| Commit message (Collapse) | Author | Files | Lines |
|
When using AVB, PRODUCT_SUPPORTS_VERITY is not set so check for
BOARD_ENABLE_AVB as well. Also AVB sets up the root filesystem as
'vroot' so map that to 'system' since this is what is
expected. Managed to test at least that the code is at least compiled
in:
$ fastboot --set-active=_a
Setting current slot to 'a'...
OKAY [ 0.023s]
finished. total time: 0.023s
$ fastboot reboot
rebooting...
finished. total time: 0.050s
$ adb wait-for-device
$ adb logcat |grep update_verifier
03-04 05:28:56.773 630 630 I /system/bin/update_verifier: Started with arg 1: nonencrypted
03-04 05:28:56.776 630 630 I /system/bin/update_verifier: Booting slot 0: isSlotMarkedSuccessful=0
03-04 05:28:56.776 630 630 W /system/bin/update_verifier: Failed to open /data/ota_package/care_map.txt: No such file or directory
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Marked slot 0 as booted successfully.
03-04 05:28:56.788 630 630 I /system/bin/update_verifier: Leaving update_verifier.
Bug: None
Test: Manually tested on device using AVB bootloader.
Change-Id: I13c0fe1cc5d0f397e36f5e62fcc05c8dfee5fd85
|
|
It's only used by file-based OTA which has been deprecated for O.
Test: mma
Change-Id: I439c93155ca94554d827142c99aa6c0845cc7561
|
|
run_fuse_sideload() is passing the block size as the max_read
option, so it will only handle a request that involves at most two
blocks at a time. However, the minimal allowed value was set to 1024
prior to this CL, which is inconsistent with the kernel code
(fs/fuse/inode.c) that sets it to the greater of 4096 and the passed-in
max_read option. This would fail the calls with a block size / max_read
less than 4096 due to the wrongly computed block indices.
Note that we didn't observe real issue in practice, because we have been
using 64 KiB block sizes for both of adb and sdcard sideload calls. The
issue only shows up in my local CL (to come later) that uses 1024 block
size in run_fuse_sideload() tests.
Test: recovery_component_test
Test: adb sideload with the new recovery image on angler
Change-Id: Id9f0cfea13d0d193dcb7cd41a1553a23739545f2
|
|
Enable -Wall and expose verify_image() for testing purpose.
Test: mmma bootable/recovery
Test: recovery_component_test
Change-Id: I1ee1db2a775bafdc1112e25a1bc7194d8d6aee4f
|
|
The libvintf API has landed. Hook up to do the actual verification.
Bug: 36597505
Test: recovery_component_test
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that contain dummy compatibility entries.
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that don't contain any compatibility entries.
Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f
(cherry picked from commit da320ac6ab53395ddff3cc08b88a61f977ed939a)
|
|
The libvintf API has landed. Hook up to do the actual verification.
Bug: 36597505
Test: recovery_component_test
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that contain dummy compatibility entries.
Test: m recoveryimage; adb sideload on angler and sailfish, with
packages that don't contain any compatibility entries.
Change-Id: Idbd6f5aaef605ca51b20e667505d686de5ac781f
|
|
Expose update_binary_command() through private/install.h for testing
purpose.
Also make minor clean-ups to install.cpp: a) adding more verbose logging
on ExtractToMemory failures; b) update_binary_command() taking
std::string instead of const char*; c) moving a few macro and global
constants into update_binary_command().
Bug: 37300957
Test: recovery_component_test on marlin
Test: Build new recovery and adb sideload on angler and sailfish.
Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
Merged-In: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
(cherry picked from commit bc4b1fe4c4305ebf0fbfc891b9b508c14b5c8ef8)
|
|
Expose update_binary_command() through private/install.h for testing
purpose.
Also make minor clean-ups to install.cpp: a) adding more verbose logging
on ExtractToMemory failures; b) update_binary_command() taking
std::string instead of const char*; c) moving a few macro and global
constants into update_binary_command().
Bug: 37300957
Test: recovery_component_test on marlin
Test: Build new recovery and adb sideload on angler and sailfish.
Change-Id: Ib2d9068af3fee038f01c90940ccaeb0a7da374fc
|
|
verify_package_compatibility() is added to parse the compatibility entry
(compatibility.zip) in a given OTA package. If entry is present, the
information is sent to libvintf to check the compatibility.
This CL doesn't actually call libvintf, since the API there is not
available yet.
Bug: 36597505
Test: Doesn't break the install with existing packages (i.e. w/o the
compatibility entry).
Test: recovery_component_test
Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
(cherry picked from commit 62e0bc7586077b3bde82759fb34b51b982cea20f)
|
|
verify_package_compatibility() is added to parse the compatibility entry
(compatibility.zip) in a given OTA package. If entry is present, the
information is sent to libvintf to check the compatibility.
This CL doesn't actually call libvintf, since the API there is not
available yet.
Bug: 36597505
Test: Doesn't break the install with existing packages (i.e. w/o the
compatibility entry).
Test: recovery_component_test
Change-Id: I3903ffa5f6ba33a5c0d761602ade6290c6752596
|
|
Also move RangeSet into a header file to make it testable, and add unit
tests.
In RangeSet::Parse() (the former parse_range()), use libbase logging to
do assertions. This has the same effect as the previous
exit(EXIT_FAILURE) to terminate the updater process and abort an update.
The difference lies in the exit status code (i.e. WEXITSTATUS(status) in
install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0.
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
|
|
Per the comment in build/make/core/base_rules.mk:
Ninja has an implicit dependency on the command being run, and kati will
regenerate the ninja manifest if any read makefile changes, so there is no
need to have dependencies on makefiles.
Test: mmma bootable/recovery
Change-Id: I27b97df10d40f39ad966be70b33811175a665439
|
|
Design doc:
Generalized Suites & the Unification of APCT & CTS Workflows Design/Roadmap
https://docs.google.com/document/d/1eabK3srlBLouMiBMrNP3xJPiRRdcoCquNxC8gBWPvx8/edit#heading=h.78vup5eivwzo
Details about test configs changes are tracked in doc
https://docs.google.com/document/d/1EWUjJ7fjy8ge_Nk0YQbFdRp8DSHo3z6GU0R8jLgrAcw/edit#
Bug: 35882476
Test: local test
Change-Id: I51e1b410536469d254ae7a353bc61a7df06c8324
|
|
A follow-up to commit 5e535014dd7961fbf812abeaa27f3339775031f1.
Also clean up Android.mk, since libverifier no longer needs anything
from libminui.
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
|
|
Add the following tests:
stash src
bspatch stashed_src tgt
free stashed_src
(expected a successful update)
stash src
free stashed_src
fail_the_update
(expected stashed_src freed)
Bug: 36242722
Test: Test identified unfreed stashes correctly.
Change-Id: I5a136e8dc31774367972fbfe8c63cbc1ddb3a113
|
|
Put ImageChunk and some helper functions into a class. Also switch to
using std::vector instead of malloc.
Bug: 18606652
Test: imgdiff_test passed on host. Also generate a complete incremental OTA package.
The file content is the same and time consumption is similar.
Change-Id: Id603ada4e130ef521218400761a119001a86ca79
|
|
FUSE FS is required in recovery sideload functionalites.
This CL is to add a native test to flag when FUSE is not
supported in the device kernel.
Bug: 35768196
Test: mma, run recovery_component_test on marlin and pass all
Change-Id: I43b6dbee658010df56ba4d4b0e91baa7fd1c4480
|
|
Now ApplyBSDiffPatch() will stream the output to sink as we go instead
of sinking everything at the end.
Test: recovery_host_test
Bug: 26982501
Change-Id: I05b6ed40d45e4b1b19ae72784cf705b731b976e3
|
|
Bug: 34220783
Test: make checkbuild
Change-Id: Iceea20e440a4bb6a3b254486a65a86401a2241ef
|
|
match_locale() will return false for empty locale string in the PNG
file. Also add a manual test to validate if a PNG file is qualified to
use under recovery.
Bug: 34054052
Test: recovery_manual_test catches invalid PNG files successfully & Locale_test passed
Change-Id: Id7e2136e1d8abf20da15825aa7901effbced8b03
|
|
Bug: 34220783
Change-Id: I358f931f0b29f5bd526e1475180e477e2e90b936
|
|
Bug: 34220783
Change-Id: I34ccc3b11da0d1b48805967ad75b9ddade569930
|
|
Test: recovery_unit_test passes.
Change-Id: I764c56404c7ccdd57ae5486c946fbc9ac6ae7bc9
|
|
Test: recovery_unit_test passes.
Change-Id: I8ad364e88aaee31579ed7206aad8e5620518d797
|
|
Factor out libimgdiff static library for testing purpose.
This CL adds the imgdiff tests on host and on target both (similar to
libimgpatch). In practice, we only need imgdiff binary on host, and
libimgpatch on target. But they should build and pass tests on both
platforms.
Test: recovery_host_test passes; recovery_component_test passes.
Change-Id: I0eafb7faf727cdf70066310e845af6ee245d4f60
|
|
Test: recovery_component_test passes.
Change-Id: Ib9aa2ffd6b018546223c76b7424f4ba355f5b088
|
|
Bug: http://b/33534933
Test: recovery_component_test passes (and fails on buggy build due to
the CL in [1]).
[1]: commit 7e31f421a514da09b90e46dbd642a5e9b16e0003
Change-Id: I120498048ec1db8f9fcbb3cf135c05d3a48cfcdf
|
|
Add read_bootloader_message_from() and write_bootloader_message_to() to
allow specifying the BCB device (/misc).
Also add testcases for set_stage() and get_stage().
Test: recovery_component_test passes.
Test: Build a recovery image and apply a two-step OTA package.
Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
|
|
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
(cherry picked from commit ef0eb3b01b66fbbc97908667a3dd1e02d710cbb7)
|
|
'bool success = ExtractEntryToFile()' gives opposite result. Fix the
issue and add testcases.
Change the one-argument version of package_extract_file() to explicitly
abort for non-existent zip entry. Note that this is NOT changing the
behavior. Prior to this CL, it aborts from Evaluate() function, by
giving a general cause code. Now it returns kPackageExtractFileFailure.
BUg: 32903624
Test: recovery_component_test works.
Change-Id: I7a273e9c0d9aaaf8c472b2c778f7b8d90362c24f
|
|
Move recovery-refresh/persist tests out because these tests need special
steps to run. Also switch the constants to std::string.
Test: recovery_manual_test passed on an A/B device
Change-Id: I60b3ec6f094044945c3aafc1fae540896a6ddea6
|
|
Add unit testcases for sysMapFile().
Test: recovery_unit_test passes.
Test: Build and use the new recovery image to sideload a package.
Test: Build and use the new recovery image to install an update.
Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4
(cherry picked from commit c3292f3fcbb3cd608cc19b7459751fa5bb64ab84)
|
|
Add unit testcases for sysMapFile().
Test: recovery_unit_test passes.
Test: Build and use the new recovery image to sideload a package.
Test: Build and use the new recovery image to install an update.
Change-Id: I77d8f1ea151ab513865d992c256ba93a1fcb51a4
|
|
continuous_native_tests expects the testdata under DATA/ in
continuous_native_tests.zip. This CL packs a copy of the testdata into
continuous_native_tests.zip as DATA/nativetest/recovery/testdata (via
LOCAL_PICKUP_FILES).
This CL also removes the extra copy for nativetest64. Testdata will
always stay at /data/nativetest/recovery/testdata, even for 64-bit
version. Otherwise we will unnecessarily get four copies (two for data/
and another two for DATA/).
Bug: 32123241
Test: mmma bootable/recovery && adb sync data. On bullhead,
/data/nativetest/recovery_component_test/recovery_component_test works;
/data/nativetest64/recovery_component_test/recovery_component_test works.
Test: m continuous_native_test; DATA/nativetest/recovery/testdata exists.
Change-Id: Ifefa0309de7af23c77654e8e450848ca2da218c2
|
|
Refactor applypatch/main.cpp into libapplypatch_modes so that we can add
testcases.
Some changes to applypatch/main.cpp:
- Replace char** argv with const char**;
- Use android::base::Split() to split ":";
- Use android::base::ParseUInt().
Bug: 32383590
Test: Unit tests pass, install-recovery.sh works.
Change-Id: I44e7bfa5ab717d439ea1d0ee9ddb7b2c40bb95a4
|
|
We currently only copy the testdata to
$(TARGET_OUT_DATA_NATIVE_TESTS)/recovery, which fails the tests
generated for 2nd arch (TARGET_2ND_ARCH). For example, on angler
/data/nativetest/recovery_component_test/recovery_component_test fails
due to missing testdata.
Bug: 32123241
Test: Both of /data/nativetest/recovery... and /data/nativetest64/recovery...
work on angler.
Change-Id: Ib76264b4408d01c08b2619c8ac84b2476ea5a8bc
|
|
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|
|
So that we can write native tests for updater functions. This CL adds a
testcase for getprop() function.
Test: mmma bootable/recovery; Run recovery_component_test on device.
Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
|
|
Now they live in tests/component/edify_test.cpp.
Also rename edify/main.cpp to edify/edify_parser.cpp. It becomes a
host-side debugging tool that validates the input edify script. However,
it supports edify builtin functions only and doesn't recognize the ones
defined via updater.
Test: recovery_component_test passes on device.
Change-Id: Ib94a787bf15098a9cc078d256b6a6dc96ff12b2e
|
|
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
(cherry picked from commit 7aa88748f6ec4e53333d1a15747bc44826ccc410)
|
|
Also remove the 0xff comparison when validating the bootloader
message fields. As the fields won't be erased to 0xff after we
remove the MTD support.
Bug: 28202046
Test: The recovery folder compiles for aosp_x86-eng
Change-Id: Ibb30ea1b2b28676fb08c7e92a1e5f7b6ef3247ab
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
(cherry picked from commit 747781433fb01f745529c7e9dd97c5599070ad0d)
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|
Bug: http://b/30708454
Change-Id: I7a5048beff1d8b783a9683dcb4a79606a77f20ee
|
|
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and
fix builds.
Bug: http://b/29250988
Change-Id: Iad5be953e102020931649629afc980d585ed2931
(cherry picked from commit ab2fb94bf48483d761ba3aa85e0acf851895566f)
|
|
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and
fix builds.
Bug: http://b/29250988
Change-Id: Iad5be953e102020931649629afc980d585ed2931
(cherry picked from commit ab2fb94bf48483d761ba3aa85e0acf851895566f)
|
|
Track the change in commit 63a319201fc0f5c34c1c62b446527e06f57f8d40 and
fix builds.
Bug: http://b/29250988
Change-Id: Iad5be953e102020931649629afc980d585ed2931
|
|
matches_locale was expecting input locale string to have at most one
underscore; as a result "zh_CN_#Hans" ignores "zh_CN" and matches into
"zh". Fix the match function and add unit tests.
Bug: 27837319
Change-Id: I4e8a66f91cae6ac2a46b6bf21f670d5ea564c7c8
|
|
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
|
|
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
|
|
(cherry-pick from commit a4f701af93a5a739f34823cde0c493dfbc63537a)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
|
|
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
|
|
Bug: 27135282
Change-Id: If53682b591397ddfdb84860a3779b612904d4489
|
|
Test data needs to go outside the gtest module.
Change-Id: Ic444ca838cbafa651ec97ff8730129da84fafc09
|
|
Bug: 26962907
Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
|
|
And a few trival fixes to suppress warnings.
Change-Id: Id28e3581aaca4bda59826afa80c0c1cdfb0442fc
(cherry picked from commit 80e46e08de5f65702fa7f7cd3ef83f905d919bbc)
|
|
And a few trival fixes to suppress warnings.
Change-Id: I38734b5f4434643e85feab25f4807b46a45d8d65
|
|
Global variables kill.
No need to manually link gtest, and that causes problems with
libc++.
Change-Id: If804cdd436cf1addfa9a777708efbc37c27770b6
|
|
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.
Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
|