| Age | Commit message (Collapse) | Author |
|---|
|
Author: Gabriele M <moto.falcon.git@gmail.com>
Date: Thu Jun 14 01:10:09 2018 +0200
update_engine: Add performance mode
Allow to move update_engine from the system-background cgroup
to the foreground cgroup to speed up the installation of the
updates.
Change-Id: Iaa531a925f9e1a26e834d7448c4755151adcfea2
Author: Luca Stefani <luca.stefani.ge1@gmail.com>
Date: Mon Mar 4 14:57:28 2019 +0100
Move performance mode to top app
Change-Id: I436102b4f8d046b8f3d897882613ec46acf9e2c5
luca020400: Move to TaskProfiles API
Change-Id: Id7e27b0c42d80c4a3ce1dc7f8540313a7042db53
|
|
Bug: 188909957
Test: manual test
Change-Id: I108c20cf1e092478be2ae59701514f32d9b0a9f3
Merged-In: I108c20cf1e092478be2ae59701514f32d9b0a9f3
|
|
This also adds a manual call to WriteState(). If update_engine crashes
or the device reboots, it's possible that certain stats (such as the COW
file stats) will be gone by the time the merge state is recovered.
Forcing a write prevents this.
Note that the write was previously implicit in set_cow_file_size, but is
now explicit before calling InitiateMerge().
Bug: 188909957
Test: manual test
Change-Id: I27cdc72272a9fa4ff5df4968e200fc14f63d0146
Merged-In: I27cdc72272a9fa4ff5df4968e200fc14f63d0146
|
|
OTA can terminate in the following ways:
1) Before reboot, intentionally cancelled.
2) Before reboot, failed due to error
3) After reboot, failed due to error
4) After reboot, success
Cleaning up from ResetStatus should cover #1. For #2, there won't be
automatic cleanup on failure, as sometimes we resume OTA from where it
last failed. So user needs to explicitely call ResetStatus to clean up.
for #2.
Number #3 and #4 will be dealt in follow up cl.
Bug: 172911822
Test: Case #1: Intentionally cancel
1. Allocated space:
python3 update_device.py --allocate-only ota.zip
2. Temp file deleted by:
adb shell update_engine_client --reset_status
Change-Id: Id6844e4ce4f248605b4a9ae07268dea55d629265
Merged-In: Id6844e4ce4f248605b4a9ae07268dea55d629265
(cherry picked from commit b5c07bfe7eae04ce383af4eecb1b1c44bea8333f)
|
|
Old behavior:
When update_engine starts up after device take OTA and reboot, if
device booted into a different build(check build fingerprint),
ResetStatus().
When we apply a self-ota, device will boot into the same build, so
ResetStatus() is never called. If we apply the same OTA at this point,
this OTA will be treated as a "resume", and will fail to install because
we never call libsnapshot's API to allocate snapshot for new update.
Changed to ResetStatus() if boot slot changed, or build fingerprint
changed.
Bug: 185019674
Test: apply self-full OTA, reboot, repeat 2 times.
Change-Id: Idcc29dc1c02f3b9b2c84ed1978abedb651a3875a
|
|
When postinstall_mount_device is initially introduced, it's only
intended to be used by postinstall action, hence the name. Now we plan
to use it for fs verification purpose as well, rename for better
clarity.
Test: th
Change-Id: Iff996f2f513bb44694e39d758a69851793b9a565
|
|
If device doesn't support updatable apexes (a.k.a. uses flattened
apexes), then it won't have compressed apexes, so there is no need
calling into apexd.
Test: atest update_engine_unittests:ApexHandlerAndroidTest
Test: build and flash aosp_cf_x86_phone_noapex-userdebug
Test: m dist
Test: python3 system/update_engine/scripts/update_device.py --file out/target/product/vsoc_x86_noapex/aosp_cf_x86_phone_noapex-ota-eng.ioffe.zip
Test: checked OTA was successfully staged
Bug: 185862111
Change-Id: Ibf9db757f3af37d23fb8248108b2b6d22c95dec7
|
|
On a device which doen't support VAB, calligng UpdateUsesCompression
directly will cause libsnapshot to print error logs. Therefore check for
VAB support first.
Test: th
Change-Id: Icfbf848908939069493f6c10f6a69f022b9b8350
|
|
Bug: 185290850
Test: statsd_testdrive
Change-Id: I743ca357225140635aae7a0b77338d35e64298da
|
|
Bug: 185290850
Test: manual test
Change-Id: I094c705a5a275e289eddb8f42e68e08f56975c83
|
|
This is a revision to I29af8aa653a8e. I29af8aa653a8e disables
the check temporarily for secondary OTA. Re-enable the check properly.
Test: pass
Bug: 185552745
Change-Id: Ie4e52b8d374c6b3624a2fd4f1576390a37189ff0
|
|
Check allocatable space in super based on whether VAB is
enabled on the device, instead of basing on whether snapshot
is used for this update.
On VAB devices where snapshot is not used, e.g. secondary
update, we don't want to divide allocatable space by half.
The logic changes from:
if (!retrofit DAP && ! update uses snapshot && !sideload)
allocatable_space /= 2
to
if (!retrofit DAP && ! VAB enabled)
allocatable_space /= 2
All other changes are cosmetic.
Test: pass
Bug: 185552745
Change-Id: If182da4fdbc4b39160347205ccfa50642afc5511
|
|
Bug: 180535575
Test: statsd_testdrive
Change-Id: I8b40d069ff8c271ea40b3475003058ac6a940f76
|
|
We had a severe bug in CleanupPreviousUpdateAction, undetected for a
while. Added unittest to cover the bug so we don't regress.
Bug: 169436297
Bug: 178637306
Test: th
Change-Id: I40fc97a5c771ec001896ecd8f6d46b551cc7724c
|
|
Bug: 178637306
Bug: 169436297
Test: make boot control's IsSlotMarkedSuccessful always return false,
launch update_engine
Change-Id: I12c01c5f062ec4b41718f2cada817f6557eb2b0e
|
|
Test: th
Change-Id: Ide00028036b8b382a233b52716795a5c5c8da4e6
|
|
We were mounting /postinstall with a 'context=...' option. This forces
all files within /postinstall to have a single selinux context,
limiting the possible granularity of our policies. Here we change it
to simply default to the 'postinstall_file' context for the 'system'
partition but allow individual files to have their own custom contexts
defined by /system/sepolicy. Other partitions retain the single
'postinstall_file' context.
The sample_images were updated to manually add a selinux label for
testing FS contexts.
Test: Manual OTA of blueline
Test: atest update_engine_unittests
Bug: 181182967
Change-Id: I0b8c2b2228fa08afecb64da9c276737eb9ae3631
Merged-In: I0b8c2b2228fa08afecb64da9c276737eb9ae3631
|
|
When the snapshot is used, we should check that the maximum size
of all dynamic partition groups doesn't exceed the super partition
size.
Bug: 182431975
Test: primary payload fails as expected Pixel21
Change-Id: I5df8976e6b7e011284b29fd554dda80e31305698
|
|
We can return a FileDescriptor object, which encapsulates logic needed
to write to a COW. This way, filesystem verfication action can use the
turend value directly for computing verity and hash the partition.
Test: th
Change-Id: Iafe9699ef0cc15961641fc94f8ad2820230a56e1
|
|
If we don't unmap partitions, snapuserd will keep running in the
background and do nothing. Unmap partitions so that memory associated
with daemon can be freed.
Test: th, apply an OTA, verify that _b partitions in /dev/block/mapper
are gone
Change-Id: I4a75f4abe3e69f9ad2a67a78472b61cfbd77b0eb
Change-Id: Icacf1699a32bf045c2b832f7c1f021d90805d676
|
|
Bug: 172911822
Test: atest ApexHandlerAndroidTest (checked that file was created)
Change-Id: I8024695ebba1a9c1796c05b27a0eec3da3b3d1bc
|
|
When DynamicPartitionControlAndroid is constructed, it initializes both
source and target slot to -1. These values get updated during
PreparePartitionsForUpdate call. And we only
PreparePartitionsForUpdate() when applying an OTA or applocating space
for an OTA(not when verifying OTA metadata). Which means if
VerifyPayloadApplicable() is called before any call two other APIs, we
could be using an "Uninitialiazed" dynamic partition control.
To mitigate this problem, we pass in source_slot at ctor of
DynamicPartitionControl, also make IsDynamicPartition() api take in a
slot number to avoid reading uninitialized member fields.
Bug: 181643302
Test: apply an OTA, abort, restart update_engine, verify a payload
Change-Id: I9a8a0fe8a9aca48e91241e15bdec33a1c1228553
|
|
Bug: 180535575
Test: apply OTA, snapshotctl dump
Change-Id: Iedd761b2f6923a56b11f9d6868d6baf569ad38d0
|
|
When applying a secondary payload, we might call UpdatePartitionMetadata
without VAB, so don't abort
Bug: 182310095
Test: th
Change-Id: I29af8aa653a8e3ccb37df2651883c6da09f727c7
|
|
__android_log_write won't abort the program by itself. Since we are
not using libchrome's aborter, call __android_log_assert explicitly
on FATAL errors.
Bug: 182310095
Test: check update_engine aborts for CHECK failure
Change-Id: I41805f2b8294bba696e713100088dd720dd66356
|
|
Bug: 174881019
Change-Id: I24197f86e3fa832029db6aaaf186468600748b40
|
|
Bug: 180535575
Test: manual test
Change-Id: Ie35aad243ed57406a963e136ddf91fc67f20d6ca
|
|
Test: serve an OTA with postinstall, make sure postinstall works
Bug: 181182967
Change-Id: Ifd44bb700c4bca28a391c64fbc9888c79612f26f
|
|
VAB team can use this tool to understand what real world COW images look
like, and perhaps write unittests
How to use this tool:
1. mm -j cow_converter
2. `unzip your_ota.zip payload.bin`
3. `unzip target_file.zip "IMAGES/*" -d /tmp/target_file
4. `cow_converter payload.bin /tmp/target_file/IMAGES`
5. inspect generated cow images `ls -l /tmp/target_file/IMAGES/*.cow`
Test: cow_converter payload.bin /tmp/target_file/IMAGES
Change-Id: I2c9d1ea566378e3350a048c40ff05a79d14873e8
|
|
In this CL, we created a ApexHandlerAndroid that can communicate with
apexd via binders to get better estimate for how much space the
update_engine should reserve for capex decompression.
The size check is placed in update_attempter_android, which is also used
in binary for sideloading OTA. Sideloading binary runs during recovery
when binder calls, apexd and data parition are all not available. As
such, it doesn't make sense to reserve space when sideloading.
Bug: 172911822
Test: atest ApexHandlerAndroidTest
Test: atest UpdateAttempterAndroidTest
Test: manually served ota using `update_engine_client --allocate` and
observed full.tmp was written in /data/apex/ota_reserved
Change-Id: Iccf3d8c2db24e8d8f3406d0aaa65cbf707c9ae51
|
|
For first version, we let update_engine compute size requirements by
adding up decompressed sizes. Then update_engine creates a file at a
fixed path and write 0s to that file to reserve space.
Test: treehugger, serve an OTA, make sure /data/apex/ota_reserved is present
Bug: 172911822
Change-Id: I2f44289711b1daa064af8ead66cc1293dad89dc7
|
|
If update_engine is triggered with file descriptor when an update is
already running, the running update will be aborted.
Update will be aborted due that existing file descriptor is reset.
Check if update_engine is already running before resetting/closing file
descriptor.
Test: manual, make multiple calls rapidly to java api
UpdateEngine.applyPayload with package in file descriptor
Bug: 178895193
Change-Id: I9c575870b435d2221787eb29d95279328e20fdbe
|
|
Test: th
Change-Id: Ia04f92d46da34fcd28d7e97c24b6e02fd676e1c7
|
|
If a slot doesn't support dynamic partitions, it's impossible to list
dynamic partitions on that slot. And we should just fall back to the
regular A/B in this case.
Bug: 180025432
Test: apply a retrofit package
Change-Id: I16c457b591e8c1d0cf1077a7be50dd9d8f61b8eb
|
|
Test: statsd_testdrive
Bug: 178732971
Change-Id: I1a3614244ec0cded17ba2423122e0505f079ef25
|
|
Test: TH
Bug: 178732971
Change-Id: If434927b7abdecb8093db1462dae196cd744331a
|
|
The module under test, UpdateAttempterAndroid, must be
initialized after all dependencies have been initalized.
Test: no more segfault
Change-Id: I4524ee59ebe6194b5e07b2f9edb702ce07ad14d7
|
|
This function returns whether Virtual A/B
compression is enabled for the ongoing update.
Test: TH
Bug: 178732971
Change-Id: I781802443afd1d8deac046a8da198658220f7ba0
|
|
Test: apply update, then statsd_testdrive
Bug: 178732971
Change-Id: Idf4b1d5fe3283c0cf659c7660d658a758b62b740
|
|
We want to improve the security of the keystore encryption key for resume
on reboot. One AI is to create the key with the vbmeta digest of the
next slot to boot into. After reboot, the decryption will fail if
ro.boot.vbmeta.digest of the new slot doesn't match the calculated value
before reboot.
Since update_engine manages the slot switch, let it calculate the digest
as well.
Bug: 177625570
Test: do a update, check that the sysprop is set.
Change-Id: I74b20fca72f6946d980b93d76990f1c8b8f246a9
|
|
When mapping partitions, not_in_payload flag decides if the partition
needs to be mapped as a snapshot backed by COW, propagate this flag.
Test: treehugger
Change-Id: I9f0073fb91067410978927e59bf51c4f2cd152e6
|
|
Test: boot into recovery, make sure OTA works
Change-Id: I672d18806b2dbaf259ede406ef49f9baed2d0c6e
|
|
Test: treehugger
Change-Id: I4984f03fa95a753fb17779451eb458f177432d4f
|
|
Its really hard to read anything out of the current InstallPlan's
logs. This CL makes it a bit more structured so it can be read easier.
Also added a few other properties of InstallPlan that were missing in
the Dump().
Added unittest for it too.
BUG=b:171829801
TEST=cros_workon_make --board reef --test update_engine
Change-Id: Iaa327e875877e9645ef8f0af875c280e11ee485d
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2558933
Tested-by: Amin Hassani <ahassani@chromium.org>
Auto-Submit: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Jae Hoon Kim <kimjae@chromium.org>
Commit-Queue: Jae Hoon Kim <kimjae@chromium.org>
|
|
With VABC, we no longer need to map all partitions before
reading/writing, so don't try to map them.
1. modify GetPartitionDevice to return empty path for target partitions
on VABC
2. Add a separate GetMountableTargetDevice for obtaining a mountable
device path, specifically for postinstall
Test: treehugger
Change-Id: Ib1f608914fc49c677ce7389140ca79b028171191
|
|
During FileSystemVerify stage, update_engine needs to read from source
or target partition to verify hashes && write verity. Previously we use
brillow's file stream to implement async reads. WIth Virtual AB
Compression, reading from target partition must go through libsnapshot's
interface(FileDescriptorPtr). So we replace brillo::FileStream with
FileDescriptorPtr for ease of integrating with VABC.
Test: serve an OTA update, verify: slot switch resume, regular resume
Change-Id: Id8531757468f60e3e21667b7761b83f7c2af2dbf
|
|
Test: treehugger
Change-Id: I655e4d6114a25c58857679985cd5e08581c0faab
|
|
mock_dynamic_partition_control_android
The mock contains android specific behaviors, so appending the filename
with "android"
Test: treehugger
Change-Id: Ic6e53e07a4645e4f854c1fb22e0fa9f7f911bef3
|
|
Test: treehugger
Change-Id: I393fc36372f9e979da1a6c7e49c7782a7372a5b9
|
|
SystemState is supposed to be a global context and is used lamost
everywhere. So instead of passing it to functions and keeping multiple
pointers to it, its better to do what we did in dlcservice and make it a
singleton class with a getter that can be get from everywhere.
BUG=b:171829801
TEST=unittests
Change-Id: I3b2de9394b7769b3911195ca52d61dbe49afd4dd
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2521792
Commit-Queue: Amin Hassani <ahassani@chromium.org>
Tested-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Jae Hoon Kim <kimjae@chromium.org>
|
