Our updater created the stashes with root permission. This causes an
access denial when the RecoverySystem service tries to clean up these
blocks after a failing update. As a result, the subsequent OTA updates
may fail due to insufficient cache space.
Bug: 36457133
Test: stashed blocks cleaned successfully after reboot
Change-Id: If0ca99638cdfa1033646f29d9cc92b5ff1bacac1
Since this was putting the intermediate file in obj/PACKAGING, every
installclean was removing it and triggering updater to rebuild. Instead,
use the standard generated-sources-dir. The dep file can also be removed
now that ninja will re-run the generator if the command line changes.
Test: m -j updater; m installclean; m -j updater
Test: Only change to aosp_fugu updater before/after is the debug info
Change-Id: I20928bd2049d4a3d4e21f83fd64d16cfdc541958
We should not touch any data while verifying packages (or parsing the
in-memory ASN.1 structures).
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Test: recovery_unit_test passes.
Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
A follow-up to commit 5e535014dd.
Also clean up Android.mk, since libverifier no longer needs anything
from libminui.
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
For the use of std::function and std::bind. They were relying on the
transitive inclusion from <minui/minui.h>.
Test: mmma bootable/recovery
Change-Id: Ia138e1cbdd035b11d6cdca9e16c5591303b6ee13
This reverts commit 90eff6a340.
Also fix the bug where stashed blocks are not freed.
Bug: 21124445
Test: Previous failed update succeeded on bullhead
Change-Id: I23d232331a2beb51b6dcc82c957c87bc247d0268
Also remove the utils in applypatch and replace them with the
corresponding libbase functions.
Test: recovery tests pass.
Change-Id: I77254c141bd3e7d3d6894c23b60e866009516f81
Test: Apply an incremental BBOTA package with the new updater.
Test: Resume an interrupted BBOTA (so it cleans up the partial stash).
Change-Id: I620cc57ee6366845bcffbc19210f7a01e2196052
This reverts commit bb0cd75a0e.
Broke the 'free' command that deletes a stash.
Bug: 36242722
Test: The previously failed incremental applies successfully.
Change-Id: I1237cb0a33adfbeea57e0465b629704862ba13aa
It will be helpful for debug if we know which blocks are corrupted after
a verification failure. This CL prints the SHA-1 for each source block
in a transfer command if these blocks don't have an expected hash. And
along with the correct SHA-1, we will catch the corrupted blocks.
Bug: 21124445
Test: Printed the mismatched SHA-1 for bullhead during an update.
Change-Id: I683d4bdaf9a335035045b3f532b3a265b2fcbbfc
This CL removes the updater support for delete(), symlink(), rename(),
set_metadata() and set_metadata_recursive(). Such functions have been
removed from the generation script in commit
f388104eaacd05cfa075d6478369e1d0df5ddbf3 (platform/build).
Note: This CL also removes delete_recursive() which seems to have never
been supported in generation script.
Bug: 35853185
Test: recovery_component_test passes.
Change-Id: I51e1ec946fa73761118fa1eaa082423df6d588e9
For devices that are not using dm-verity, update_verifier can't verify
anything, but to mark the successfully booted flag unconditionally.
Test: Successfully-booted flag is set on devices w/o dm-verity.
Test: Successfully-booted flag is set after verification on devices w/
dm-verity.
Change-Id: I79ab2caec2d4284aad0d66dd161adabebde175b6