In two-step OTAs, we write recovery image to /boot as the first step so
that we can reboot from there and install a new recovery image to
/recovery. However, bootloader will show "Your device is corrupt"
message when booting /boot with the recovery image. Because the recovery
image encodes the path of "/recovery" as part of the signature metadata,
which fails the verified boot.
This CL generates a special "recovery-two-step.img" in addition to the
regular recovery.img. This image encodes "/boot" when being signed,
which will be flashed to /boot at stage 1/3 in a two-step OTA.
Here are the desired changes:
- 'IMAGES/recovery-two-step.img' exists in target_files.zip for non-A/B
targets (e.g. bullhead). The image should not exist for targets that
don't have a recovery partition (e.g. A/B devices like sailfish).
- <device>-img.zip should not contain 'recovery-two-step.img'.
- Nothing should change when building non-two-step OTAs. For two-step
OTAs, 'recovery-two-step.img' should be included in the OTA package;
'updater-script' should flash this image to /boot at stage 1/3.
- When building a two-step OTA with an input TF.zip that doesn't have
IMAGES/recovery-two-step.img, it should use the existing
IMAGES/recovery.img instead.
Bug: 32986477
Test: Tested the steps above on bullhead and sailfish.
Change-Id: I34e6c599bcf2011d4cd5c926999418b3975d6d0f
(cherry picked from commit d42e97ebb4)
For some partition sizes, we currently build an image that's 1-2
blocks smaller than the actual partition, which causes fs_mgr to
not find metadata. This change adds padding to FEC metadata that
correctly positions the metadata header at the end.
Bug: 28865197
Bug: 32789520
Change-Id: Ie0e044715a9c5ae8ba395e7d2ff9fbd7cffc0b4c
(cherrypicked from commit 433905f50e)
Prior to this CL, it was calling the hard-coded "java" although it was
accepting a "--java_path" option.
Also switch OPTIONS.java_args from string to list. Otherwise it won't
work when providing multiple args.
Bug: 32737832
Test: Specify "--java_path=" and "--java_args" when invoking
sign_target_files_apks.py with "-v". Check the commands being
called.
Change-Id: Id7ef98e778646d532027434de7fba9b7a104dbd0
(cherry picked from commit e95540e060)
system/extras/verity/build_verity_metadata.py now accepts
"--signer_args" to specify verity signer args.
Also remove the duplicate "--verity_signer_args" in
add_img_to_target_files.py, as we already have that in common.py.
Bug: 31500665
Test: Building and signing work w/ and w/o --signer_args.
Change-Id: I02f59c50a1ebf15c5505e9fffd5b9bbbbaa785be
(cherry picked from commit 458104266f)
Adds installed-files.json in addition to installed-files.txt
Further sorts the file list to be ordered within the same size bucket.
Test: manual, cross-checked checksums with sha256sum utility
checked build outputs.
Bug: 19988819
Merged-in: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Change-Id: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Signed-off-by: Sasha Levitskiy <sanek@google.com>
In BBOTA, we generate patches based on _all_ the blocks of a pair of
input files (src and tgt). For security incremental OTAs, one common
pattern is that only a few blocks are changed in odex files (e.g.
headers). We don't really need to stash/patch the unchanged blocks.
This CL analyzes the unchanged blocks in odex files and computes the
diff for the changed blocks only. It reduces the OTA install time by
about 25% to 40% in our experiments, by paying an increase of 5% to 30%
OTA generation time cost.
Bug: 31570716
Test: Generate an incremental and apply on device.
Change-Id: If842c1afeff6894a3d27eb60b7e8f65a179b7977
(cherry picked from commit 08c8583aea)
openJdk based android javadoc contains <a name=... tags
that are non-empty. Currently they are being hidden,
causing badly formatted pages for some java.* classes
(missing text and random whitespace blocks).
This change makes the existing a[name] hiding rule
apply only to empty tags.
Test: make docs
Bug: 31700998
Change-Id: Ifa75bbabe308d7aed0cce6165c1113e5a382a121
I actually just deleted templates-sdk/ then made a copy of templates-sdk-dev/
and then renamed it to templates-sdk/. So this is a clean copy.
Once this goes through cleanly, I'll delete templates-sdk-dev/ and update
all doc targets to use templates-sdk/.
Change-Id: I276695969e02fcf718370564e84b077a9d43725e
