StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use soong_zip for otatools.zip and otacerts.zip

Browse Source 
soong_zip produces more reproducible zip files that are not
affected by umask values or timestamps.

This partially reapplies I2eca2f7618e06c0b5893ff54c79261921fe051d6.

Bug: 69500920
Test: m checkbuild
Test: contents of zips is unchanged
Change-Id: Idf6fbc94e257dc34af4f5b115d740b7cb9bac015
This commit is contained in:
Colin Cross
2018-09-14 21:51:11 -07:00
parent aa1645504f
commit 21122f901c
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
core/Makefile
View File

@@ -685,7 +685,7 @@ $(call dist-for-goals,droidcore,$(PGO_PROFILE_MISSING))
# for future OTA packages installed by this system. Actual product
# deliverables will be re-signed by hand. We expect this file to
# exist with the suffixes ".x509.pem" and ".pk8".
DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
DEFAULT_KEY_CERT_PAIR := $(strip $(DEFAULT_SYSTEM_DEV_CERTIFICATE))
# Rules that need to be present for the all targets, even
@@ -1140,12 +1140,12 @@ $(winpthreads_notice_file): \
# This rule adds to ALL_DEFAULT_INSTALLED_MODULES, so it needs to come
# before the rules that use that variable to build the image.
ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/security/otacerts.zip
$(TARGET_OUT_ETC)/security/otacerts.zip: KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)
$(TARGET_OUT_ETC)/security/otacerts.zip: $(addsuffix .x509.pem,$(DEFAULT_KEY_CERT_PAIR)) | $(ZIPTIME)
$(TARGET_OUT_ETC)/security/otacerts.zip: PRIVATE_CERT := $(DEFAULT_KEY_CERT_PAIR).x509.pem
$(TARGET_OUT_ETC)/security/otacerts.zip: $(SOONG_ZIP)
$(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_KEY_CERT_PAIR).x509.pem
$(hide) rm -f $@
$(hide) mkdir -p $(dir $@)
$(hide) zip -qjX $@ $<
$(remove-timestamps-from-package)
$(hide) $(SOONG_ZIP) -o $@ -C $(dir $(PRIVATE_CERT)) -f $(PRIVATE_CERT)
# Carry the public key for update_engine if it's a non-IoT target that
# uses the AB updater. We use the same key as otacerts but in RSA public key
@@ -1153,7 +1153,7 @@ $(TARGET_OUT_ETC)/security/otacerts.zip: $(addsuffix .x509.pem,$(DEFAULT_KEY_CER
ifeq ($(AB_OTA_UPDATER),true)
ifneq ($(PRODUCT_IOT),true)
ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem
$(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(addsuffix .x509.pem,$(DEFAULT_KEY_CERT_PAIR))
$(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(DEFAULT_KEY_CERT_PAIR).x509.pem
$(hide) rm -f $@
$(hide) mkdir -p $(dir $@)
$(hide) openssl x509 -pubkey -noout -in $< > $@
@@ -3141,15 +3141,15 @@ OTATOOLS_DEPS += \
$(sort $(shell find external/vboot_reference/tests/devkeys -type f))
endif
$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) $(OTATOOLS_DEPS) $(OTATOOLS_RELEASETOOLS) | $(ACP)
$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) $(OTATOOLS_DEPS) $(OTATOOLS_RELEASETOOLS) $(SOONG_ZIP)
@echo "Package OTA tools: $@"
$(hide) rm -rf $@ $(zip_root)
$(hide) mkdir -p $(dir $@) $(zip_root)/bin $(zip_root)/framework $(zip_root)/releasetools
$(call copy-files-with-structure,$(OTATOOLS),$(HOST_OUT)/,$(zip_root))
$(hide) $(ACP) -r -d -p build/make/tools/releasetools/* $(zip_root)/releasetools
$(hide) cp -r -d -p build/make/tools/releasetools/* $(zip_root)/releasetools
$(hide) rm -rf $@ $(zip_root)/releasetools/*.pyc
$(hide) (cd $(zip_root) && zip -qryX $(abspath $@) *)
$(hide) echo $(OTATOOLS_DEPS) | xargs zip -qryX $(abspath $@)>/dev/null || true
$(hide) $(SOONG_ZIP) -o $@ -C $(zip_root) -D $(zip_root) \
-C . $(addprefix -f ,$(OTATOOLS_DEPS))
.PHONY: otatools-package
otatools-package: $(BUILT_OTATOOLS_PACKAGE)