For an PRESIGNED APEX, it has the following format, which should be
considered as a valid input.
name="foo.apex" public_key="PRESIGNED" private_key="PRESIGNED" container_certificate="PRESIGNED" container_private_key="PRESIGNED"
Bug: 131153746
Test: Run sign_target_files_apks.py on a target_files.zip with PRESIGNED
APEXes.
Test: python -m unittest sign_target_files_apks
Change-Id: I51076b0c6eddfb75637d37659a08009f0a88e931
By sorting the content of the final output merged target files package, the
merged target files package is more like the target files packages generated by
a build.
Test: Generate merged target files package, verify that content is sorted.
Change-Id: Ic0c198630ebd7692a3f3f9663d85e4b45229175c
We used to require explicitly setting both (e.g. `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=` to skip signing `foo.apex`).
This CL allows specifying `-e` alone to achieve the same result.
However, if a conflicting `--extra_apex_payload_key` is also specified,
that would be considered as a config error.
Bug: 131153746
Test: Run sign_target_files_apks.py with `-e foo.apex=` alone to skip
signing foo.apex.
Test: Run sign_target_files_apks.py with `-e foo.apex=` and
`--extra_apex_payload_key foo.apex=key` and expect assertion error.
Change-Id: Ia747f59ee726b60bdb1445024e749320171064c2
This is used by merge_target_files to prevent an unnecessary unzip and
copy.
Test: Ran merge_target_files.py and booted using the img.zip.
Change-Id: I6fe0dd025b30b3f4965c9b22fb6943019bf5899b
In some build targets, e.g., aosp_arm64_ab, $OUT/ramdisk is an empty
dir, and leads to rsync $OUT/ramdisk/* failure. Removing the trailing
asterisk to avoid throwing an error if it's empty. Note that the
trailing slash still needs to be kept to avoid creating an additional
directory level at the destination.
Bug: 126493225
Test: `make ramdisk_debug` on aosp_arm64_ab
Test: flash boot-debug.img on crosshatch still can adb root
Change-Id: I44937324379fa78fc26a4471ba94eb7694911c2d
Merged-In: I44937324379fa78fc26a4471ba94eb7694911c2d
Some targets have ramdisk.img but no boot.img, howerver,
ramdisk-debug.img only depends on boot.img. Fix this by making
ramdisk-debug.img depends on ramdisk.img.
Bug: 126493225
Test: make ramdisk_debug
Change-Id: I65120a3b3372712fafc26442354ee031eede0bd3
Allow setting it for host modules, it is necessary for
RoboLectric.
Remove some unused PRIVATE_DONT_DELETE_JAR_META_INF variables.
Remove unzip-jar-files, it is obsolete since merge_zips was
introduced.
Test: m checkbuild
Change-Id: I3f2fc466321904eace31525cbac99ad524f39188
The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.
See the following for more details about boot-debug.img:
https://android-review.googlesource.com/c/platform/build/+/947857
Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
command fails:
./build/tools/releasetools/sign_target_files_apks \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
It's a vendor-specific property, which was historically included into
/system/build.prop prior to this change.
Whether a target uses A/B OTA shouldn't affect anything on the system
image, including the `ro.build_ab_update` property. Moving it to vendor
partition will also make it consistent with other A/B specific configs,
such as the `slotselect` flag in device fstab
(/vendor/etc/fstab.$(PRODUCT_PLATFORM)).
Bug: 130516531
Test: Build and flash crosshatch-userdebug. Check /system/build.prop,
/vendor/build.prop and the runtime property.
Change-Id: I927625fbcc02c4a875a1f39850b51576f5ff6c66
This is to migrate sepolicy Makefiles into Soong. For the first part,
file_contexts, hwservice_contexts, property_contexts, and
service_contexts are migrated. Build-time tests for contexts files are
still in Makefile; they will also be done with Soong after porting the
module sepolicy.
The motivation of migrating is based on generating property_contexts
dynamically: if we were to amend contexts files at build time in the
future, it would be nicer to manage them in Soong. To do that, building
contexts files with Soong can be very helpful.
Bug: 127949646
Bug: 129377144
Test: 1) Build blueline-userdebug, flash, and boot.
Test: 2) Build blueline-userdebug with TARGET_FLATTEN_APEX=true, flash,
and boot.
Test: 3) Build aosp_arm-userdebug.
Change-Id: I486f7065207468697320776f726b732077656c6c
Non-installable, non-library modules can still have notice files
attached if they are bundled in an apex module, in which case the
current make setting would generate an error. This change makes it just
ignore them silently if the module is ETC. Other classes will still
trigger an error.
Test: manual build + TreeHugger
Change-Id: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
The two new debugging images adds additional files based on
boot.img and ramdisk.img/ramdisk-recovery.img, respectively.
File /force_debuggable is to trigger special logic in /init to load an
userdebug version of sepolicy and an additional property file from this
ramdisk to allow adb root, if the device is unlocked.
It's intentional to skip signing for boot-debug.img, as it can
only be used if the device is unlocked, where verification error
is allowed.
Those debugging images allows adb root on user build
system.img, vendor.img, product.img, etc. This can facilitate more
automated testings on user builds and is helpful to narrow down the
delta between what's being tested v.s. what's being shipped.
Bug: 126493225
Test: `make dist`, checks both boot-debug.img and ramdisk-debug.img
are in $OUT/ and out/dist.
Test: `make dist`, checks installed-files-ramdisk-debug.{json,txt} are
in out/dist.
Test: `system/core/mkbootimg/unpack_bootimg.py --boot_img $OUT/boot-debug.img`,
checks the extracted out/ramdisk is as expected
Test: Run `gunzip -c ramdisk | cpio -idm` for the ramdisk extracted from
$OUT/boot-debug.img and $OUT/boot.img, respectively.
Then compare the root dirs of both, e.g.,
`diff -rq --no-dereference ./ramdisk ./ramdisk-debug`
Test: `make ramdisk_debug-nodeps` and `make bootimage_debug-nodeps`
Change-Id: I30137c3caef91805d9143d404e5e4d06c0fccc30
