Re-generate 4K boot OTAs using signed boot.img during signing process
Currently, dev option OTAs are generated using dev-key signed boot.img
On release-key devices, OTA will install successfully, but user would be
using dev-key signed boot image after reverting to 4K mode, and
subsequent OTAs would fail. This CL re-generates 4K boot OTA using
release-key signed boot.img , which allows normal OTAs after toggling
dev options.
Test: th
Bug: 354019928
Change-Id: I40811d6ed7a37f50edea77d245bf559b66da5a71
diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index 9b134f2..3ddb2cb 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp
@@ -107,7 +107,7 @@
python_library_host {
name: "ota_metadata_proto",
srcs: [
- "ota_metadata.proto",
+ "ota_metadata.proto",
],
proto: {
canonical_path_from_root: false,
@@ -117,7 +117,7 @@
cc_library_static {
name: "ota_metadata_proto_cc",
srcs: [
- "ota_metadata.proto",
+ "ota_metadata.proto",
],
host_supported: true,
recovery_available: true,
@@ -144,7 +144,7 @@
static_libs: ["libprotobuf-java-nano"],
},
},
- visibility: ["//frameworks/base:__subpackages__"]
+ visibility: ["//frameworks/base:__subpackages__"],
}
python_defaults {
@@ -436,7 +436,7 @@
name: "check_target_files_vintf",
defaults: [
"releasetools_binary_defaults",
- "releasetools_check_target_files_vintf_defaults"
+ "releasetools_check_target_files_vintf_defaults",
],
}
@@ -546,13 +546,14 @@
defaults: ["releasetools_binary_defaults"],
srcs: [
"sign_target_files_apks.py",
- "payload_signer.py",
- "ota_signing_utils.py",
+ "ota_from_raw_img.py",
],
libs: [
"releasetools_add_img_to_target_files",
"releasetools_apex_utils",
"releasetools_common",
+ "ota_metadata_proto",
+ "ota_utils_lib",
],
}
@@ -632,7 +633,7 @@
data: [
"testdata/**/*",
":com.android.apex.compressed.v1",
- ":com.android.apex.vendor.foo.with_vintf"
+ ":com.android.apex.vendor.foo.with_vintf",
],
target: {
darwin: {
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index f6f6944..f5b76d1 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -898,7 +898,7 @@
if key.endswith("selinux_fc"):
fc_basename = os.path.basename(d[key])
fc_config = os.path.join(input_file, "META", fc_basename)
- assert os.path.exists(fc_config)
+ assert os.path.exists(fc_config), "{} does not exist".format(fc_config)
d[key] = fc_config
@@ -2988,7 +2988,7 @@
zipfile.ZIP64_LIMIT = saved_zip64_limit
-def ZipWriteStr(zip_file, zinfo_or_arcname, data, perms=None,
+def ZipWriteStr(zip_file: zipfile.ZipFile, zinfo_or_arcname, data, perms=None,
compress_type=None):
"""Wrap zipfile.writestr() function to work around the zip64 limit.
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index b8f848f..b485440 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -189,6 +189,8 @@
from xml.etree import ElementTree
import add_img_to_target_files
+import ota_from_raw_img
+import ota_utils
import apex_utils
import common
import payload_signer
@@ -579,7 +581,61 @@
filename.endswith("/prop.default")
-def ProcessTargetFiles(input_tf_zip: zipfile.ZipFile, output_tf_zip, misc_info,
+def RegenerateKernelPartitions(input_tf_zip: zipfile.ZipFile, output_tf_zip: zipfile.ZipFile, misc_info):
+ """Re-generate boot and dtbo partitions using new signing configuration"""
+ if OPTIONS.input_tmp is None:
+ OPTIONS.input_tmp = common.UnzipTemp(input_tf_zip.filename, [
+ "*/boot.img", "*/dtbo.img"])
+ else:
+ common.UnzipToDir(input_tf_zip, OPTIONS.input_tmp, [
+ "*/boot.img", "*/dtbo.img"])
+ unzip_dir = OPTIONS.input_tmp
+ image_dir = os.path.join(unzip_dir, "IMAGES")
+ shutil.rmtree(image_dir)
+ os.makedirs(image_dir, exist_ok=True)
+
+ boot_image = common.GetBootableImage(
+ "IMAGES/boot.img", "boot.img", unzip_dir, "BOOT", misc_info)
+ if boot_image:
+ boot_image.WriteToDir(unzip_dir)
+ boot_image = os.path.join(unzip_dir, boot_image.name)
+ common.ZipWrite(output_tf_zip, boot_image, "IMAGES/boot.img",
+ compress_type=zipfile.ZIP_STORED)
+ add_img_to_target_files.AddDtbo(output_tf_zip)
+ return unzip_dir
+
+
+def RegenerateBootOTA(input_tf_zip: zipfile.ZipFile, output_tf_zip: zipfile.ZipFile, misc_info, filename, input_ota):
+ if filename not in ["VENDOR/boot_otas/boot_ota_4k.zip", "SYSTEM/boot_otas/boot_ota_4k.zip"]:
+ # We only need to re-generate 4K boot OTA, for other OTA packages
+ # simply copy as is
+ with input_tf_zip.open(filename, "r") as in_fp:
+ shutil.copyfileobj(in_fp, input_ota)
+ input_ota.flush()
+ return
+ timestamp = misc_info["build.prop"].GetProp(
+ "ro.system.build.date.utc")
+ unzip_dir = RegenerateKernelPartitions(
+ input_tf_zip, output_tf_zip, misc_info)
+ signed_boot_image = os.path.join(unzip_dir, "IMAGES/boot.img")
+ signed_dtbo_image = os.path.join(unzip_dir, "IMAGES/dtbo.img")
+
+ if not os.path.exists(signed_boot_image):
+ logger.warn("Need to re-generate boot OTA {} but failed to get signed boot image. 16K dev option will be impacted, after rolling back to 4K user would need to sideload/flash their device to continue receiving OTAs.")
+ return
+ logger.info(
+ "Re-generating boot OTA {} with timestamp {}".format(filename, timestamp))
+ args = ["ota_from_raw_img", "--package_key", OPTIONS.package_key,
+ "--max_timestamp", timestamp, "--output", input_ota.name]
+ if os.path.exists(signed_dtbo_image):
+ args.extend(["--partition_name", "boot,dtbo",
+ signed_boot_image, signed_dtbo_image])
+ else:
+ args.extend(["--partition_name", "boot", signed_boot_image])
+ ota_from_raw_img.main(args)
+
+
+def ProcessTargetFiles(input_tf_zip: zipfile.ZipFile, output_tf_zip: zipfile.ZipFile, misc_info,
apk_keys, apex_keys, key_passwords,
platform_api_level, codename_to_api_level_map,
compressed_extension):
@@ -593,6 +649,14 @@
# Sets this to zero for targets without APK files.
maxsize = 0
+ # Replace the AVB signing keys, if any.
+ ReplaceAvbSigningKeys(misc_info)
+ OPTIONS.info_dict = misc_info
+
+ # Rewrite the props in AVB signing args.
+ if misc_info.get('avb_enable') == 'true':
+ RewriteAvbProps(misc_info)
+
for info in input_tf_zip.infolist():
filename = info.filename
if filename.startswith("IMAGES/"):
@@ -670,9 +734,9 @@
elif filename.endswith(".zip") and IsEntryOtaPackage(input_tf_zip, filename):
logger.info("Re-signing OTA package {}".format(filename))
with tempfile.NamedTemporaryFile() as input_ota, tempfile.NamedTemporaryFile() as output_ota:
- with input_tf_zip.open(filename, "r") as in_fp:
- shutil.copyfileobj(in_fp, input_ota)
- input_ota.flush()
+ RegenerateBootOTA(input_tf_zip, output_tf_zip,
+ misc_info, filename, input_ota)
+
SignOtaPackage(input_ota.name, output_ota.name)
common.ZipWrite(output_tf_zip, output_ota.name, filename,
compress_type=zipfile.ZIP_STORED)
@@ -811,17 +875,18 @@
common.ZipWrite(output_tf_zip, image.name, filename)
# A non-APK file; copy it verbatim.
else:
- common.ZipWriteStr(output_tf_zip, out_info, data)
+ try:
+ entry = output_tf_zip.getinfo(filename)
+ if output_tf_zip.read(entry) != data:
+ logger.warn(
+ "Output zip contains duplicate entries for %s with different contents", filename)
+ continue
+ except KeyError:
+ common.ZipWriteStr(output_tf_zip, out_info, data)
if OPTIONS.replace_ota_keys:
ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info)
- # Replace the AVB signing keys, if any.
- ReplaceAvbSigningKeys(misc_info)
-
- # Rewrite the props in AVB signing args.
- if misc_info.get('avb_enable') == 'true':
- RewriteAvbProps(misc_info)
# Write back misc_info with the latest values.
ReplaceMiscInfoTxt(input_tf_zip, output_tf_zip, misc_info)