Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 21122f90 authored by Colin Cross's avatar Colin Cross
Browse files

Use soong_zip for otatools.zip and otacerts.zip 

soong_zip produces more reproducible zip files that are not
affected by umask values or timestamps.

This partially reapplies I2eca2f7618e06c0b5893ff54c79261921fe051d6.

Bug: 69500920
Test: m checkbuild
Test: contents of zips is unchanged
Change-Id: Idf6fbc94e257dc34af4f5b115d740b7cb9bac015
parent aa164550

core/Makefile

+10 −10
Original line number Diff line number Diff line
@@ -685,7 +685,7 @@ $(call dist-for-goals,droidcore,$(PGO_PROFILE_MISSING)) 
# for future OTA packages installed by this system.  Actual product

# deliverables will be re-signed by hand.  We expect this file to

# exist with the suffixes ".x509.pem" and ".pk8".

DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)

DEFAULT_KEY_CERT_PAIR := $(strip $(DEFAULT_SYSTEM_DEV_CERTIFICATE))





# Rules that need to be present for the all targets, even
@@ -1140,12 +1140,12 @@ $(winpthreads_notice_file): \ 
# This rule adds to ALL_DEFAULT_INSTALLED_MODULES, so it needs to come

# before the rules that use that variable to build the image.

ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/security/otacerts.zip

$(TARGET_OUT_ETC)/security/otacerts.zip: KEY_CERT_PAIR := $(DEFAULT_KEY_CERT_PAIR)

$(TARGET_OUT_ETC)/security/otacerts.zip: $(addsuffix .x509.pem,$(DEFAULT_KEY_CERT_PAIR)) | $(ZIPTIME)

$(TARGET_OUT_ETC)/security/otacerts.zip: PRIVATE_CERT := $(DEFAULT_KEY_CERT_PAIR).x509.pem

$(TARGET_OUT_ETC)/security/otacerts.zip: $(SOONG_ZIP)

$(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_KEY_CERT_PAIR).x509.pem

	$(hide) rm -f $@

	$(hide) mkdir -p $(dir $@)

	$(hide) zip -qjX $@ $<

	$(remove-timestamps-from-package)

	$(hide) $(SOONG_ZIP) -o $@ -C $(dir $(PRIVATE_CERT)) -f $(PRIVATE_CERT)



# Carry the public key for update_engine if it's a non-IoT target that

# uses the AB updater. We use the same key as otacerts but in RSA public key
@@ -1153,7 +1153,7 @@ $(TARGET_OUT_ETC)/security/otacerts.zip: $(addsuffix .x509.pem,$(DEFAULT_KEY_CER 
ifeq ($(AB_OTA_UPDATER),true)

ifneq ($(PRODUCT_IOT),true)

ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem

$(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(addsuffix .x509.pem,$(DEFAULT_KEY_CERT_PAIR))

$(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(DEFAULT_KEY_CERT_PAIR).x509.pem

	$(hide) rm -f $@

	$(hide) mkdir -p $(dir $@)

	$(hide) openssl x509 -pubkey -noout -in $< > $@
@@ -3141,15 +3141,15 @@ OTATOOLS_DEPS += \ 
  $(sort $(shell find external/vboot_reference/tests/devkeys -type f))

endif



$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) $(OTATOOLS_DEPS) $(OTATOOLS_RELEASETOOLS) | $(ACP)

$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) $(OTATOOLS_DEPS) $(OTATOOLS_RELEASETOOLS) $(SOONG_ZIP)

	@echo "Package OTA tools: $@"

	$(hide) rm -rf $@ $(zip_root)

	$(hide) mkdir -p $(dir $@) $(zip_root)/bin $(zip_root)/framework $(zip_root)/releasetools

	$(call copy-files-with-structure,$(OTATOOLS),$(HOST_OUT)/,$(zip_root))

	$(hide) $(ACP) -r -d -p build/make/tools/releasetools/* $(zip_root)/releasetools

	$(hide) cp -r -d -p build/make/tools/releasetools/* $(zip_root)/releasetools

	$(hide) rm -rf $@ $(zip_root)/releasetools/*.pyc

	$(hide) (cd $(zip_root) && zip -qryX $(abspath $@) *)

	$(hide) echo $(OTATOOLS_DEPS) | xargs zip -qryX $(abspath $@)>/dev/null || true

	$(hide) $(SOONG_ZIP) -o $@ -C $(zip_root) -D $(zip_root) \

	  -C . $(addprefix -f ,$(OTATOOLS_DEPS))



.PHONY: otatools-package

otatools-package: $(BUILT_OTATOOLS_PACKAGE)