Merge "Generate product build props always" into rvc-dev
diff --git a/core/Makefile b/core/Makefile
index 4973139..e94caa3 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -719,6 +719,11 @@
# Depmod requires a well-formed kernel version so 0.0 is used as a placeholder.
DEPMOD_STAGING_SUBDIR :=$= lib/modules/0.0
+define copy-and-strip-kernel-module
+$(2): $(1)
+ $($(LOCAL_2ND_ARCH_VAR_PREFIX)TARGET_STRIP) -o $(2) --strip-debug $(1)
+endef
+
# $(1): modules list
# $(2): output dir
# $(3): mount point
@@ -726,9 +731,15 @@
# $(5): module load list
# $(6): module load list filename
# $(7): module archive
+# $(8): staging dir for stripped modules
# Returns the a list of src:dest pairs to install the modules using copy-many-files.
define build-image-kernel-modules
- $(foreach module,$(1),$(module):$(2)/lib/modules/$(notdir $(module))) \
+ $(foreach module,$(1), \
+ $(eval _src := $(module)) \
+ $(if $(8), \
+ $(eval _src := $(8)/$(notdir $(module))) \
+ $(eval $(call copy-and-strip-kernel-module,$(module),$(_src)))) \
+ $(_src):$(2)/lib/modules/$(notdir $(module))) \
$(eval $(call build-image-kernel-modules-depmod,$(1),$(3),$(4),$(5),$(6),$(7),$(2))) \
$(4)/$(DEPMOD_STAGING_SUBDIR)/modules.dep:$(2)/lib/modules/modules.dep \
$(4)/$(DEPMOD_STAGING_SUBDIR)/modules.alias:$(2)/lib/modules/modules.alias \
@@ -828,34 +839,39 @@
ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call module-load-list-copy-paths,$(call intermediates-dir-for,PACKAGING,ramdisk_modules),$(BOARD_GENERIC_RAMDISK_KERNEL_MODULES_LOAD),modules.load,$(TARGET_RECOVERY_ROOT_OUT)))
endif
endif
- ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_RECOVERY_KERNEL_MODULES),$(TARGET_RECOVERY_ROOT_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_recovery),$(BOARD_RECOVERY_KERNEL_MODULES_LOAD),modules.load.recovery,$(BOARD_RECOVERY_KERNEL_MODULES_ARCHIVE)))
+ ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_RECOVERY_KERNEL_MODULES),$(TARGET_RECOVERY_ROOT_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_recovery),$(BOARD_RECOVERY_KERNEL_MODULES_LOAD),modules.load.recovery,$(BOARD_RECOVERY_KERNEL_MODULES_ARCHIVE),))
endif
ifneq ($(strip $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES))$(strip $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES_ARCHIVE)),)
ifeq ($(BOARD_VENDOR_RAMDISK_KERNEL_MODULES_LOAD),)
BOARD_VENDOR_RAMDISK_KERNEL_MODULES_LOAD := $(BOARD_VENDOR_RAMDISK_KERNEL_MODULES)
endif
- ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_VENDOR_RAMDISK_KERNEL_MODULES),$(TARGET_VENDOR_RAMDISK_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_vendor_ramdisk),$(BOARD_VENDOR_RAMDISK_KERNEL_MODULES_LOAD),modules.load,$(BOARD_VENDOR_RAMDISK_KERNEL_MODULES_ARCHIVE)))
+ ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_VENDOR_RAMDISK_KERNEL_MODULES),$(TARGET_VENDOR_RAMDISK_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_vendor_ramdisk),$(BOARD_VENDOR_RAMDISK_KERNEL_MODULES_LOAD),modules.load,$(BOARD_VENDOR_RAMDISK_KERNEL_MODULES_ARCHIVE),$(call intermediates-dir-for,PACKAGING,depmod_vendor_ramdisk_stripped)))
endif
ifneq ($(BOARD_USES_RECOVERY_AS_BOOT), true)
ifneq ($(strip $(BOARD_GENERIC_RAMDISK_KERNEL_MODULES)),)
- ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_GENERIC_RAMDISK_KERNEL_MODULES),$(TARGET_RAMDISK_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_ramdisk),$(BOARD_GENERIC_RAMDISK_KERNEL_MODULES_LOAD),modules.load,))
+ ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_GENERIC_RAMDISK_KERNEL_MODULES),$(TARGET_RAMDISK_OUT),,$(call intermediates-dir-for,PACKAGING,depmod_ramdisk),$(BOARD_GENERIC_RAMDISK_KERNEL_MODULES_LOAD),modules.load,,))
endif
endif
+ifneq ($(BOARD_DO_NOT_STRIP_VENDOR_MODULES),true)
+ VENDOR_STRIPPED_MODULE_STAGING_DIR := $(call intermediates-dir-for,PACKAGING,depmod_vendor_stripped)
+else
+ VENDOR_STRIPPED_MODULE_STAGING_DIR :=
+endif
ifneq ($(strip $(BOARD_VENDOR_KERNEL_MODULES)$(strip $(BOARD_VENDOR_KERNEL_MODULES_ARCHIVE))),)
ifeq ($(BOARD_VENDOR_KERNEL_MODULES_LOAD),)
BOARD_VENDOR_KERNEL_MODULES_LOAD := $(BOARD_VENDOR_KERNEL_MODULES)
endif
- ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_VENDOR_KERNEL_MODULES),$(TARGET_OUT_VENDOR),vendor,$(call intermediates-dir-for,PACKAGING,depmod_vendor),$(BOARD_VENDOR_KERNEL_MODULES_LOAD),modules.load,$(BOARD_VENDOR_KERNEL_MODULES_ARCHIVE)))
+ ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_VENDOR_KERNEL_MODULES),$(TARGET_OUT_VENDOR),vendor,$(call intermediates-dir-for,PACKAGING,depmod_vendor),$(BOARD_VENDOR_KERNEL_MODULES_LOAD),modules.load,$(BOARD_VENDOR_KERNEL_MODULES_ARCHIVE),$(VENDOR_STRIPPED_MODULE_STAGING_DIR)))
endif
ifneq ($(strip $(BOARD_ODM_KERNEL_MODULES))$(strip $(BOARD_ODM_KERNEL_MODULES_ARCHIVE)),)
ifeq ($(BOARD_RECOVERY_KERNEL_MODULES_LOAD),)
BOARD_ODM_KERNEL_MODULES_LOAD := $(BOARD_ODM_KERNEL_MODULES)
endif
- ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_ODM_KERNEL_MODULES),$(TARGET_OUT_ODM),odm,$(call intermediates-dir-for,PACKAGING,depmod_odm),$(BOARD_ODM_KERNEL_MODULES_LOAD),modules.load,$(BOARD_ODM_KERNEL_MODULES_ARCHIVE)))
+ ALL_DEFAULT_INSTALLED_MODULES += $(call copy-many-files,$(call build-image-kernel-modules,$(BOARD_ODM_KERNEL_MODULES),$(TARGET_OUT_ODM),odm,$(call intermediates-dir-for,PACKAGING,depmod_odm),$(BOARD_ODM_KERNEL_MODULES_LOAD),modules.load,$(BOARD_ODM_KERNEL_MODULES_ARCHIVE),))
endif
# -----------------------------------------------------------------
@@ -3308,6 +3324,41 @@
endef
# -----------------------------------------------------------------
+# custom images
+INSTALLED_CUSTOMIMAGES_TARGET :=
+
+ifneq ($(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)),)
+INTERNAL_AVB_CUSTOMIMAGES_SIGNING_ARGS :=
+
+# Sign custom image.
+# $(1): the prebuilt custom image.
+# $(2): the mount point of the prebuilt custom image.
+# $(3): the signed custom image target.
+define sign_custom_image
+$(3): $(1) $(INTERNAL_USERIMAGES_DEPS)
+ @echo Target custom image: $(3)
+ mkdir -p $(dir $(3))
+ cp $(1) $(3)
+ifeq ($(BOARD_AVB_ENABLE),true)
+ PATH=$(INTERNAL_USERIMAGES_BINARY_PATHS):$$$$PATH \
+ $(AVBTOOL) add_hashtree_footer \
+ --image $(3) \
+ --key $(BOARD_AVB_$(call to-upper,$(2))_KEY_PATH) \
+ --algorithm $(BOARD_AVB_$(call to-upper,$(2))_ALGORITHM) \
+ --partition_size $(BOARD_AVB_$(call to-upper,$(2))_PARTITION_SIZE) \
+ --partition_name $(2) \
+ $(INTERNAL_AVB_CUSTOMIMAGES_SIGNING_ARGS) \
+ $(BOARD_AVB_$(call to-upper,$(2))_ADD_HASHTREE_FOOTER_ARGS)
+endif
+INSTALLED_CUSTOMIMAGES_TARGET += $(3)
+endef
+
+$(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \
+ $(foreach image,$(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST), \
+ $(eval $(call sign_custom_image,$(image),$(partition),$(PRODUCT_OUT)/$(notdir $(image))))))
+endif
+
+# -----------------------------------------------------------------
# vbmeta image
ifeq ($(BOARD_AVB_ENABLE),true)
@@ -3478,6 +3529,18 @@
--include_descriptors_from_image $(call images-for-partitions,$(1)))))
endef
+# Checks and sets build variables for a custom chained partition to include it into vbmeta.img.
+# $(1): the custom partition to enable AVB chain.
+define check-and-set-custom-avb-chain-args
+$(eval part := $(1))
+$(eval PART=$(call to-upper,$(part)))
+$(eval _rollback_index_location := BOARD_AVB_$(PART)_ROLLBACK_INDEX_LOCATION)
+$(if $($(_rollback_index_location)),,$(error $(_rollback_index_location) is not defined))
+
+INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
+ --chain_partition $(part):$($(_rollback_index_location)):$(AVB_CHAIN_KEY_DIR)/$(part).avbpubkey
+endef
+
ifdef INSTALLED_BOOTIMAGE_TARGET
$(eval $(call check-and-set-avb-args,boot))
endif
@@ -3521,6 +3584,11 @@
$(eval $(call check-and-set-avb-args,vbmeta_vendor))
endif
+ifneq ($(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)),)
+$(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \
+ $(eval $(call check-and-set-custom-avb-chain-args,$(partition))))
+endif
+
# Add kernel cmdline descriptor for kernel to mount system.img as root with
# dm-verity. This works when system.img is either chained or not-chained:
# - chained: The --setup_as_rootfs_from_kernel option will add dm-verity kernel
@@ -3591,6 +3659,10 @@
$(if $(BOARD_AVB_VBMETA_VENDOR_KEY_PATH),\
$(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_VBMETA_VENDOR_KEY_PATH) \
--output $(1)/vbmeta_vendor.avbpubkey)
+ $(if $(BOARD_CUSTOMIMAGES_PARTITION_LIST),\
+ $(hide) $(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \
+ $(AVBTOOL) extract_public_key --key $(BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH) \
+ --output $(1)/$(partition).avbpubkey;))
endef
# Builds a chained VBMeta image. This VBMeta image will contain the descriptors for the partitions
@@ -3658,6 +3730,7 @@
$(INSTALLED_SYSTEM_EXTIMAGE_TARGET) \
$(INSTALLED_ODMIMAGE_TARGET) \
$(INSTALLED_DTBOIMAGE_TARGET) \
+ $(INSTALLED_CUSTOMIMAGES_TARGET) \
$(INSTALLED_RECOVERYIMAGE_TARGET) \
$(INSTALLED_VBMETA_SYSTEMIMAGE_TARGET) \
$(INSTALLED_VBMETA_VENDORIMAGE_TARGET) \
@@ -4216,6 +4289,16 @@
$(hide) echo "avb_recovery_algorithm=$(BOARD_AVB_RECOVERY_ALGORITHM)" >> $@
$(hide) echo "avb_recovery_rollback_index_location=$(BOARD_AVB_RECOVERY_ROLLBACK_INDEX_LOCATION)" >> $@
endif # BOARD_AVB_RECOVERY_KEY_PATH
+ifneq (,$(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)))
+ $(hide) echo "avb_custom_images_partition_list=$(BOARD_CUSTOMIMAGES_PARTITION_LIST)" >> $@
+ $(hide) $(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \
+ echo "avb_$(partition)_key_path=$(BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH)" >> $@; \
+ echo "avb_$(partition)_algorithm=$(BOARD_AVB_$(call to-upper,$(partition))_ALGORITHM)" >> $@; \
+ echo "avb_$(partition)_add_hashtree_footer_args=$(BOARD_AVB_$(call to-upper,$(partition))_ADD_HASHTREE_FOOTER_ARGS)" >> $@; \
+ echo "avb_$(partition)_rollback_index_location=$(BOARD_AVB_$(call to-upper,$(partition))_ROLLBACK_INDEX_LOCATION)" >> $@; \
+ echo "avb_$(partition)_partition_size=$(BOARD_AVB_$(call to-upper,$(partition))_PARTITION_SIZE)" >> $@; \
+ echo "avb_$(partition)_image_list=$(foreach image,$(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST),$(notdir $(image)))" >> $@;)
+endif # BOARD_CUSTOMIMAGES_PARTITION_LIST
ifneq (,$(strip $(BOARD_AVB_VBMETA_SYSTEM)))
$(hide) echo "avb_vbmeta_system=$(BOARD_AVB_VBMETA_SYSTEM)" >> $@
$(hide) echo "avb_vbmeta_system_args=$(BOARD_AVB_MAKE_VBMETA_SYSTEM_IMAGE_ARGS)" >> $@
@@ -4449,6 +4532,7 @@
$(INSTALLED_VBMETAIMAGE_TARGET) \
$(INSTALLED_ODMIMAGE_TARGET) \
$(INSTALLED_DTBOIMAGE_TARGET) \
+ $(INSTALLED_CUSTOMIMAGES_TARGET) \
$(INTERNAL_SYSTEMOTHERIMAGE_FILES) \
$(INSTALLED_ANDROID_INFO_TXT_TARGET) \
$(INSTALLED_KERNEL_TARGET) \
@@ -4693,6 +4777,11 @@
$(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES
$(hide) cp $(INSTALLED_DTBOIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/
endif # BOARD_PREBUILT_DTBOIMAGE
+ifneq ($(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)),)
+ $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES
+ $(hide) $(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \
+ $(foreach image,$(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST),cp $(image) $(zip_root)/PREBUILT_IMAGES/;))
+endif # BOARD_CUSTOMIMAGES_PARTITION_LIST
@# The radio images in BOARD_PACK_RADIOIMAGES will be additionally copied from RADIO/ into
@# IMAGES/, which then will be added into <product>-img.zip. Such images must be listed in
@# INSTALLED_RADIOIMAGE_TARGET.
diff --git a/core/soong_android_app_set.mk b/core/soong_android_app_set.mk
index e84371c..4c27e53 100644
--- a/core/soong_android_app_set.mk
+++ b/core/soong_android_app_set.mk
@@ -24,8 +24,10 @@
endef
$(eval $(call extract-master-from-apk-set,$(LOCAL_PREBUILT_MODULE_FILE),$(LOCAL_APK_SET_MASTER_FILE)))
+# unzip returns 11 it there was nothing to extract, which is expected,
+# $(LOCAL_APK_SET_MASTER_FILE) has is already there.
LOCAL_POST_INSTALL_CMD := unzip -qo -j -d $(dir $(LOCAL_INSTALLED_MODULE)) \
- $(LOCAL_PREBUILT_MODULE_FILE) -x $(LOCAL_APK_SET_MASTER_FILE)
+ $(LOCAL_PREBUILT_MODULE_FILE) -x $(LOCAL_APK_SET_MASTER_FILE) || [[ $$? -eq 11 ]]
$(LOCAL_INSTALLED_MODULE): PRIVATE_POST_INSTALL_CMD := $(LOCAL_POST_INSTALL_CMD)
PACKAGES.$(LOCAL_MODULE).OVERRIDES := $(strip $(LOCAL_OVERRIDES_PACKAGES))
diff --git a/core/version_defaults.mk b/core/version_defaults.mk
index cd34e46..1b704a5 100644
--- a/core/version_defaults.mk
+++ b/core/version_defaults.mk
@@ -240,7 +240,7 @@
# It must be of the form "YYYY-MM-DD" on production devices.
# It must match one of the Android Security Patch Level strings of the Public Security Bulletins.
# If there is no $PLATFORM_SECURITY_PATCH set, keep it empty.
- PLATFORM_SECURITY_PATCH := 2020-07-01
+ PLATFORM_SECURITY_PATCH := 2020-07-05
endif
.KATI_READONLY := PLATFORM_SECURITY_PATCH
diff --git a/target/product/emulated_storage.mk b/target/product/emulated_storage.mk
index d7cc9ce..ea5d9ad 100644
--- a/target/product/emulated_storage.mk
+++ b/target/product/emulated_storage.mk
@@ -19,3 +19,5 @@
PRODUCT_FS_CASEFOLD := 1
PRODUCT_PROPERTY_OVERRIDES += external_storage.casefold.enabled=1
+
+PRODUCT_PROPERTY_OVERRIDES += external_storage.sdcardfs.enabled=0
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 7db506c..3ca139a 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -60,6 +60,7 @@
import common
import rangelib
import sparse_img
+import verity_utils
if sys.hexversion < 0x02070000:
print("Python 2.7 or newer is required.", file=sys.stderr)
@@ -312,6 +313,56 @@
img.Write()
return img.name
+def AddCustomImages(output_zip, partition_name):
+ """Adds and signs custom images in IMAGES/.
+
+ Args:
+ output_zip: The output zip file (needs to be already open), or None to
+ write images to OPTIONS.input_tmp/.
+
+ Uses the image under IMAGES/ if it already exists. Otherwise looks for the
+ image under PREBUILT_IMAGES/, signs it as needed, and returns the image name.
+
+ Raises:
+ AssertionError: If image can't be found.
+ """
+
+ partition_size = OPTIONS.info_dict.get(
+ "avb_{}_partition_size".format(partition_name))
+ key_path = OPTIONS.info_dict.get("avb_{}_key_path".format(partition_name))
+ algorithm = OPTIONS.info_dict.get("avb_{}_algorithm".format(partition_name))
+ extra_args = OPTIONS.info_dict.get(
+ "avb_{}_add_hashtree_footer_args".format(partition_name))
+ partition_size = OPTIONS.info_dict.get(
+ "avb_{}_partition_size".format(partition_name))
+
+ builder = verity_utils.CreateCustomImageBuilder(
+ OPTIONS.info_dict, partition_name, partition_size,
+ key_path, algorithm, extra_args)
+
+ for img_name in OPTIONS.info_dict.get(
+ "avb_{}_image_list".format(partition_name)).split():
+ custom_image = OutputFile(output_zip, OPTIONS.input_tmp, "IMAGES", img_name)
+ if os.path.exists(custom_image.name):
+ continue
+
+ custom_image_prebuilt_path = os.path.join(
+ OPTIONS.input_tmp, "PREBUILT_IMAGES", img_name)
+ assert os.path.exists(custom_image_prebuilt_path), \
+ "Failed to find %s at %s" % (img_name, custom_image_prebuilt_path)
+
+ shutil.copy(custom_image_prebuilt_path, custom_image.name)
+
+ if builder is not None:
+ builder.Build(custom_image.name)
+
+ custom_image.Write()
+
+ default = os.path.join(OPTIONS.input_tmp, "IMAGES", partition_name + ".img")
+ assert os.path.exists(default), \
+ "There should be one %s.img" % (partition_name)
+ return default
+
def CreateImage(input_dir, info_dict, what, output_file, block_list=None):
logger.info("creating %s.img...", what)
@@ -411,8 +462,9 @@
Args:
output_zip: The output zip file, which needs to be already open.
partitions: A dict that's keyed by partition names with image paths as
- values. Only valid partition names are accepted, as listed in
- common.AVB_PARTITIONS.
+ values. Only valid partition names are accepted, as partitions listed
+ in common.AVB_PARTITIONS and custom partitions listed in
+ OPTIONS.info_dict.get("avb_custom_images_partition_list")
name: Name of the VBMeta partition, e.g. 'vbmeta', 'vbmeta_system'.
needed_partitions: Partitions whose descriptors should be included into the
generated VBMeta image.
@@ -829,11 +881,20 @@
banner("dtbo")
partitions['dtbo'] = AddDtbo(output_zip)
+ # Custom images.
+ custom_partitions = OPTIONS.info_dict.get(
+ "avb_custom_images_partition_list", "").strip().split()
+ for partition_name in custom_partitions:
+ partition_name = partition_name.strip()
+ banner("custom images for " + partition_name)
+ partitions[partition_name] = AddCustomImages(output_zip, partition_name)
+
if OPTIONS.info_dict.get("avb_enable") == "true":
# vbmeta_partitions includes the partitions that should be included into
# top-level vbmeta.img, which are the ones that are not included in any
# chained VBMeta image plus the chained VBMeta images themselves.
- vbmeta_partitions = common.AVB_PARTITIONS[:]
+ # Currently custom_partitions are all chained to VBMeta image.
+ vbmeta_partitions = common.AVB_PARTITIONS[:] + tuple(custom_partitions)
vbmeta_system = OPTIONS.info_dict.get("avb_vbmeta_system", "").strip()
if vbmeta_system:
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index ae9b793..1c61938 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -169,7 +169,7 @@
def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
- algorithm, salt, no_hashtree, signing_args=None):
+ algorithm, salt, hash_algorithm, no_hashtree, signing_args=None):
"""Signs a given payload_file with the payload key."""
# Add the new footer. Old footer, if any, will be replaced by avbtool.
cmd = [avbtool, 'add_hashtree_footer',
@@ -178,7 +178,8 @@
'--key', payload_key_path,
'--prop', 'apex.key:{}'.format(payload_key_name),
'--image', payload_file,
- '--salt', salt]
+ '--salt', salt,
+ '--hash_algorithm', hash_algorithm]
if no_hashtree:
cmd.append('--no_hashtree')
if signing_args:
@@ -235,11 +236,11 @@
'Failed to get APEX payload info for {}:\n{}'.format(
payload_path, e))
- # Extract the Algorithm / Salt / Prop info / Tree size from payload (i.e. an
- # image signed with avbtool). For example,
+ # Extract the Algorithm / Hash Algorithm / Salt / Prop info / Tree size from
+ # payload (i.e. an image signed with avbtool). For example,
# Algorithm: SHA256_RSA4096
PAYLOAD_INFO_PATTERN = (
- r'^\s*(?P<key>Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
+ r'^\s*(?P<key>Algorithm|Hash Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)
payload_info = {}
@@ -273,7 +274,7 @@
payload_info[key] = value
# Sanity check.
- for key in ('Algorithm', 'Salt', 'apex.key'):
+ for key in ('Algorithm', 'Salt', 'apex.key', 'Hash Algorithm'):
if key not in payload_info:
raise ApexInfoError(
'Failed to find {} prop in {}'.format(key, payload_path))
@@ -326,6 +327,7 @@
payload_info['apex.key'],
payload_info['Algorithm'],
payload_info['Salt'],
+ payload_info['Hash Algorithm'],
no_hashtree,
signing_args)
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 10fdb6d..7d702c6 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -978,8 +978,9 @@
Args:
image_path: The output path for the new VBMeta image.
partitions: A dict that's keyed by partition names with image paths as
- values. Only valid partition names are accepted, as listed in
- common.AVB_PARTITIONS.
+ values. Only valid partition names are accepted, as partitions listed
+ in common.AVB_PARTITIONS and custom partitions listed in
+ OPTIONS.info_dict.get("avb_custom_images_partition_list")
name: Name of the VBMeta partition, e.g. 'vbmeta', 'vbmeta_system'.
needed_partitions: Partitions whose descriptors should be included into the
generated VBMeta image.
@@ -991,11 +992,15 @@
cmd = [avbtool, "make_vbmeta_image", "--output", image_path]
AppendAVBSigningArgs(cmd, name)
+ custom_partitions = OPTIONS.info_dict.get(
+ "avb_custom_images_partition_list", "").strip().split()
+
for partition, path in partitions.items():
if partition not in needed_partitions:
continue
assert (partition in AVB_PARTITIONS or
- partition in AVB_VBMETA_PARTITIONS), \
+ partition in AVB_VBMETA_PARTITIONS or
+ partition in custom_partitions), \
'Unknown partition: {}'.format(partition)
assert os.path.exists(path), \
'Failed to find {} for {}'.format(path, partition)
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 52cd9a8..47360c9 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -112,6 +112,17 @@
(e.g. "--signing_helper /path/to/helper"). The args will be appended to
the existing ones in info dict.
+ --avb_extra_custom_image_key <partition=key>
+ --avb_extra_custom_image_algorithm <partition=algorithm>
+ Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign
+ the specified custom images mounted on the partition. Otherwise it uses
+ the existing values in info dict.
+
+ --avb_extra_custom_image_extra_args <partition=extra_args>
+ Specify any additional args that are needed to AVB-sign the custom images
+ mounted on the partition (e.g. "--signing_helper /path/to/helper"). The
+ args will be appended to the existing ones in info dict.
+
--android_jar_path <path>
Path to the android.jar to repack the apex file.
"""
@@ -956,12 +967,20 @@
if extra_args:
print('Setting extra AVB signing args for %s to "%s"' % (
partition, extra_args))
- args_key = AVB_FOOTER_ARGS_BY_PARTITION[partition]
+ if partition in AVB_FOOTER_ARGS_BY_PARTITION:
+ args_key = AVB_FOOTER_ARGS_BY_PARTITION[partition]
+ else:
+ # custom partition
+ args_key = "avb_{}_add_hashtree_footer_args".format(partition)
misc_info[args_key] = (misc_info.get(args_key, '') + ' ' + extra_args)
for partition in AVB_FOOTER_ARGS_BY_PARTITION:
ReplaceAvbPartitionSigningKey(partition)
+ for custom_partition in misc_info.get(
+ "avb_custom_images_partition_list", "").strip().split():
+ ReplaceAvbPartitionSigningKey(custom_partition)
+
def RewriteAvbProps(misc_info):
"""Rewrites the props in AVB signing args."""
@@ -1208,6 +1227,18 @@
OPTIONS.avb_extra_args['vbmeta_vendor'] = a
elif o == "--avb_apex_extra_args":
OPTIONS.avb_extra_args['apex'] = a
+ elif o == "--avb_extra_custom_image_key":
+ partition, key = a.split("=")
+ OPTIONS.avb_keys[partition] = key
+ elif o == "--avb_extra_custom_image_algorithm":
+ partition, algorithm = a.split("=")
+ OPTIONS.avb_algorithms[partition] = algorithm
+ elif o == "--avb_extra_custom_image_extra_args":
+ # Setting the maxsplit parameter to one, which will return a list with
+ # two elements. e.g., the second '=' should not be splitted for
+ # 'oem=--signing_helper_with_files=/tmp/avbsigner.sh'.
+ partition, extra_args = a.split("=", 1)
+ OPTIONS.avb_extra_args[partition] = extra_args
else:
return False
return True
@@ -1252,6 +1283,9 @@
"avb_vbmeta_vendor_algorithm=",
"avb_vbmeta_vendor_key=",
"avb_vbmeta_vendor_extra_args=",
+ "avb_extra_custom_image_key=",
+ "avb_extra_custom_image_algorithm=",
+ "avb_extra_custom_image_extra_args=",
],
extra_option_handler=option_handler)
diff --git a/tools/releasetools/test_apex_utils.py b/tools/releasetools/test_apex_utils.py
index e19bc90..7b4a4b0 100644
--- a/tools/releasetools/test_apex_utils.py
+++ b/tools/releasetools/test_apex_utils.py
@@ -50,11 +50,12 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=True)
+ self.SALT, 'sha256', no_hashtree=True)
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
self.assertEqual('SHA256_RSA2048', payload_info['Algorithm'])
self.assertEqual(self.SALT, payload_info['Salt'])
self.assertEqual('testkey', payload_info['apex.key'])
+ self.assertEqual('sha256', payload_info['Hash Algorithm'])
self.assertEqual('0 bytes', payload_info['Tree Size'])
@test_utils.SkipIfExternalToolsUnavailable()
@@ -62,7 +63,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=True)
+ self.SALT, 'sha256', no_hashtree=True)
apex_utils.VerifyApexPayload(
'avbtool', payload_file, self.payload_key, True)
@@ -71,7 +72,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=False)
+ self.SALT, 'sha256', no_hashtree=False)
apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key)
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
self.assertEqual('4096 bytes', payload_info['Tree Size'])
@@ -81,7 +82,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=True)
+ self.SALT, 'sha256', no_hashtree=True)
apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key,
no_hashtree=True)
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
@@ -98,7 +99,7 @@
'avbtool',
payload_file,
self.payload_key,
- 'testkey', 'SHA256_RSA2048', self.SALT,
+ 'testkey', 'SHA256_RSA2048', self.SALT, 'sha256',
True,
payload_signer_args)
apex_utils.VerifyApexPayload(
@@ -115,6 +116,7 @@
'testkey',
'SHA256_RSA2048',
self.SALT,
+ 'sha256',
no_hashtree=True)
@test_utils.SkipIfExternalToolsUnavailable()
@@ -122,7 +124,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, True)
+ self.SALT, 'sha256', True)
apex_utils.VerifyApexPayload(
'avbtool', payload_file, self.payload_key, True)
self.assertRaises(
diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py
index 1b918cc..69be511 100755
--- a/tools/releasetools/validate_target_files.py
+++ b/tools/releasetools/validate_target_files.py
@@ -352,8 +352,13 @@
cmd = [info_dict['avb_avbtool'], 'verify_image', '--image', image,
'--follow_chain_partitions']
+ # Custom images.
+ custom_partitions = info_dict.get(
+ "avb_custom_images_partition_list", "").strip().split()
+
# Append the args for chained partitions if any.
- for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
+ for partition in (common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS +
+ tuple(custom_partitions)):
key_name = 'avb_' + partition + '_key_path'
if info_dict.get(key_name) is not None:
if info_dict.get('ab_update') != 'true' and partition == 'recovery':
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index e7f84f5..fc83689 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -695,3 +695,22 @@
raise HashtreeInfoGenerationError("Failed to reconstruct the verity tree")
return self.hashtree_info
+
+
+def CreateCustomImageBuilder(info_dict, partition_name, partition_size,
+ key_path, algorithm, signing_args):
+ builder = None
+ if info_dict.get("avb_enable") == "true":
+ builder = VerifiedBootVersion2VerityImageBuilder(
+ partition_name,
+ partition_size,
+ VerifiedBootVersion2VerityImageBuilder.AVB_HASHTREE_FOOTER,
+ info_dict.get("avb_avbtool"),
+ key_path,
+ algorithm,
+ # Salt is None because custom images have no fingerprint property to be
+ # used as the salt.
+ None,
+ signing_args)
+
+ return builder