This switches signapk's APK signing from its own signing logic to that
offered by apksigner-core library. OTA update package signing logic
remains inside signapk codebase.
Bug: 27461702
Change-Id: Ibf8435c555fe3f2b621d5189e7ae44f79082c810
1. This adds way to obtain a DataSource which represents a region of
data contained in the DataSource.
2. This fixes a design bug in "feed" method where the size parameter
was an int instead of long.
3. This fixes a bug in ByteBufferDataSource where its mSize field was
a long instead of an int (ByteBuffer's length cannot be more than
2^31).
Bug: 27461702
Change-Id: Ib0812784beb581f19d2412e667b8bd018f0a3c78
Data of uncompressed APK entries is often aligned to a multiple of 4
or 4096 in the APK to make it easier to mmap the data. Unfortunately,
the current method for achieving alignment suffers from two issues:
(1) the way it uses the Local File Header extra field is not compliant
with ZIP format (for example, this prevents older versions of Python's
zipfile from reading APKs: https://bugs.python.org/issue14315), and
(2) it does not store information about the alignment multiple in the
APK, making it harder/impossible to preserve the intended alignment
when rearranging entries in the APK.
This change solves these issues by switching to a different method for
aligning data of uncompressed APK entries. Same as before, alignment
is achieved using Local File Header entry field. What's different is
that alignment is achieved by placing a well-formed extensible data
field/block into the extra field. The new field/block contains the
alignment multiple (e.g., 4 or 4096) as well as the necessary padding
(if any). Compared to the original alignment method, the new method
uses 6 more bytes for each uncompressed entry.
Bug: 27461702
Change-Id: I8cffbecc50bf634b28fca5bc39eb23f671961cf9
This moves the creation of potentially expensive objects from the
thread which creates JAR entry inspection requests, to the thread
which fulfills these requests, increasig concurrency opportunities.
Bug: 27461702
Change-Id: If753b2de7fb04ee5e2e4bbcb27d42269d7fa5def
Use summary information from annotation within Error Prone to auto-generate
the warnings list.
Bug: 28681096
Change-Id: Ib3a5f734bd229726fcd7332eaa9e0e1bd1200c25
This removes the logic for JAR signing from -w (whole-file signing)
mode. This mode is designed specifically for OTA update packages. When
such packages are verified, their JAR signatures are ignored. Thus,
there is no need to JAR-sign in -w mode.
For context, OTA update packages are protected by a special signature
residing in the ZIP End of Central Directory record (at the very end
of the file). This is the signature verified when update packages are
being applied to Android.
Change-Id: Ia852a11ed6774ce746087cdd7f028b191ef6bc8b
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
The target zip will include images in BRILLO_VENDOR_PARTITIONS if
defined, under VENDOR_IMAGES/ with path kept. Also any vendor partitions
defined in AB_OTA_PARTITIONS will be copied to IMAGES/ in the target zip.
BUG: 28623063
Change-Id: Ic479048dfb8ac506acf827865e784fcb0432a1d5
Add argument parsing using the argparse library.
Make HTML easier to read by adding a \n after each table row.
Change-Id: I6b745fc60afb96fb51e5f69df7d607b5fb8da0e5
This change will enable the target zip to include partition defined in
BRILLO_VENDOR_PARTITIONS. This is necessary for OTA to support
partitions other than boot and system in ab_partitions.txt.
BUG: 28623063
Change-Id: I6e0969c31c9ad2e8285c6f560825c160aa8c4d55
This adds the ApkSignerEngine abstraction to the apksigner-core
library. This abstraction enables the separation of
parsing/building/writing of an APK from signing the APK.
Users of ApkSignerEngine invoke it during specific I/O events (e.g.,
JAR entry encountered in input APK, all output JAR entries ready).
The engine responds by occasionally providing instructions about what
to do next. For example, it may provide JAR entries to be added to
the output APK, thus making the output APK signed.
The default implementation of ApkSignerEngine will be provided in a
follow-up commit.
Bug: 26516150
Bug: 27461702
Change-Id: Ia85fd09497a6e2ff3103ba10c53a1848ba731f7b
apksigner-code library will offer a high-level primitive (future
commit) for signing APKs. This is meant to be used by
build/tools/signapk and Android Studio's APK builder/signer.
This commit adds a lower-level APK Signature Scheme v2 (aka v2
signing) code which will be used by the future APK signing abstraction
exposed by this library.
All classes (except DataSource and DataSources) added by this commit
are internal (i.e., implementation details of this library). Clients
of this library should not be using these classes.
Bug: 26516150
Change-Id: I98d4da0666cf122667c67565108ea4fb28ac51e6
apksigner-code library will offer a high-level primitive (future
commit) for signing APKs. This is meant to be used by
build/tools/signapk and Android Studio's APK builder/signer.
This commit adds a lower-level JAR signing (aka v1 signing) code which
will be used by the future APK signing abstraction exposed by this
library.
All classes added by this commit are internal (i.e., implementation
details of this library). Clients of this library should not be using
these classes.
Bug: 26516150
Change-Id: I5cecd435e63aab206d63868be5e0d0e289e7c423
Turns out APK signatures using SHA-256 with ECDSA are accepted only by
platforms with API Level 21 and higher, not 18 and higher.
Bug: 28296599
Change-Id: I3fab5be17bf3a9bdbf4d84d90d51448027c7e761
This updates the usage banner of zipalign to state that the -p switch
is supported in check alignment mode.
Change-Id: I119026b0e09e5a2528646e88a9b58dbb79c0c17c
When a file is switched from a regular file to a symlink, we should skip
the comparasion.
Bug: 28373409
Change-Id: I8fef00ab9f2d6f811fde1cadf595e8bd46af2dfd
(cherry picked from commit f31a6deeee)
The rules for which digest algorithms are accepted by the Android
platform for APK signatures and OTA update package signatures are
different. For example, the set of digest algorithms accepted for APK
signatures depends on the signing key algorithm and the platform's
API Level. Whereas the set of digest algorithms accepted for OTA
update package signatures by Recovery depends on the list produced
by the build system, which in turn produces the list based on the
key algorithm and digest used in the signing certificate.
To reflect this reality, this refactoring CL explicitly separates
signapk's logic for choosing the digest algorithm to use for v1
signing from its logic for choosing the digest algorithm to use for
OTA update package signing.
Bug: 28296599
Change-Id: Ic7aa77e89622d727e985f8749071284746be7f45
For incremental BBOTAs, commit [1] changed to verify only the touched
blocks to reduce the update time. This CL fixes the bug when there's no
changed block between the two builds.
[1]: commit d522bdc9ed
Bug: 27813356
Bug: 28195498
Change-Id: Ia752d3cf034c544517458ed15df509d4596e21fa
(cherry picked from commit f9efe284a4)
For incremental BBOTAs, we used to verify the integrity of all the
blocks in the source partition. In order to reduce the time cost under
recovery, this CL changes to only verify the blocks that will be touched
in the given OTA package (BBOTA >= 3 only). This is a trade-off between
performance and reliability.
Bug: 27813356
Change-Id: I3975ae6f461f0f7e58d24f1df7df46a449d2988b
(cherry picked from commit d522bdc9ed)
After applying update_target_files_incr_ext4.sh, some files may end up
occupying unsorted block fragments. In one example, an apk file has the
block range [258768-259211,196604]. The monotonic flag in rangelib sets
incorrectly for this example and leads to a bad input file for imgdiff.
After fixing the flag, bsdiff is called instead of imgdiff and the
incremental OTA package generates successfully.
Bug:28053885
Change-Id: Ib841bf449ff6a29314fc4a1b8fba941a6dc532ac
To generate partition tables in the Android build system, simply add
the path to a .bpt file to the BOARD_BPT_INPUT_FILES variable.
BOARD_BPT_INPUT_FILES += "hardware/bsp/vendor/soc/board/board-specific.bpt"
The variable BOARD_BPT_DISK_SIZE can be used to specify or override
the disk size, for example:
BOARD_BPT_DISK_SIZE := "10 GiB"
Additional arguments to 'bpttool make_table' can be specified in the
variable BOARD_BPT_MAKE_TABLE_ARGS.
If BOARD_BPT_INPUT_FILES is set, the build system generates two files
partition-table.img
partition-table.bpt
in ${ANDROID_PRODUCT_OUT} using 'bpttool make_table'. The former is
the binary partition tables generated using bptool's --output_gpt
option and the latter is a JSON file generated using the --output_json
option. These files will also be put in the IMAGES/ directory of
target-files.zip when running 'm dist'.
BUG=27831397
TEST=Manually tested.
Change-Id: Iedd15354afb2dd483dcb9bc001360b2a37fd6dc0
post-install verification calls range_sha1() and checks if the given
partition has expected contents. It takes roughly 20 seconds on
angler with 2.8G system image. Remove it to speed up OTA update. Also
abort the update if block_image_update() fails, as we were relying on
post-install verification to capture block_image_update() failures.
cherry-picked from commit b2deb22033
Bug: 27729678
Change-Id: I8123cd8929295ec26df247acf6bb51df813771d9
We were using zipfile.write() to write system/etc/security/otacerts.zip
when signing for release. It led to unexpected timestamp change in the
generated otacerts.zip and non-idempotent signed images when signing the
same target_files.zip.
Replace with common.ZipWrite() to always use a fixed timestamp.
Bug: 28122968
Change-Id: Ia6cf4b7d380cbf72ed7050ebb60c932dc8826d87
(cherry picked from commit 7ee3a9678e)
Support both OEM and OEM2 ranges as defined by
private/android_filesystem_config.h.
Change-Id: I1aef62fa446301bb68b0309b198f3fe8b5eb92c7
Signed-off-by: William Roberts <william.c.roberts@intel.com>
