This is part of prebuilt_internal.mk refactoring work and also a
preliminary task to design and implement its Soong counterpart.
Test: built and flashed an image for a Pixel device + TreeHugger
Change-Id: I89b13b1e0a2780b02fda7ee888e73052ac1abd9c
This CL adds support that allows treating an APEX as pre-signed. We can
skip signing an APEX with `-e <apex-name>=` and
`--extra_apex_payload_key <apex-name>=`. Note that the payload_key and
container_key must be in consistent state - either they're both
PRESIGNED or none of them is. CheckApkAndApexKeysAvailable() has been
updated to perform the sanity check.
Bug: 123716522
Test: Run sign_target_files_apks.py with the above flags.
Test: python -m unittest test_sign_target_files_apks
Change-Id: Id1e2f3f2facd4a97a385983cc9b78c028f7e7e73
Like If1f817d855cbe329b83caee9fdd68c2cce55f02b, but for
PRODUCT_PACKAGES, which is only enabled for a few builds.
Also share the ALLOW_MISSING_DEPENDENCIES check with the host
version.
Test: m product-graph
Change-Id: Iab55072e7d7c0fc9f4680cc515e139a5214dc3b4
This validation is to help ensure that any usage of custom merge config
files does not accidentally exclude any item that has been added to the
default config lists.
Bug: 124197349
Test: Run merge_target_files with custom merge config files.
Change-Id: I34c51cb75212368146a2944d37621f311060d24d
This reverts commit d8469727bc. The script
is broken on target_files.zip that don't contain any APEX.
Bug: 128848294
Test: Run check_target_files_signatures.py on target_files.zip w/o APEX.
After migrating the primary install location of test modules into a
generic testcase folder. All test modules will install to
out/target/product/<product>/testcase/<module_name>/ if they don't
specify their LOCAL_MODULE_PATH.
But the dependent test module should also be copied to testcase
folder even its LOCAL_MODULE_PATH be set.
BUG: 128815093
Test: 1. vi cts/tests/signature/api-check/Android.mk
add LOCAL_MODULE_PATH for cts-hiddenapi_flags-csv
2. m CtsHiddenApiBlacklistDebugClassTestCases
Then, hiddenapi_flags.csv should also be copied to testcase
folder.
Change-Id: Iff872447348e74b2728e0913d04e46ccbaa4e972
OTA tools should pick up the avbtool, as listed in dict['avb_avbtool'],
from the current PATH (plus bin/ under the dir specified via `--path`),
the same way as handling all other host tools.
Test: `m dist`
Change-Id: I3eb4d2c61979b03d9c23b2403d9a38cf052d87ea
After I25163e91886cea6941afa25cdb529ed053278dcb there is no longer
a dependency on $(LOCAL_BUILT_MODULE) for boot jars, as boot.art
is installed instead. Add a dependency from boot.art to
$(LOCAL_BUILT_MODULE) so that $(LOCAL_BUILT_MODULE) and its
dependencies (which may include jacoco-report-classes.jar) is
copied for every build.
Fixes: 127702563
Test: forrest
Change-Id: I4db2d1f5fe2e1141fe93317cd7a2a58a33f8fbff
This change splits the LOCAL_SOONG_RRO_DIRS into two,
representing RRO dirs that originated from device and
product overlay configs, respectively.
Also plumb the device/product configs in separately.
Bug: 127758779
Test: verify noop on presubmit targets
Change-Id: Iddee1b4d7303b7ecaeced91216ea82fe29123770
Also makes AddSystem check that an output_zip exists before attempting
to add the recovery patch to the output zip.
Bug: 128838154
Test: Running merge_target_files with --rebuild_recovery and verifying
it passes --rebuild_recovery to add_img_to_target_files.
Change-Id: I19347b2c0dabf29b7196045b18551b5d0687df2c
Previously:
if (DAP && !BUILD_SUPER) error;
Now:
if (BUILD_SUPER && !DAP) error;
This allows DAP devices to disable building super partition when the OEM
doesn't want to. The ability to build super partition shouldn't be
a requirement of enabling DAP; rather, building super partition requires
DAP to be enabled.
To do this on a device, PRODUCT_BUILD_SUPER_PARTITION should be set
to false explicitly. If it is unset, it will use the value of
PRODUCT_USE_DYNAMIC_PARTITIONS.
Bug: 127687287
Test: set PRODUCT_BUILD_SUPER_PARTITION to false and build dist
Change-Id: I25f1866e61d73affb445c1aec042cf53aac93583
The keys_info in the touched code is a tuple, which is immutable.
Bug: 123716522
Test: Run sign_target_files_apks.py with '-e foo.apex=bar' that replaces
the APEX container key.
Change-Id: I4e57e46c93a56b7f6646764d021ebb42c19bf7f5
Now per-file inherits global owners by default.
Bug: 128838191
Test: upload validator and [FIND OWNERS]
Change-Id: I58fb3cc8f2f277a5aa4b3372734197d888e59bcc
A few tweaks to make it easier to extend to generating RROs in
multiple partitions:
- deduce the module name inside generate_enforce_rro
- dedup rule definition
- tweak framework-res check to use source module name instead
Bug: 127758779
Test: verify noop on presubmit targets
Change-Id: I2f0d6270b21f5427c372c04a5c6e7fb712e72a9a
Make the runtime vs static resource overlays a little clearer.
This will help adding more logic around determining if an RRO
needs to be generated in /vendor, /product or both.
Bug: 127758779
Test: verify noop on presubmit targets
Change-Id: I43111a1d9bb3405c559faaef56a75a5ad7672ba0
Bug: 123716522
Test: Run sign_target_files_apks.py to sign a target_files with APEXes.
Test: Run check_target_files_signatures.py on signed artifact.
Test: python -m unittest test_sign_target_files_apks
Change-Id: I3fa13e3d9461cf5e0838e0572d436e218164fe41
Only the container certs will be checked and reported. For the payload
within an APEX, we can't easily extract the cert info.
It needs to go along a longer path, if ever needed, by:
- extracting public keys from all the available certs;
- using each of them to verify against an APEX payload to find a match
(`avbtool verify_image --image payload --key public_key`).
Bug: 123716522
Test: Run check_target_files_signatures.py on target_files with APEXes.
Change-Id: I2ef318e05433d2d65ab84e2dff9e01fb6ee3373d
Make it a bit clearer what this code is intended to do.
Bug: 127758779
Test: verify noop on presubmit targets
Change-Id: Ic405fc5d4601b9f0a91b4d24caa06f279267c51a
Other modules have switched to logging module. sign_target_files_apks.py
needs to init the logger to get the logs.
Test: Run `sign_target_files_apks.py -v`. Check outputs.
Test: Run `check_target_files_signatures.py -v`.
Change-Id: Ic68c019f6fb14840561885f1194ad6efdfdb7d82
RescueParty reboot the device to recovery mode if there is any
priv app die continuously. The behavior blocks the testing.
Disable the feature temporary before all problem apps fixed.
Bug: 120679683
Test: Boot a device with GSI and a die app
Test: Unplug USB and does not auto reboot
Change-Id: I70e5b7222299c6d0173d87e41d7a68beeda77dd5
ro.postinstall.fstab.prefix might be either "/system" or "/product",
to decide the location of the fstab.postinstall, used to mount
system_other partition on A/B devices.
{ro.postinstall.fstab.prefix}/etc/fstab.postinstall
Bug: 112103720
Test: factory reset and boot device, checks cppreopt logs
Change-Id: Ib1e282752c37713e2220239f4f903453ce3c8bab
superimage-nodeps and supernod depends
on images from $(ANDROID_PRODUCT_OUT) (not from
target files package). It doesn't rebuild source
images if they are present.
A typical workflow is:
m -j
# change code in system
m snod -j
m supernod -j
Test: For non retrofit, run:
`m snod -j; m supernod -j`
Fixes: 128321505
Change-Id: Ib8c011cadb9c0cd334234aef39f19be6a48fee62
This change makes it possible for products to specify the values
of the ro.product.system.X sysprops independently from the
corresponding sysprops on the other partitions.
Leave the fingerprint as-is for now. It will be changed to follow
suit in a followup change.
Bug: 110206836
Test: make
Change-Id: Id30012e1948df792778b102203116d4ae3f68e56
A followup change will make it not always equal TARGET_DEVICE,
so that name is unsuitable. Make its name follow the other product
variables.
Bug: 110206836
Test: presubmit
Change-Id: Icb1422ec5e7af658c5cc3070993c472e99805c6b
