Summary:
In my last diff, I've added mechanism to load private key from keystore.
However, that mechanism will reveal password as part of the java param.
This diff tries to use existing ANDROID_PW_FILE mechanism to support
password for keystore private keys (through stdin)
This diff also fix a null pointer bug in the existing password handling
Test: This diff has been tested locally, and could sign correctly with our
keystore with or without password
Tags:
Change-Id: Ie291ea8702a3b4d270b0f8689b023c3f290980a7
Summary:
Add two flags to load the keys from pkcs#11 keystore. When the option
-loadPrivateKeysFromKeyStore is specified, will load private keys from
the keystore with specified keyStoreName instead of load from file.
Test: make dist for arm_sunfish-user, which includes apk
and ota (wholefile) signing
Test:
- manually call signapk in Java11 (java9 may need additional
change to support), with statically registered pkcs#11 keystore, signed
both apk and ota-package.
- verified using apksigner and extracting otacert from ota-package, both
correct
Change-Id: I3efb8017f73d3d992c07ed4562acfef016a109fe
Commit Ia982eb2ee3d1eb64db72c1836e433bcc53e71e3f removes boot-5.4.img
and leaves only a boot-5.10.img file, which makes 'boot_container'
become false. This leads to the failure in AddVbmetaDigest() as it will
search a 'boot.img' based on the 'boot' descriptor from the vbmeta.img.
Add a condition that if boot_images[0] is not 'boot.img' then the
build is also a boot container.
Bug: 199807830
Test: build aosp_x86_64-user
Change-Id: I4a9487b075186f0abf2ba74d3a1cf78072352a05
Some of the product configuration makefiles use `info` and `warning` Make's
builtins for diagnostics. As running Starlark configuration generates the makefile
as its output, this diagnostics has to go elsewhere. Implement `rblf_log` as
the functional equivalent of `print` that writes to stderr instead of stdout
and use it to implement `info` and `warning` counterparts.
Fixes: 201073196
Test: manual
Change-Id: Ib4d9c10566f9b20310fbee41eda67f0a621b0a84
If this option is set, then an additional copy of the debug policy can
be installed to the GSI, and the init-second-stage of GSI could load
debug policy from GSI /system_ext when debug-ramdisk is used.
Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I8c62a3cea026bd26b1994092a14238d22ba1e2df
Those boot-debug-*.img is used with `repack_bootimg` for a
vendor_boot-debug.img in VTS setup. It is not for GKI boot.img
release.
https://source.android.com/compatibility/vts/vts-on-gsi#repacking
Renames boot-debug-*.img to boot-with-debug-ramdisk-*.img to
avoid confusion with the official GKI boot.img release.
Bug: 200878300
Test: `lunch gsi_arm64-user` then `make bootimage_debug`
Change-Id: Ia1f6ba847d5b7409fb7a8534432484d2aa972494
Revert "Add system_ext_userdebug_plat_sepolicy.cil for GSI"
Revert submission 1824717-gsi_debug_policy
Reason for revert: Breaks the build (see b/200933187).
Reverted Changes:
I37ef02628:Add a copy of debug policy to GSI system image
I9c3dad8bb:Add PRODUCT_INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT
I43adc6ada:Add system_ext_userdebug_plat_sepolicy.cil for GSI...
I4d6235c73:Add /system_ext/etc/selinux/ to the debug policy s...
Bug: 200933187
Change-Id: I4252793fbee1b83e3db26f944ac0be6581fa773f
This is necessary in order to expose the copy rule to Ninja. Otherwise
Ninja has a build rule that depends on the copied jar (namely, dexpreopt
commands for all subsequent system server jars that have the current one
in class loader context), but no rule that creates it, so Ninja fails
with a "no rule to make ..." error.
The change only affects system server ed in Android.mk
Previously the problem existed, but was hidden by the fact that the only
system server jar defined in Android.mk was the last one on the list, so
no other jar depended on it. Now that updatable apex jars are also
dexpreopted (https://r.android.com/1828115) the problem was uncovered.
Also the patch removes obsolete logic that disable dexpreopt for
PRODUCT_APEX_SYSTEM_SERVER_JARS; these jars are now preopted (but they
are all defined in Android.bp anyway, so no functional change here).
Bug: 200297762
Test: lunch bertha_x86_64-userdebug && m
Change-Id: I67c6d69f45ca3495f62994b5329f9e424dda4e65
This adds BOARD_EROFS_COMPRESSOR to change the compression algorithm
globally, and BOARD_{x}IMAGE_EROFS_COMPRESSOR to change it for
individual partitions.
Bug: N/A
Test: manual test
Change-Id: I2ef831558242a4070ee96269140c33b66c689351
The last user of MAINDEXCLASSES was removed in
Ia88660550c3e57749b8ccb154e97c31aaf2fcf3a.
Test: m checkbuild
Change-Id: I35d9e7d9ff4ac2c07716db59c900b8c3f2cb352e
It's really error prone to add new partitions or image flags given the
amount of code duplication here. Since most images have (or should have)
roughly the same flags, this factors the work out into a helper
function.
Bug: N/A
Test: m, m otapackage
Change-Id: If1a22b9d7b5cf028ba52608322c4383792dae6b9
Revert "update build rules to use /data/local/tests/unrestricted"
Revert submission 1826231-native-test-path
Bug: 199996863
Reason for revert: b/199996863
Reverted Changes:
Ic106011a7:update build rules to use /data/local/tests/unrest...
Id727355ec:update build rules to use /data/local/tests/unrest...
Change-Id: I18301ab3effacd43ff2f136bba9d3244b497a54b
When a device uses native bridge, it may be included in the system
image, so overriding by vendor/build.prop is not an option.
Example of overriding can be seen here: ag/15881132
Test: build cf_x86_64_phone-userdebug with native-bridge and launch, observe
1. ro.dalvik.vm.native.bridge=native_bridge.so moved from
vendor/build.prop to system/build.prop
2. the prop is correctly set at runtime
3. translated apps work
Bug: 197153442
Change-Id: I6cd566dd4e0fac181e309cb7f282d086de09075b
This is the first step to get rid of the set of identical macros defined
in utils.mk files in multiple device/google/xxxx directories. The macros
is-board-platform/is-board-platform-in-list will be eventuall replaced
with the new ones.
Bug: 190051051
Test: treehugger
Change-Id: I28017df86dbd899be38f882dd5496c894986d8db
Starlark-based product configuration can now share version settings
with makefile product config (mk2rbc converts version_defaults.mk into
version_defaults.rbc which is consumed by runtime initialization).
Bug: 198995713
Test: rbcrun build/make/tests/run.rbc
Change-Id: I1d3ddfed3b15d346b3e10714a195a9f0a3a55a56
If this option is set, then an additional copy of the debug policy can
be installed to the GSI, and the init-second-stage of GSI could load
debug policy from GSI /system_ext when debug-ramdisk is used.
Bug: 188067818
Test: Flash RQ2A.201207.001 bramble-user with debug ramdisk & flash
gsi_arm64-user from master, device can boot and `adb root` works
Change-Id: I9c3dad8bb6c5fa88b16762193446dc7e54f326c8
This wasn't adding much value, let's remove it for now until we decide
on how mixed builds will be exposed for users later.
Test: USE_BAZEL_ANALYSIS=1 m droid
Change-Id: I16465fd7759646964ea8c50aab6ab91f47c5e8d1
