From 5a8b10690354027b83b382b3ba6e856bbd9fc011 Mon Sep 17 00:00:00 2001 From: Diogo Ferreira Date: Wed, 9 Nov 2016 17:55:31 +0000 Subject: releasetools: Rebuild recovery when signing target images When signing a build, the recovery can be built twice, once when signing and again when adding the image to target files. This is usally not a problem for deterministic signatures but a custom signing method might include a time-based component which affects checksums of the generated images. This means that the recovery patches (i.e. install-recovery) will fail to checksum. This patch makes adding images to target files, when invoked from sign_target_files_apks, always rebuild the recovery patch with the newly generated images so that the checksums are consistent irrespective of potential time components. Change-Id: I575c69dc96a6d4d69b3ea9d037f5f13c97afa87e --- tools/releasetools/add_img_to_target_files.py | 14 ++++++++------ tools/releasetools/sign_target_files_apks.py | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'tools') diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py index b699135..51d64b8 100755 --- a/tools/releasetools/add_img_to_target_files.py +++ b/tools/releasetools/add_img_to_target_files.py @@ -47,7 +47,8 @@ OPTIONS.replace_verity_public_key = False OPTIONS.replace_verity_private_key = False OPTIONS.verity_signer_path = None -def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None): +def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None, + rebuild_recovery=OPTIONS.rebuild_recovery): """Turn the contents of SYSTEM into a system image and store it in output_zip.""" @@ -61,7 +62,7 @@ def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None): ofile.write(data) ofile.close() - if OPTIONS.rebuild_recovery: + if rebuild_recovery: print("Building new recovery patch") common.MakeRecoveryPatch(OPTIONS.input_tmp, output_sink, recovery_img, boot_img, info_dict=OPTIONS.info_dict) @@ -322,7 +323,7 @@ def AddCache(output_zip, prefix="IMAGES/"): os.rmdir(temp_dir) -def AddImagesToTargetFiles(filename): +def AddImagesToTargetFiles(filename, rebuild_recovery=OPTIONS.rebuild_recovery): OPTIONS.input_tmp, input_zip = common.UnzipTemp(filename) if not OPTIONS.add_missing: @@ -360,7 +361,7 @@ def AddImagesToTargetFiles(filename): boot_image = None if os.path.exists(prebuilt_path): print("boot.img already exists in IMAGES/, no need to rebuild...") - if OPTIONS.rebuild_recovery: + if rebuild_recovery: boot_image = common.GetBootableImage( "IMAGES/boot.img", "boot.img", OPTIONS.input_tmp, "BOOT") else: @@ -374,7 +375,7 @@ def AddImagesToTargetFiles(filename): prebuilt_path = os.path.join(OPTIONS.input_tmp, "IMAGES", "recovery.img") if os.path.exists(prebuilt_path): print("recovery.img already exists in IMAGES/, no need to rebuild...") - if OPTIONS.rebuild_recovery: + if rebuild_recovery: recovery_image = common.GetBootableImage( "IMAGES/recovery.img", "recovery.img", OPTIONS.input_tmp, "RECOVERY") else: @@ -384,7 +385,8 @@ def AddImagesToTargetFiles(filename): recovery_image.AddToZip(output_zip) banner("system") - AddSystem(output_zip, recovery_img=recovery_image, boot_img=boot_image) + AddSystem(output_zip, recovery_img=recovery_image, boot_img=boot_image, + rebuild_recovery = rebuild_recovery) if has_vendor: banner("vendor") AddVendor(output_zip) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index abdb845..54460e6 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -518,7 +518,7 @@ def main(argv): common.ZipClose(input_zip) common.ZipClose(output_zip) - add_img_to_target_files.AddImagesToTargetFiles(args[1]) + add_img_to_target_files.AddImagesToTargetFiles(args[1], rebuild_recovery=True) print("done.") -- cgit v1.1