Make change and version bump to QP1A.181024.001
Change-Id: I72626fc168e5a6b1d53b245c5c9c6837442e1c7d
diff --git a/core/Makefile b/core/Makefile
index da1fbc2..c21c517 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1638,15 +1638,13 @@
# Generate a file containing the keys that will be read by the
# recovery binary.
RECOVERY_INSTALL_OTA_KEYS := \
- $(call intermediates-dir-for,PACKAGING,ota_keys)/keys
-DUMPKEY_JAR := $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar
+ $(call intermediates-dir-for,PACKAGING,ota_keys)/otacerts.zip
$(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(OTA_PUBLIC_KEYS)
$(RECOVERY_INSTALL_OTA_KEYS): extra_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
-$(RECOVERY_INSTALL_OTA_KEYS): $(OTA_PUBLIC_KEYS) $(DUMPKEY_JAR) $(extra_keys)
- @echo "DumpPublicKey: $@ <= $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys)"
- @rm -rf $@
- @mkdir -p $(dir $@)
- $(JAVA) -jar $(DUMPKEY_JAR) $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys) > $@
+$(RECOVERY_INSTALL_OTA_KEYS): $(SOONG_ZIP) $(OTA_PUBLIC_KEYS) $(extra_keys)
+ $(hide) rm -f $@
+ $(hide) mkdir -p $(dir $@)
+ $(hide) $(SOONG_ZIP) -o $@ $(foreach key_file, $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys), -C $(dir $(key_file)) -f $(key_file))
RECOVERYIMAGE_ID_FILE := $(PRODUCT_OUT)/recovery.id
@@ -1677,7 +1675,8 @@
cp -f $(item) $(TARGET_RECOVERY_ROOT_OUT)/system/etc/recovery.fstab)
$(if $(strip $(recovery_wipe)), \
$(hide) cp -f $(recovery_wipe) $(TARGET_RECOVERY_ROOT_OUT)/system/etc/recovery.wipe)
- $(hide) cp $(RECOVERY_INSTALL_OTA_KEYS) $(TARGET_RECOVERY_ROOT_OUT)/res/keys
+ $(hide) mkdir -p $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security
+ $(hide) cp $(RECOVERY_INSTALL_OTA_KEYS) $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security/otacerts.zip
$(hide) ln -sf prop.default $(TARGET_RECOVERY_ROOT_OUT)/default.prop
$(BOARD_RECOVERY_IMAGE_PREPARE)
$(hide) $(MKBOOTFS) -d $(TARGET_OUT) $(TARGET_RECOVERY_ROOT_OUT) | $(MINIGZIP) > $(recovery_ramdisk)
@@ -3094,7 +3093,6 @@
$(HOST_OUT_EXECUTABLES)/zipalign \
$(HOST_OUT_EXECUTABLES)/bsdiff \
$(HOST_OUT_EXECUTABLES)/imgdiff \
- $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar \
$(HOST_OUT_JAVA_LIBRARIES)/signapk.jar \
$(HOST_OUT_JAVA_LIBRARIES)/BootSignature.jar \
$(HOST_OUT_JAVA_LIBRARIES)/VeritySigner.jar \
diff --git a/core/build_id.mk b/core/build_id.mk
index 7d242cc..0dca88f 100644
--- a/core/build_id.mk
+++ b/core/build_id.mk
@@ -18,4 +18,4 @@
# (like "CRB01"). It must be a single word, and is
# capitalized by convention.
-BUILD_ID=QP1A.181023.001
+BUILD_ID=QP1A.181024.001
diff --git a/core/tasks/tools/compatibility.mk b/core/tasks/tools/compatibility.mk
index d2433ea..57a5cf9 100644
--- a/core/tasks/tools/compatibility.mk
+++ b/core/tasks/tools/compatibility.mk
@@ -35,7 +35,6 @@
$(HOST_OUT_JAVA_LIBRARIES)/compatibility-host-util-tests.jar \
$(HOST_OUT_JAVA_LIBRARIES)/compatibility-common-util-tests.jar \
$(HOST_OUT_JAVA_LIBRARIES)/compatibility-tradefed-tests.jar \
- $(HOST_OUT_JAVA_LIBRARIES)/host-libprotobuf-java-full.jar \
$(HOST_OUT_JAVA_LIBRARIES)/$(test_suite_tradefed).jar \
$(HOST_OUT_JAVA_LIBRARIES)/$(test_suite_tradefed)-tests.jar \
$(HOST_OUT_EXECUTABLES)/$(test_suite_tradefed) \
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 1e8677c..ddc50be 100755
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -405,6 +405,9 @@
needed_partitions: Partitions whose descriptors should be included into the
generated VBMeta image.
+ Returns:
+ Path to the created image.
+
Raises:
AssertionError: On invalid input args.
"""
@@ -423,7 +426,8 @@
for partition, path in partitions.items():
if partition not in needed_partitions:
continue
- assert partition in common.AVB_PARTITIONS, \
+ assert (partition in common.AVB_PARTITIONS or
+ partition.startswith('vbmeta_')), \
'Unknown partition: {}'.format(partition)
assert os.path.exists(path), \
'Failed to find {} for {}'.format(path, partition)
@@ -458,6 +462,7 @@
assert proc.returncode == 0, \
"avbtool make_vbmeta_image failed:\n{}".format(stdoutdata)
img.Write()
+ return img.name
def AddPartitionTable(output_zip):
@@ -836,7 +841,7 @@
vbmeta_system = OPTIONS.info_dict.get("avb_vbmeta_system", "").strip()
if vbmeta_system:
banner("vbmeta_system")
- AddVBMeta(
+ partitions["vbmeta_system"] = AddVBMeta(
output_zip, partitions, "vbmeta_system", vbmeta_system.split())
vbmeta_partitions = [
item for item in vbmeta_partitions
@@ -846,7 +851,7 @@
vbmeta_vendor = OPTIONS.info_dict.get("avb_vbmeta_vendor", "").strip()
if vbmeta_vendor:
banner("vbmeta_vendor")
- AddVBMeta(
+ partitions["vbmeta_vendor"] = AddVBMeta(
output_zip, partitions, "vbmeta_vendor", vbmeta_vendor.split())
vbmeta_partitions = [
item for item in vbmeta_partitions
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index d35e9e8..de3ead6 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -369,13 +369,13 @@
"SYSTEM/bin/install-recovery.sh"):
OPTIONS.rebuild_recovery = True
- # Don't copy OTA keys if we're replacing them.
+ # Don't copy OTA certs if we're replacing them.
elif (
OPTIONS.replace_ota_keys and
filename in (
- "BOOT/RAMDISK/res/keys",
+ "BOOT/RAMDISK/system/etc/security/otacerts.zip",
"BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem",
- "RECOVERY/RAMDISK/res/keys",
+ "RECOVERY/RAMDISK/system/etc/security/otacerts.zip",
"SYSTEM/etc/security/otacerts.zip",
"SYSTEM/etc/update_engine/update-payload-key.pub.pem")):
pass
@@ -548,6 +548,27 @@
return "\n".join(output) + "\n"
+def WriteOtacerts(output_zip, filename, keys):
+ """Constructs a zipfile from given keys; and writes it to output_zip.
+
+ Args:
+ output_zip: The output target_files zip.
+ filename: The archive name in the output zip.
+ keys: A list of public keys to use during OTA package verification.
+ """
+
+ try:
+ from StringIO import StringIO
+ except ImportError:
+ from io import StringIO
+ temp_file = StringIO()
+ certs_zip = zipfile.ZipFile(temp_file, "w")
+ for k in keys:
+ common.ZipWrite(certs_zip, k)
+ common.ZipClose(certs_zip)
+ common.ZipWriteStr(output_zip, filename, temp_file.getvalue())
+
+
def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
try:
keylist = input_tf_zip.read("META/otakeys.txt").split()
@@ -585,39 +606,20 @@
print("META/otakeys.txt has no keys; using %s for OTA package"
" verification." % (mapped_keys[0],))
- # recovery uses a version of the key that has been slightly
- # predigested (by DumpPublicKey.java) and put in res/keys.
+ # recovery now uses the same x509.pem version of the keys.
# extra_recovery_keys are used only in recovery.
- cmd = ([OPTIONS.java_path] + OPTIONS.java_args +
- ["-jar",
- os.path.join(OPTIONS.search_path, "framework", "dumpkey.jar")] +
- mapped_keys + extra_recovery_keys)
- p = common.Run(cmd, stdout=subprocess.PIPE)
- new_recovery_keys, _ = p.communicate()
- if p.returncode != 0:
- raise common.ExternalError("failed to run dumpkeys")
-
if misc_info.get("recovery_as_boot") == "true":
- recovery_keys_location = "BOOT/RAMDISK/res/keys"
+ recovery_keys_location = "BOOT/RAMDISK/system/etc/security/otacerts.zip"
else:
- recovery_keys_location = "RECOVERY/RAMDISK/res/keys"
- common.ZipWriteStr(output_tf_zip, recovery_keys_location, new_recovery_keys)
+ recovery_keys_location = "RECOVERY/RAMDISK/system/etc/security/otacerts.zip"
+
+ WriteOtacerts(output_tf_zip, recovery_keys_location,
+ mapped_keys + extra_recovery_keys)
# SystemUpdateActivity uses the x509.pem version of the keys, but
# put into a zipfile system/etc/security/otacerts.zip.
# We DO NOT include the extra_recovery_keys (if any) here.
-
- try:
- from StringIO import StringIO
- except ImportError:
- from io import StringIO
- temp_file = StringIO()
- certs_zip = zipfile.ZipFile(temp_file, "w")
- for k in mapped_keys:
- common.ZipWrite(certs_zip, k)
- common.ZipClose(certs_zip)
- common.ZipWriteStr(output_tf_zip, "SYSTEM/etc/security/otacerts.zip",
- temp_file.getvalue())
+ WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys)
# For A/B devices, update the payload verification key.
if misc_info.get("ab_update") == "true":
@@ -638,8 +640,6 @@
"BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem",
pubkey)
- return new_recovery_keys
-
def ReplaceVerityPublicKey(output_zip, filename, key_path):
"""Replaces the verity public key at the given path in the given zip.
