4014a9daa7
While the system.img images currently built with AVB support verify correctly, mounting the filesystem content fails. This is because 'avbtool add_hashtree_footer' used to claim some of the unused / DONT_CARE space for stashing the verity tables and this resulting in the mapped device ending up being smaller causing the mount failure. Fix this by leaving enough room for AVB hashtree and metadata before building the image. This is achieved by moving the AVB hashtree support into build_image.py and using a just added '--calc_max_image_size' option to 'avbtool add_hashtree_footer' to figure out how much space to leave out. This depends on https://android-review.googlesource.com/#/c/281821/ Bug: 31264226 Test: Mounting dm-verity set up from system.img now works. Merged-In: I4c5de1004c1059f8c582e76b3b8517d427aa1a87 Change-Id: I945a5f1f6782791736cd319f216cfa6b448fb04d
489 lines
17 KiB
Python
Executable File
489 lines
17 KiB
Python
Executable File
#!/usr/bin/env python
|
|
#
|
|
# Copyright (C) 2014 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
"""
|
|
Given a target-files zipfile that does not contain images (ie, does
|
|
not have an IMAGES/ top-level subdirectory), produce the images and
|
|
add them to the zipfile.
|
|
|
|
Usage: add_img_to_target_files [flag] target_files
|
|
|
|
-a (--add_missing)
|
|
Build and add missing images to "IMAGES/". If this option is
|
|
not specified, this script will simply exit when "IMAGES/"
|
|
directory exists in the target file.
|
|
|
|
-r (--rebuild_recovery)
|
|
Rebuild the recovery patch and write it to the system image. Only
|
|
meaningful when system image needs to be rebuilt.
|
|
|
|
--replace_verity_private_key
|
|
Replace the private key used for verity signing. (same as the option
|
|
in sign_target_files_apks)
|
|
|
|
--replace_verity_public_key
|
|
Replace the certificate (public key) used for verity verification. (same
|
|
as the option in sign_target_files_apks)
|
|
|
|
--is_signing
|
|
Skip building & adding the images for "userdata" and "cache" if we
|
|
are signing the target files.
|
|
|
|
--verity_signer_path
|
|
Specify the signer path to build verity metadata.
|
|
"""
|
|
|
|
import sys
|
|
|
|
if sys.hexversion < 0x02070000:
|
|
print >> sys.stderr, "Python 2.7 or newer is required."
|
|
sys.exit(1)
|
|
|
|
import datetime
|
|
import errno
|
|
import os
|
|
import shlex
|
|
import shutil
|
|
import subprocess
|
|
import tempfile
|
|
import zipfile
|
|
|
|
import build_image
|
|
import common
|
|
|
|
OPTIONS = common.OPTIONS
|
|
|
|
OPTIONS.add_missing = False
|
|
OPTIONS.rebuild_recovery = False
|
|
OPTIONS.replace_verity_public_key = False
|
|
OPTIONS.replace_verity_private_key = False
|
|
OPTIONS.is_signing = False
|
|
OPTIONS.verity_signer_path = None
|
|
|
|
def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None):
|
|
"""Turn the contents of SYSTEM into a system image and store it in
|
|
output_zip. Returns the name of the system image file."""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "system.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "system.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return prebuilt_path
|
|
|
|
def output_sink(fn, data):
|
|
ofile = open(os.path.join(OPTIONS.input_tmp, "SYSTEM", fn), "w")
|
|
ofile.write(data)
|
|
ofile.close()
|
|
|
|
if OPTIONS.rebuild_recovery:
|
|
print "Building new recovery patch"
|
|
common.MakeRecoveryPatch(OPTIONS.input_tmp, output_sink, recovery_img,
|
|
boot_img, info_dict=OPTIONS.info_dict)
|
|
|
|
block_list = common.MakeTempFile(prefix="system-blocklist-", suffix=".map")
|
|
imgname = BuildSystem(OPTIONS.input_tmp, OPTIONS.info_dict,
|
|
block_list=block_list)
|
|
|
|
common.ZipWrite(output_zip, imgname, prefix + "system.img")
|
|
common.ZipWrite(output_zip, block_list, prefix + "system.map")
|
|
return imgname
|
|
|
|
|
|
def BuildSystem(input_dir, info_dict, block_list=None):
|
|
"""Build the (sparse) system image and return the name of a temp
|
|
file containing it."""
|
|
return CreateImage(input_dir, info_dict, "system", block_list=block_list)
|
|
|
|
|
|
def AddVendor(output_zip, prefix="IMAGES/"):
|
|
"""Turn the contents of VENDOR into a vendor image and store in it
|
|
output_zip."""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "vendor.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "vendor.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return
|
|
|
|
block_list = common.MakeTempFile(prefix="vendor-blocklist-", suffix=".map")
|
|
imgname = BuildVendor(OPTIONS.input_tmp, OPTIONS.info_dict,
|
|
block_list=block_list)
|
|
common.ZipWrite(output_zip, imgname, prefix + "vendor.img")
|
|
common.ZipWrite(output_zip, block_list, prefix + "vendor.map")
|
|
|
|
|
|
def BuildVendor(input_dir, info_dict, block_list=None):
|
|
"""Build the (sparse) vendor image and return the name of a temp
|
|
file containing it."""
|
|
return CreateImage(input_dir, info_dict, "vendor", block_list=block_list)
|
|
|
|
|
|
def CreateImage(input_dir, info_dict, what, block_list=None):
|
|
print "creating " + what + ".img..."
|
|
|
|
img = common.MakeTempFile(prefix=what + "-", suffix=".img")
|
|
|
|
# The name of the directory it is making an image out of matters to
|
|
# mkyaffs2image. It wants "system" but we have a directory named
|
|
# "SYSTEM", so create a symlink.
|
|
try:
|
|
os.symlink(os.path.join(input_dir, what.upper()),
|
|
os.path.join(input_dir, what))
|
|
except OSError as e:
|
|
# bogus error on my mac version?
|
|
# File "./build/tools/releasetools/img_from_target_files"
|
|
# os.path.join(OPTIONS.input_tmp, "system"))
|
|
# OSError: [Errno 17] File exists
|
|
if e.errno == errno.EEXIST:
|
|
pass
|
|
|
|
image_props = build_image.ImagePropFromGlobalDict(info_dict, what)
|
|
fstab = info_dict["fstab"]
|
|
if fstab:
|
|
image_props["fs_type"] = fstab["/" + what].fs_type
|
|
|
|
# Use a fixed timestamp (01/01/2009) when packaging the image.
|
|
# Bug: 24377993
|
|
epoch = datetime.datetime.fromtimestamp(0)
|
|
timestamp = (datetime.datetime(2009, 1, 1) - epoch).total_seconds()
|
|
image_props["timestamp"] = int(timestamp)
|
|
|
|
if what == "system":
|
|
fs_config_prefix = ""
|
|
else:
|
|
fs_config_prefix = what + "_"
|
|
|
|
fs_config = os.path.join(
|
|
input_dir, "META/" + fs_config_prefix + "filesystem_config.txt")
|
|
if not os.path.exists(fs_config):
|
|
fs_config = None
|
|
|
|
# Override values loaded from info_dict.
|
|
if fs_config:
|
|
image_props["fs_config"] = fs_config
|
|
if block_list:
|
|
image_props["block_list"] = block_list
|
|
|
|
succ = build_image.BuildImage(os.path.join(input_dir, what),
|
|
image_props, img)
|
|
assert succ, "build " + what + ".img image failed"
|
|
|
|
return img
|
|
|
|
|
|
def AddUserdata(output_zip, prefix="IMAGES/"):
|
|
"""Create a userdata image and store it in output_zip.
|
|
|
|
In most case we just create and store an empty userdata.img;
|
|
But the invoker can also request to create userdata.img with real
|
|
data from the target files, by setting "userdata_img_with_data=true"
|
|
in OPTIONS.info_dict.
|
|
"""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "userdata.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "userdata.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return
|
|
|
|
# Skip userdata.img if no size.
|
|
image_props = build_image.ImagePropFromGlobalDict(OPTIONS.info_dict, "data")
|
|
if not image_props.get("partition_size"):
|
|
return
|
|
|
|
print "creating userdata.img..."
|
|
|
|
# Use a fixed timestamp (01/01/2009) when packaging the image.
|
|
# Bug: 24377993
|
|
epoch = datetime.datetime.fromtimestamp(0)
|
|
timestamp = (datetime.datetime(2009, 1, 1) - epoch).total_seconds()
|
|
image_props["timestamp"] = int(timestamp)
|
|
|
|
# The name of the directory it is making an image out of matters to
|
|
# mkyaffs2image. So we create a temp dir, and within it we create an
|
|
# empty dir named "data", or a symlink to the DATA dir,
|
|
# and build the image from that.
|
|
temp_dir = tempfile.mkdtemp()
|
|
user_dir = os.path.join(temp_dir, "data")
|
|
empty = (OPTIONS.info_dict.get("userdata_img_with_data") != "true")
|
|
if empty:
|
|
# Create an empty dir.
|
|
os.mkdir(user_dir)
|
|
else:
|
|
# Symlink to the DATA dir.
|
|
os.symlink(os.path.join(OPTIONS.input_tmp, "DATA"),
|
|
user_dir)
|
|
|
|
img = tempfile.NamedTemporaryFile()
|
|
|
|
fstab = OPTIONS.info_dict["fstab"]
|
|
if fstab:
|
|
image_props["fs_type"] = fstab["/data"].fs_type
|
|
succ = build_image.BuildImage(user_dir, image_props, img.name)
|
|
assert succ, "build userdata.img image failed"
|
|
|
|
common.CheckSize(img.name, "userdata.img", OPTIONS.info_dict)
|
|
common.ZipWrite(output_zip, img.name, prefix + "userdata.img")
|
|
img.close()
|
|
shutil.rmtree(temp_dir)
|
|
|
|
|
|
def AddVBMeta(output_zip, boot_img_path, system_img_path, prefix="IMAGES/"):
|
|
"""Create a VBMeta image and store it in output_zip."""
|
|
_, img_file_name = tempfile.mkstemp()
|
|
avbtool = os.getenv('AVBTOOL') or "avbtool"
|
|
cmd = [avbtool, "make_vbmeta_image",
|
|
"--output", img_file_name,
|
|
"--include_descriptors_from_image", boot_img_path,
|
|
"--include_descriptors_from_image", system_img_path,
|
|
"--generate_dm_verity_cmdline_from_hashtree", system_img_path]
|
|
common.AppendAVBSigningArgs(cmd)
|
|
args = OPTIONS.info_dict.get("board_avb_make_vbmeta_image_args", None)
|
|
if args and args.strip():
|
|
cmd.extend(shlex.split(args))
|
|
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
p.communicate()
|
|
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
|
|
common.ZipWrite(output_zip, img_file_name, prefix + "vbmeta.img")
|
|
|
|
|
|
def AddPartitionTable(output_zip, prefix="IMAGES/"):
|
|
"""Create a partition table image and store it in output_zip."""
|
|
|
|
_, img_file_name = tempfile.mkstemp()
|
|
_, bpt_file_name = tempfile.mkstemp()
|
|
|
|
# use BPTTOOL from environ, or "bpttool" if empty or not set.
|
|
bpttool = os.getenv("BPTTOOL") or "bpttool"
|
|
cmd = [bpttool, "make_table", "--output_json", bpt_file_name,
|
|
"--output_gpt", img_file_name]
|
|
input_files_str = OPTIONS.info_dict["board_bpt_input_files"]
|
|
input_files = input_files_str.split(" ")
|
|
for i in input_files:
|
|
cmd.extend(["--input", i])
|
|
disk_size = OPTIONS.info_dict.get("board_bpt_disk_size")
|
|
if disk_size:
|
|
cmd.extend(["--disk_size", disk_size])
|
|
args = OPTIONS.info_dict.get("board_bpt_make_table_args")
|
|
if args:
|
|
cmd.extend(shlex.split(args))
|
|
|
|
p = common.Run(cmd, stdout=subprocess.PIPE)
|
|
p.communicate()
|
|
assert p.returncode == 0, "bpttool make_table failed"
|
|
|
|
common.ZipWrite(output_zip, img_file_name, prefix + "partition-table.img")
|
|
common.ZipWrite(output_zip, bpt_file_name, prefix + "partition-table.bpt")
|
|
|
|
|
|
def AddCache(output_zip, prefix="IMAGES/"):
|
|
"""Create an empty cache image and store it in output_zip."""
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, prefix, "cache.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "cache.img already exists in %s, no need to rebuild..." % (prefix,)
|
|
return
|
|
|
|
image_props = build_image.ImagePropFromGlobalDict(OPTIONS.info_dict, "cache")
|
|
# The build system has to explicitly request for cache.img.
|
|
if "fs_type" not in image_props:
|
|
return
|
|
|
|
print "creating cache.img..."
|
|
|
|
# Use a fixed timestamp (01/01/2009) when packaging the image.
|
|
# Bug: 24377993
|
|
epoch = datetime.datetime.fromtimestamp(0)
|
|
timestamp = (datetime.datetime(2009, 1, 1) - epoch).total_seconds()
|
|
image_props["timestamp"] = int(timestamp)
|
|
|
|
# The name of the directory it is making an image out of matters to
|
|
# mkyaffs2image. So we create a temp dir, and within it we create an
|
|
# empty dir named "cache", and build the image from that.
|
|
temp_dir = tempfile.mkdtemp()
|
|
user_dir = os.path.join(temp_dir, "cache")
|
|
os.mkdir(user_dir)
|
|
img = tempfile.NamedTemporaryFile()
|
|
|
|
fstab = OPTIONS.info_dict["fstab"]
|
|
if fstab:
|
|
image_props["fs_type"] = fstab["/cache"].fs_type
|
|
succ = build_image.BuildImage(user_dir, image_props, img.name)
|
|
assert succ, "build cache.img image failed"
|
|
|
|
common.CheckSize(img.name, "cache.img", OPTIONS.info_dict)
|
|
common.ZipWrite(output_zip, img.name, prefix + "cache.img")
|
|
img.close()
|
|
os.rmdir(user_dir)
|
|
os.rmdir(temp_dir)
|
|
|
|
|
|
def AddImagesToTargetFiles(filename):
|
|
OPTIONS.input_tmp, input_zip = common.UnzipTemp(filename)
|
|
|
|
if not OPTIONS.add_missing:
|
|
for n in input_zip.namelist():
|
|
if n.startswith("IMAGES/"):
|
|
print "target_files appears to already contain images."
|
|
sys.exit(1)
|
|
|
|
try:
|
|
input_zip.getinfo("VENDOR/")
|
|
has_vendor = True
|
|
except KeyError:
|
|
has_vendor = False
|
|
|
|
OPTIONS.info_dict = common.LoadInfoDict(input_zip, OPTIONS.input_tmp)
|
|
|
|
common.ZipClose(input_zip)
|
|
output_zip = zipfile.ZipFile(filename, "a",
|
|
compression=zipfile.ZIP_DEFLATED,
|
|
allowZip64=True)
|
|
|
|
has_recovery = (OPTIONS.info_dict.get("no_recovery") != "true")
|
|
system_root_image = (OPTIONS.info_dict.get("system_root_image", None) == "true")
|
|
|
|
def banner(s):
|
|
print "\n\n++++ " + s + " ++++\n\n"
|
|
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", "boot.img")
|
|
boot_image = None
|
|
if os.path.exists(prebuilt_path):
|
|
banner("boot")
|
|
print "boot.img already exists in IMAGES/, no need to rebuild..."
|
|
if OPTIONS.rebuild_recovery:
|
|
boot_image = common.GetBootableImage(
|
|
"IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
|
|
else:
|
|
banner("boot")
|
|
boot_image = common.GetBootableImage(
|
|
"IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
|
|
if boot_image:
|
|
boot_image.AddToZip(output_zip)
|
|
|
|
recovery_image = None
|
|
if has_recovery:
|
|
banner("recovery")
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", "recovery.img")
|
|
if os.path.exists(prebuilt_path):
|
|
print "recovery.img already exists in IMAGES/, no need to rebuild..."
|
|
if OPTIONS.rebuild_recovery:
|
|
recovery_image = common.GetBootableImage(
|
|
"IMAGES/recovery.img", "recovery.img", OPTIONS.input_tmp,
|
|
"RECOVERY")
|
|
else:
|
|
recovery_image = common.GetBootableImage(
|
|
"IMAGES/recovery.img", "recovery.img", OPTIONS.input_tmp, "RECOVERY")
|
|
if recovery_image:
|
|
recovery_image.AddToZip(output_zip)
|
|
|
|
banner("system")
|
|
system_img_path = AddSystem(
|
|
output_zip, recovery_img=recovery_image, boot_img=boot_image)
|
|
if has_vendor:
|
|
banner("vendor")
|
|
AddVendor(output_zip)
|
|
if not OPTIONS.is_signing:
|
|
banner("userdata")
|
|
AddUserdata(output_zip)
|
|
banner("cache")
|
|
AddCache(output_zip)
|
|
if OPTIONS.info_dict.get("board_bpt_enable", None) == "true":
|
|
banner("partition-table")
|
|
AddPartitionTable(output_zip)
|
|
if OPTIONS.info_dict.get("board_avb_enable", None) == "true":
|
|
banner("vbmeta")
|
|
boot_contents = boot_image.WriteToTemp()
|
|
AddVBMeta(output_zip, boot_contents.name, system_img_path)
|
|
|
|
# For devices using A/B update, copy over images from RADIO/ and/or
|
|
# VENDOR_IMAGES/ to IMAGES/ and make sure we have all the needed
|
|
# images ready under IMAGES/. All images should have '.img' as extension.
|
|
banner("radio")
|
|
ab_partitions = os.path.join(OPTIONS.input_tmp, "META", "ab_partitions.txt")
|
|
if os.path.exists(ab_partitions):
|
|
with open(ab_partitions, 'r') as f:
|
|
lines = f.readlines()
|
|
for line in lines:
|
|
img_name = line.strip() + ".img"
|
|
prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", img_name)
|
|
if os.path.exists(prebuilt_path):
|
|
print "%s already exists, no need to overwrite..." % (img_name,)
|
|
continue
|
|
|
|
img_radio_path = os.path.join(OPTIONS.input_tmp, "RADIO", img_name)
|
|
img_vendor_dir = os.path.join(
|
|
OPTIONS.input_tmp, "VENDOR_IMAGES")
|
|
if os.path.exists(img_radio_path):
|
|
common.ZipWrite(output_zip, img_radio_path,
|
|
os.path.join("IMAGES", img_name))
|
|
else:
|
|
for root, _, files in os.walk(img_vendor_dir):
|
|
if img_name in files:
|
|
common.ZipWrite(output_zip, os.path.join(root, img_name),
|
|
os.path.join("IMAGES", img_name))
|
|
break
|
|
|
|
# Zip spec says: All slashes MUST be forward slashes.
|
|
img_path = 'IMAGES/' + img_name
|
|
assert img_path in output_zip.namelist(), "cannot find " + img_name
|
|
|
|
common.ZipClose(output_zip)
|
|
|
|
def main(argv):
|
|
def option_handler(o, a):
|
|
if o in ("-a", "--add_missing"):
|
|
OPTIONS.add_missing = True
|
|
elif o in ("-r", "--rebuild_recovery",):
|
|
OPTIONS.rebuild_recovery = True
|
|
elif o == "--replace_verity_private_key":
|
|
OPTIONS.replace_verity_private_key = (True, a)
|
|
elif o == "--replace_verity_public_key":
|
|
OPTIONS.replace_verity_public_key = (True, a)
|
|
elif o == "--is_signing":
|
|
OPTIONS.is_signing = True
|
|
elif o == "--verity_signer_path":
|
|
OPTIONS.verity_signer_path = a
|
|
else:
|
|
return False
|
|
return True
|
|
|
|
args = common.ParseOptions(
|
|
argv, __doc__, extra_opts="ar",
|
|
extra_long_opts=["add_missing", "rebuild_recovery",
|
|
"replace_verity_public_key=",
|
|
"replace_verity_private_key=",
|
|
"is_signing",
|
|
"verity_signer_path="],
|
|
extra_option_handler=option_handler)
|
|
|
|
|
|
if len(args) != 1:
|
|
common.Usage(__doc__)
|
|
sys.exit(1)
|
|
|
|
AddImagesToTargetFiles(args[0])
|
|
print "done."
|
|
|
|
if __name__ == '__main__':
|
|
try:
|
|
common.CloseInheritedPipes()
|
|
main(sys.argv[1:])
|
|
except common.ExternalError as e:
|
|
print
|
|
print " ERROR: %s" % (e,)
|
|
print
|
|
sys.exit(1)
|
|
finally:
|
|
common.Cleanup()
|