This is similar to 2e45fd036a
but this CL is for generated java code.
For C++ code llvm-rs-cc defines two targets but it defines
three targets for Java. The sed script was updated to handle
both cases appropriately.
Bug: 26839129
Change-Id: I5c7705c67f3c65c4c14f74558e603f8ec9f35879
To help early verification of a target_files.zip being uploaded to our
servers, we place the META/ directory first in the .zip file, so checks
against the product_id.txt and product_version.txt don't need to wait
for the whole file to upload.
Note that META/*filesystem_config.txt files are generated and added to
the .zip file at a later point, so they are not included at the
beginning.
Bug: 26806325
TEST=`make dist` and `unzip -l out/dist/edison-target_files-eng.$USER.zip` shows most META/ files first.
Change-Id: I1955645412688f5c7823063ed56606b251daccfd
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
Change-Id: I058393e0971d0d6559dbd69ea902754c6c7cab14
(cherry picked from commit de5bc04717)
This was a regression since kati has been introduced. This CL
introduces include-depfile function to make it easier to write
Makefiles which work with both make and kati.
As ninja can handle only a single dependency file per a build
rule, now we merge multiple .d files generated by llvm-rs-cc
into a .d file.
Change-Id: Iaf64a8f0523ab98115837e6e06abd50f06620363
This reverts commit de5bc04717 because it's breaking some builds. Turns out some APKs have multiple sdkVersion attributes returned by aapt.
Change-Id: I013d6ef5eac473dd3900e0b9edf4c32cdc838bab
Temporary revert to help out Brillo folks.
It will be resubmitted tomorrow.
This reverts commit 4495f6afb8.
Change-Id: Id378c7d3a6e72e9be50f9404b19d5763568987a5
To return to OpenJDK 7:
export LEGACY_USE_JAVA7=true
And run envsetup.sh/lunch again.
Bug: 25786468
Change-Id: I8e00591a24d13e3b8b6baaafe0fdff6536c58770
This change adds new variables for RS_LLVM_* tools, which correspond
to the version of LLVM checked in currently to external/, instead of
mapping to the latest host prebuilts. This will help prevent version
differences for newer IR generated by the updated host prebuilts, which
then might not be readable with the on-device LLVM bits we build from
external/.
Change-Id: I6c7b0fa9082e9c8244cc508cb23960569a057740
Incremental build going across CL in [1] needs to remove the old
symlink to avoid hitting mkdir error.
[1]: commit 3f56a33041
Change-Id: Iff62ed55eb2782ba3e1e9b6de39a691de2427384
This changes the build system to provide the signapk tool with the
minSdkVersion of the APK being signed. signapk in turn will then use
SHA-256 instead of SHA-1 if minSdkVersion is 18 (JB MR2) or higher
(see c2c49ed0c1).
To avoid increasing incremental OTA update package sizes for already
released platforms, release build scripts disable the above logic when
signing target files ZIPs for pre-N platforms.
Bug: 25643280
Change-Id: I048393e0971d0d6559dbd69ea902754c6c7cab14
For non-Brillo devices using AB update, add the payload signing public
key to the system image
(system/etc/update_engine/update-payload-key.pub.pem).
We first need to sign the payload with some private key, and pack it
into an Android OTA package. Then the whole zip package will be signed
again with the device key. This is to comply with the two existing OTA
flows (Android and CrOS).
We use the same device key to do the two signings, but update_engine
expects the key in RSA public key format. This CL extracts the public
key from x509 certificate and adds it to the system image.
Bug: 25715402
Change-Id: I6f6c1148534250ddb6d9e554175c7a35bceda99e
New version of build/ execute the tools from prebuilts/sdk/tools in
place, old versions copy them to $(HOST_OUT_EXECUTABLES). build/ and
prebuilts/sdk often use mixed versions, set a flag that
prebuilts/sdk/tools/Android.mk can use to determine when it is using an
old build/ directory.
Change-Id: Iad2f96c35203fd3b0976946d229bfa8ab4acb150
APKs are now signed with the usual JAR signature scheme and then
with the APK Signature Scheme v2.
APK Signature Scheme v2 is a whole-file signature scheme which aims
to protect every single bit of the APK as opposed to the JAR signature
scheme which protects only the names and uncompressed contents of ZIP
entries.
The two main goals of APK Signature Scheme v2 are:
1. Detect any unauthorized modifications to the APK. This is achieved
by making the signature cover every byte of the APK being signed.
2. Enable much faster signature and integrity verification. This is
achieved by requiring only a minimal amount of APK parsing before
the signature is verified, thus completely bypassing ZIP entry
decompression and by making integrity verification parallelizable
by employing a hash tree.
Bug: 25794543
Change-Id: I275d2a6d0a98504891985309b9dfff2e0e44b878
This change makes signapk not reject the --disable-v2 command-line
flag which may be used by build scripts in some branches. The flag
is currently ignored.
This change is landed separately from the actual support for APK
Signature Scheme v2 because of unbundled branches which use prebuilt
versions of signapk.
Bug: 25794543
Change-Id: I900966244b8b6296b1f443bf98830cc7f7cc81a8
