From 56e3388b764fe7e416562de36dda3d3edb2c88aa Mon Sep 17 00:00:00 2001 From: Michael Schwartz Date: Thu, 24 May 2018 20:57:29 -0700 Subject: [PATCH 1/2] Dereference symlinks when copying files. The prebuilts are made available to the build via symlinks so be sure dereference them. Bug: 74835164 Test: `build_mixed gsi device dist` where device contained symlinks Merged-In: I4d8139ec17405037f2764691d026c2f9ad42a3fb Change-Id: I4d8139ec17405037f2764691d026c2f9ad42a3fb (cherry picked from commit bdb3f4f7de52554fbf888bb11f0519d5600abe1e) --- vndk/tools/build_mixed | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vndk/tools/build_mixed b/vndk/tools/build_mixed index 2a6cbcfdc..cac97f486 100755 --- a/vndk/tools/build_mixed +++ b/vndk/tools/build_mixed @@ -111,7 +111,8 @@ if [ -n "$DIST_DIR" ]; then mkdir -p "$DIST_DIR" || true fi # Archive all the device artifacts. -rsync -av --exclude='logs' "$DEVICE_DIR"/* "$DIST_DIR" +rsync --archive --verbose --copy-links --exclude='logs' \ + "$DEVICE_DIR"/* "$DIST_DIR" # Overwrite the image archive with the Mixed Build archive. OUT_ARCHIVE="$DIST_DIR"/"$(basename $DEVICE_ARCHIVE)" cp "$DEVICE_IMAGES_DIR"/mixed.zip "$OUT_ARCHIVE" From 3af420101fba8924d84585c9ea4756e8fdb6d232 Mon Sep 17 00:00:00 2001 From: Jae Shin Date: Tue, 8 May 2018 17:56:34 +0900 Subject: [PATCH 2/2] Support system.img modification for inter branch target Add support for modifying the system.img to work with older Android versions for inter branch build targets such as P GSI on O-MR1 device. modify_system_img.sh is a script based off of change_security_path_ver.sh, but uses the build/make/tools/releasetools/add_img_to_target_files.py script instead of mounting and unsparsing image with simg2img, so that the script can be run on Android build servers without root permission. Bug: 79153114 Test: development/vndk/tools/build_mixed -v 8.1.0 -m development/vndk/tools/modify_system_img.sh out/prebuilts_cached/artifacts/gsi out/prebuilts_cached/artifacts/walleye $DIST_DIR out/host/linux-x86/bin/checkvintf Merged-In: I5bd5b55a1b948dc5d394e5c74d4d11e3127d7385 Change-Id: I5bd5b55a1b948dc5d394e5c74d4d11e3127d7385 (cherry picked from commit 20296c0a4f96c125105254a57e28028c888a3746) --- vndk/tools/build_mixed | 93 ++++++++++++++--- vndk/tools/modify_system_img.sh | 174 ++++++++++++++++++++++++++++++++ 2 files changed, 252 insertions(+), 15 deletions(-) create mode 100755 vndk/tools/modify_system_img.sh diff --git a/vndk/tools/build_mixed b/vndk/tools/build_mixed index cac97f486..1c15d53fd 100755 --- a/vndk/tools/build_mixed +++ b/vndk/tools/build_mixed @@ -2,8 +2,16 @@ usage () { echo "Create a Mixed Build archive with the given GSI and device archives." echo - echo "Usage: $0 gsi_build_dir device_build_dir out_dir [check_tool]" + echo "Usage: $0 [-v ] [-m ] " + echo " gsi_build_dir device_build_dir out_dir [check_tool]" echo + echo "Options -v and -m must precede positional arguments." + echo + echo "vendor_version is the version of the vendor image when the mixed" + echo " build is inter branch. Optional." + echo " eg. 8.1.0 for a mixed build of GSI and O-MR1 vendor image." + echo "modify_system_image_path is the path to the script that modifies the" + echo " system image for an inter branch build target. Optional." echo "gsi_build_dir is the path to the GSI build" echo " eg. aosp_arm64_ab-userdebug." echo "device_build_dir is the path to the device build" @@ -13,12 +21,6 @@ usage () { echo " used to verify the compatibility of the given images. Optional." } -readonly GSI_DIR="$1" -readonly DEVICE_DIR="$2" -readonly DIST_DIR="$3" -readonly CHECK_TOOL="$4" -readonly TEMP_DIR=$(mktemp -d "/tmp/$(basename $0)_XXXXXXXX") - # Print error message and exit. # Usage: exit_badparam message # @@ -37,6 +39,43 @@ cleanup_and_exit () { trap cleanup_and_exit EXIT +while getopts :v:m: opt; do + case "$opt" in + v) + readonly VENDOR_VERSION="$OPTARG" + ;; + m) + readonly MODIFY_SYSTEM_SCRIPT="$OPTARG" + ;; + \?) + exit_badparam "Invalid options: -"$OPTARG"" + ;; + :) + exit_badparam "Option -"$OPTARG" requires an argument." + ;; + esac +done + +if [[ "$OPTIND" -gt 1 && "$OPTIND" -lt 5 ]]; then + exit_badparam "Options -v and -m must be set together." +fi + +shift "$((OPTIND-1))" + +if [[ ! -z "${MODIFY_SYSTEM_SCRIPT+x}" && ! -f "$MODIFY_SYSTEM_SCRIPT" ]]; then + exit_badparam "Script not found: "$MODIFY_SYSTEM_SCRIPT"" +fi + +if [[ $# -lt 3 ]]; then + exit_badparam "Unexpected number of arguments" +fi + +readonly GSI_DIR="$1" +readonly DEVICE_DIR="$2" +readonly DIST_DIR="$3" +readonly CHECK_TOOL="$4" +readonly TEMP_DIR="$(mktemp -d /tmp/"$(basename $0)"_XXXXXXXX)" + readonly GSI_TARGET_FILES_ARCHIVE="$(find "$GSI_DIR" -name "*-target_files-*.zip" -print)" if [[ ! -f "$GSI_TARGET_FILES_ARCHIVE" ]]; then exit_badparam "Could not find GSI target_files archive in $GSI_DIR." @@ -44,16 +83,12 @@ fi readonly DEVICE_ARCHIVE="$(find "$DEVICE_DIR" -name "*-img-*.zip" -print)" if [[ ! -f "$DEVICE_ARCHIVE" ]]; then - exit_badparam "Could not find GSI img archive in $DEVICE_DIR." + exit_badparam "Could not find device img archive in $DEVICE_DIR." fi readonly DEVICE_TARGET_FILES_ARCHIVE="$(find "$DEVICE_DIR" -name "*-target_files-*.zip" -print)" if [[ ! -f "$DEVICE_ARCHIVE" ]]; then - exit_badparam "Could not find GSI target_files archive in $DEVICE_DIR." -fi - -if [[ $# -lt 3 ]]; then - exit_badparam "Unexpected number of arguments" + exit_badparam "Could not find device target_files archive in $DEVICE_DIR." fi readonly DEVICE_ARTIFACTS_DIR="$TEMP_DIR"/device_archive_artifacts @@ -61,12 +96,15 @@ readonly DEVICE_IMAGES_DIR="$DEVICE_ARTIFACTS_DIR"/IMAGES readonly GSI_ARTIFACTS_DIR="$TEMP_DIR"/gsi_artifacts readonly GSI_IMAGES_DIR="$GSI_ARTIFACTS_DIR"/IMAGES +readonly SPL_PROPERTY_NAME="ro.build.version.security_patch" +readonly SYSTEM_BUILD_PROP="SYSTEM/build.prop" + ### # Uncompress the archives. mkdir -p "$GSI_ARTIFACTS_DIR" # Get the GSI images and meta data. unzip "$GSI_TARGET_FILES_ARCHIVE" \ - IMAGES/system.img IMAGES/vbmeta.img META/system_matrix.xml META/system_manifest.xml \ + IMAGES/system.img IMAGES/vbmeta.img META/system_matrix.xml META/system_manifest.xml "$SYSTEM_BUILD_PROP" \ -d "$GSI_ARTIFACTS_DIR" mkdir -p "$DEVICE_IMAGES_DIR" @@ -74,7 +112,7 @@ mkdir -p "$DEVICE_IMAGES_DIR" unzip "$DEVICE_ARCHIVE" -d "$DEVICE_IMAGES_DIR" # Get the device meta data. unzip "$DEVICE_TARGET_FILES_ARCHIVE" \ - META/vendor_matrix.xml META/vendor_manifest.xml \ + META/vendor_matrix.xml META/vendor_manifest.xml "$SYSTEM_BUILD_PROP" \ -d "$DEVICE_ARTIFACTS_DIR" ### @@ -88,6 +126,31 @@ if [[ -f "$CHECK_TOOL" ]]; then "$DEVICE_ARTIFACTS_DIR"/META/vendor_matrix.xml fi +### +# Modify system.img if vendor version is provided. +if [[ ! -z "${VENDOR_VERSION+x}" ]]; then + # Create copy of GSI target files package that can be modified + # since the original $GSI_TARGET_FILES_ARCHIVE is a symlink to + # prebuilt files in cache + cp "$GSI_TARGET_FILES_ARCHIVE" "$TEMP_DIR" + readonly COPY_GSI_TARGET_FILES_ARCHIVE="$TEMP_DIR"/"$(basename "$GSI_TARGET_FILES_ARCHIVE")" + + # Check compatibility of security patch level + readonly SYSTEM_SPL=$(sed -n -r "s/^"$SPL_PROPERTY_NAME"=(.*)$/\1/p" "$GSI_ARTIFACTS_DIR"/"$SYSTEM_BUILD_PROP") + readonly VENDOR_SPL=$(sed -n -r "s/^"$SPL_PROPERTY_NAME"=(.*)$/\1/p" "$DEVICE_ARTIFACTS_DIR"/"$SYSTEM_BUILD_PROP") + declare -a args + args=(-v "$VENDOR_VERSION" "$COPY_GSI_TARGET_FILES_ARCHIVE") + if [[ "$SYSTEM_SPL" != "$VENDOR_SPL" ]]; then + echo "Security patch level mismatch detected..." + echo " SPL of system: "$SYSTEM_SPL"" + echo " SPL of vendor: "$VENDOR_SPL"" + args+=("$VENDOR_SPL") + fi + "$MODIFY_SYSTEM_SCRIPT" "${args[@]}" + # Replace system.img with newly modified system.img + unzip -o "$COPY_GSI_TARGET_FILES_ARCHIVE" IMAGES/system.img -d "$GSI_ARTIFACTS_DIR" +fi + ### # Overwrite artifacts in the device archive to create the Mixed Build artifacts. cp "$GSI_IMAGES_DIR"/system.img "$DEVICE_IMAGES_DIR"/ diff --git a/vndk/tools/modify_system_img.sh b/vndk/tools/modify_system_img.sh new file mode 100755 index 000000000..9c21aab7d --- /dev/null +++ b/vndk/tools/modify_system_img.sh @@ -0,0 +1,174 @@ +#!/bin/bash -ex +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +usage () { + echo "Modifies the system image in a target_files.zip package so that it is" + echo " compatible with vendor images of older Android versions." + echo " This script is intended to be run on the Android build servers" + echo " for inter branch mixed build targets." + echo + echo "Usage: $0 [-v ]" + echo " []" + echo + echo "vendor_version is the version of the vendor image" + echo " e.g. 8.1.0 for Android version O-MR1" + echo "new_security_patch_level is the value to replace the SPL in the" + echo " original system.img" + echo "target_files_path is the path to the *-target_files-*.zip file" +} + +# Print error message and exit. +# Usage: exit_badparam message +# +# message is a string to be displayed before exit. +exit_badparam () { + echo "ERROR: $1" >&2 + usage + exit 1 +} + +cleanup_and_exit () { + readonly result="$?" + rm -rf "$TEMP_DIR" + exit "$result" +} + +trap cleanup_and_exit EXIT + +while getopts :v: opt; do + case "$opt" in + v) + readonly VENDOR_VERSION="$OPTARG" + ;; + \?) + exit_badparam "Invalid options: -"$OPTARG"" + ;; + :) + exit_badparam "Option -"$OPTARG" requires an argument." + ;; + esac +done +shift "$((OPTIND-1))" + +if [[ $# -lt 1 || $# -gt 2 ]]; then + exit_badparam "Unexpected number of arguments" +fi + +readonly SYSTEM_TARGET_FILES="$1" +readonly NEW_SPL="$2" + +if [[ ! -f "$SYSTEM_TARGET_FILES" ]]; then + exit_badparam "Could not find system target files package, "$SYSTEM_TARGET_FILES"" +fi + +# SPL must have YYYY-MM-DD format +if [[ $# -eq 2 ]] && [[ ! "$NEW_SPL" =~ ^[0-9]{4}-(0[0-9]|1[012])-([012][0-9]|3[01])$ ]]; then + exit_badparam " must have YYYY-MM-DD format" +fi + +if [[ -z "${ANDROID_BUILD_TOP+x}" ]]; then + build_top="" +else + build_top="$ANDROID_BUILD_TOP"/ +fi + +readonly add_img_to_target_files="$build_top"build/make/tools/releasetools/add_img_to_target_files.py + +# Check required script +if [[ ! -f "$add_img_to_target_files" ]]; then + echo "Error: Cannot find script,", "$add_img_to_target_files" + echo "Please run lunch or run from root of source tree." + exit 1 +fi + +readonly TEMP_DIR="$(mktemp -d /tmp/"$(basename $0)"_XXXXXXXX)" +readonly SPL_PROPERTY_NAME="ro.build.version.security_patch" +readonly RELEASE_VERSION_PROPERTY_NAME="ro.build.version.release" +readonly VNDK_VERSION_PROPERTY="ro.vndk.version" +readonly VNDK_VERSION_PROPERTY_OMR1="$VNDK_VERSION_PROPERTY"=27 + +readonly BUILD_PROP_PATH="SYSTEM/build.prop" +readonly PROP_DEFAULT_PATH="SYSTEM/etc/prop.default" + +# Unzip build.prop and prop.default from target_files.zip +unzip "$SYSTEM_TARGET_FILES" "$BUILD_PROP_PATH" "$PROP_DEFAULT_PATH" -d "$TEMP_DIR" + +readonly BUILD_PROP_FILE="$TEMP_DIR"/"$BUILD_PROP_PATH" +readonly PROP_DEFAULT_FILE="$TEMP_DIR"/"$PROP_DEFAULT_PATH" + +if [[ -f "$BUILD_PROP_FILE" ]]; then + readonly CURRENT_SPL=$(sed -n -r "s/^"$SPL_PROPERTY_NAME"=(.*)$/\1/p" "$BUILD_PROP_FILE") + readonly CURRENT_VERSION=$(sed -n -r "s/^"$RELEASE_VERSION_PROPERTY_NAME"=(.*)$/\1/p" "$BUILD_PROP_FILE") + echo "Reading build.prop..." + echo " Current security patch level: "$CURRENT_SPL"" + echo " Current release version: "$CURRENT_VERSION"" + + # Update SPL to + if [[ "$NEW_SPL" != "" ]]; then + if [[ "$CURRENT_SPL" == "" ]]; then + echo "ERROR: Cannot find "$SPL_PROPERTY_NAME" in "$BUILD_PROP_PATH"" + exit 1 + else + # Replace the property inplace + sed -i "s/^"$SPL_PROPERTY_NAME"=.*$/"$SPL_PROPERTY_NAME"="$NEW_SPL"/" "$BUILD_PROP_FILE" + echo "Replacing..." + echo " New security patch level: "$NEW_SPL"" + fi + fi + + # Update release version to + if [[ "$VENDOR_VERSION" != "" ]]; then + if [[ "$CURRENT_VERSION" == "" ]]; then + echo "ERROR: Cannot find "$RELEASE_VERSION_PROPERTY_NAME" in "$BUILD_PROP_PATH"" + exit 1 + else + # Replace the property inplace + sed -i "s/^"$RELEASE_VERSION_PROPERTY_NAME"=.*$/"$RELEASE_VERSION_PROPERTY_NAME"="$VENDOR_VERSION"/" "$BUILD_PROP_FILE" + echo "Replacing..." + echo " New release version for vendor.img: "$VENDOR_VERSION"" + fi + + if [[ "$VENDOR_VERSION" == "8.1.0" ]]; then + # add ro.vndk.version for O-MR1 + if [[ -f "$PROP_DEFAULT_FILE" ]]; then + readonly CURRENT_VNDK_VERSION=$(sed -n -r "s/^"$VNDK_VERSION_PROPERTY"=(.*)$/\1/p" "$PROP_DEFAULT_FILE") + if [[ "$CURRENT_VNDK_VERSION" != "" ]]; then + echo "WARNING: "$VNDK_VERSION_PROPERTY" is already set to "$CURRENT_VNDK_VERSION" in "$PROP_DEFAULT_PATH"" + echo "DID NOT overwrite "$VNDK_VERSION_PROPERTY"" + else + echo "Adding \""$VNDK_VERSION_PROPERTY_OMR1"\" to "$PROP_DEFAULT_PATH" for O-MR1 vendor image." + sed -i -e "\$a\#\n\# FOR O-MR1 DEVICES\n\#\n"$VNDK_VERSION_PROPERTY_OMR1"" "$PROP_DEFAULT_FILE" + fi + else + echo "ERROR: Cannot find "$PROP_DEFAULT_PATH" in "$SYSTEM_TARGET_FILES"" + fi + fi + fi +else + echo "ERROR: Cannot find "$BUILD_PROP_PATH" in "$SYSTEM_TARGET_FILES"" + exit 1 +fi + +# Re-zip build.prop and prop.default +( + cd "$TEMP_DIR" + zip -ur "$SYSTEM_TARGET_FILES" ./* +) + +# Rebuild system.img +zip -d "$SYSTEM_TARGET_FILES" IMAGES/system\* +"$add_img_to_target_files" -a "$SYSTEM_TARGET_FILES" + +echo "Done."