug
Compare the sizeof the built file
Before: 109846528
After: 102719762
Change-Id: Ieff0ac318731b3b9ab113d4a35da13e1f5f11676
|
|
With support for symlink_preffered_arch we need tests to make sure we
can actually add symlinks into apex files.
Test: ./system/apex/apexer/runtests.sh
Bug: 119942078
Bug: 122373634
Bug: 123079311
Change-Id: Ifbd0a6d6c37580de8266b186114b767d1db378e5
|
|
By default, the app package name of an APEX is equal to the apex package
name. The new --override_apk_package_name option is used to override the
behavior.
In practice, one can use this option by setting
PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES := <apex_name>:<manifest_name>
Test: m with PRODUCT_MANIFEST_PACKAGE_NAME_OVERRIDES for
1) an APK in Android.mk
2) an APK in ANdroid.bp
3) an APEX
and check that manifest names are modified as specified
Change-Id: Idb30015205c572013a6d193b776409d32452ffb8
|
|
Moving towards protobuf validation in apexer/apexd. Since this will be
the main class that will be used for apex manifest, renaming for better
reference.
Test: ./apexer/runtests.sh
Change-Id: Iaf9bfb1747a60f5c22869d8a56a7661bf10866e9
|
|
Remove ApexManifest class and use proto object directly.
Add postInstallHook field in proto message schema as it is present in
apexd.
Bug: 116129963
Test: ./apexer/runtests.sh
Change-Id: Iaca472c942c1546ff74761d450155530d446447d
|
|
Protobuf saves the field names in camelCase. To avoid converting to and
from camelCase, using consistent field names for apex manifest schema.
Bug: 121546801
Test: mmma system/apex
out/host/linux-x86/testcases/apex_file_test/x86/apex_file_test
out/host/linux-x86/testcases/apex_manifest_test/x86/apex_manifest_test
Change-Id: Iffaa099d5bff100e09c41eab3d3e9af15dfbad53
|
