| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
receive_new_data may exit too early if the zip processor has sent all
the raw data. As a result, the last few 'new' commands will fail even
though the brotli decoder has more output in its buffer.
Restruct the code so that 'NewThreadInfo' owns the decoder state solely;
and receive_brotli_new_data is responsible for the decompression.
Also reduce the test data size to 100 blocks to avoid the test timeout.
Bug: 63802629
Test: recovery_component_test. on bullhead, apply full updates with and
w/o brotli compressed entries, apply an incremental update.
Change-Id: I9442f2536b74e48dbf7eeb062a8539c82c6dab47
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new writer that can decode the brotli-compressed system/vendor
new data stored in the OTA zip.
Brotli generally gives better compression rate at the cost of slightly
increased time consumption. The patch.dat is already compressed
by BZ; so there's no point to further compress it.
For the given 1.9G bullhead system image:
Size: 875M -> 787M; ~10% reduction of package size.
Time: 147s -> 153s; ~4% increase of the block_image_update execution time.
(I guess I/O takes much longer time than decompression.)
Also it takes 4 minutes to compress the system image on my local
machine, 3 more minutes than zip.
Test: recovery tests pass && apply a full OTA with brotli compressed
system/vendor.new.dat on bullhead
Change-Id: I232335ebf662a9c55579ca073ad45265700a621e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have seen one case when bspatch failed likely due to patch
corruption. Since the package has passed verification before, we want
to reboot and retry the patch command again since there's no
alternative for users.
We won't delete the stash before reboot, and the src has passed SHA1
check. If there's an error on the patch, it will fail the package
verification during retry.
Bug: 37855643
Test: angler reboots and retries the update when bspatch fails.
Change-Id: I2ebac9621bd1f0649bb301b9a28a0dd079ed4e1d
|
|
|
|
|
|
|
|
|
|
| |
Right now the update stuck in a deadlock if there's less new data than
expection. Add some checkers and abort the update if such case happens.
Also add a corresponding test.
Bug: 36787146
Test: update aborts correctly on bullhead && recovery_component_test passes
Change-Id: I914e4a2a4cf157b99ef2fc65bd21c6981e38ca47
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL makes the following changes to RangeSet:
- Uses std::pair<size_t, size_t> to represent a Range;
- Uses std::vector<Range> to represent a RangeSet;
- Provides const iterators (forward and reverse);
- Provides const accessor;
- 'blocks()' returns the number of blocks (formerly 'size');
- 'size()' returns the number of Range's (formerly 'count').
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ia1fbb343370a152e1f7aa050cf914c2da09b1396
|
|
|
|
|
|
|
|
| |
We don't need to take raw pointers out of the parsed arguments.
std::unique_ptr handles the dereferencing automatically.
Test: mmma bootable/recovery
Change-Id: I1beabf6e04dc350bdad7b36cee5fb345c82b28f2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also move RangeSet into a header file to make it testable, and add unit
tests.
In RangeSet::Parse() (the former parse_range()), use libbase logging to
do assertions. This has the same effect as the previous
exit(EXIT_FAILURE) to terminate the updater process and abort an update.
The difference lies in the exit status code (i.e. WEXITSTATUS(status) in
install.cpp), which changes from 1 (i.e. EXIT_FAILURE) to 0.
Test: recovery_unit_test
Test: Apply an incremental update with the new updater.
Change-Id: Ie8393c78b0d8ae0fd5f0ca0646d871308d71fff0
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Then rename RangeSinkState to RangeSinkWriter. RangeSinkWriter reads
data from the given FD, and writes them to the desination RangeSet.
Test: Apply an incremental with the new updater.
Change-Id: I5e3ab6fc082efa1726562c55b56e2d418fe4acaf
|
|/
|
|
|
|
|
|
| |
LOG(INFO) already appends a newline. Don't print redundant newline.
Test: No extra blank lines when calling ui_print(). And on-screen UI
shows the same.
Change-Id: I74e9a8504a7146a6cb3dae02fe2406d0dd54069b
|
|
|
|
|
|
| |
Test: mmma bootable/recovery system/update_engine
Test: recovery_component_test
Change-Id: I93c2caa87bf94a53509bb37f98f2c02bcadb6f5c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mostly for applypatch family APIs like ApplyBSDiffPatch() and
ApplyImagePatch(). Changing to size_t doesn't indicate they would
necessarily work with very large size_t (e.g. > ssize_t), just
similar to write(2). But otherwise accepting negative length doesn't
make much sense.
Also change the return type of SinkFn from ssize_t to size_t. Callers
tell a successful sink by comparing the number of written bytes against
the desired value. Negative return values like -1 are not needed. This
also makes it consistent with bsdiff::bspatch interface.
Test: recovery_component_test
Test: Apply an incremental with the new updater.
Change-Id: I7ff1615203a5c9854134f75d019e266f4ea6e714
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename to LoadSourceBlocks() by moving the target blocks parsing part
into the caller. This allows detecting whether the target blocks have
already had the expected data before loading the source blocks. It
doesn't affect anything when applying an update package for the first
time, but it skips loading the unneeded source blocks when resuming an
update. It additionally avoids unnecessarily dumping the "corrupt"
source/stash blocks when resuming an update.
Bug: 33694730
Test: Apply an incremental update with the new updater.
Test: Resume an incremental update with the new updater.
Change-Id: I794fd0d1045be7b3b7f8619285dc0dade01398d0
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clean up a few functions that take CommandParameters& as the first
parameter. We don't need to take duplicate arguments if they always come
from CommandParameters. This redundancy came from the point we replaced
strtok()s (commit baad2d454dc07ce916442987a2908a93fe6ae298).
Test: Apply an incremental update with the new updater.
Change-Id: I2912b8ce6bc7580bf7f566e125f12270e679e155
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The script support for BBOTA v1 and v2 has been dropped in commit
8fad03e7712082eb880ffaaffb69eb13252ce220 (platform/build).
Bug: 33694730
Test: Apply an incremental with the new updater.
Test: recovery_component_test
Change-Id: I038b1bf8d10f030cab8ec0aa6ee565c5a9545dfd
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
In c++ code would be cleaner to use
c++ retinterpret cast instead of old
c-style notation
Change-Id: Ibeef5e0c374addf108c0a8876a6be45063d8e396
|
|/
|
|
|
|
|
|
| |
As of C++ specification size_type erase( const key_type& key );
removes the element (if one exists). There is no need to perform
the check twice.
Change-Id: I4b057c08526abc7c2a483a60f9e166e4d8f56a74
|
|
|
|
|
|
|
|
| |
And switch them to std::vector & std::unique_ptr
Bug: 32117870
Test: recovery tests passed on sailfish
Change-Id: I5a45951c4bdf895be311d6d760e52e7a1b0798c3
|
|
|
|
|
|
|
|
|
|
|
| |
Our updater created the stashes with root permission. This causes an
access denial when the RecoverySystem service tries to clean up these
blocks after a failing update. As a result, the subsequent OTA updates
may fail due to insufficient cache space.
Bug: 36457133
Test: stashed blocks cleaned successfully after reboot
Change-Id: If0ca99638cdfa1033646f29d9cc92b5ff1bacac1
|
|
|
|
|
|
|
|
|
| |
This reverts commit 90eff6a340f9983792d700df3b1ea0203aced207.
Also fix the bug where stashed blocks are not freed.
Bug: 21124445
Test: Previous failed update succeeded on bullhead
Change-Id: I23d232331a2beb51b6dcc82c957c87bc247d0268
|
|
|
|
|
|
| |
Test: Apply an incremental BBOTA package with the new updater.
Test: Resume an interrupted BBOTA (so it cleans up the partial stash).
Change-Id: I620cc57ee6366845bcffbc19210f7a01e2196052
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bb0cd75a0e1f6760bdf96bd141f3a546ffa45fbc.
Broke the 'free' command that deletes a stash.
Bug: 36242722
Test: The previously failed incremental applies successfully.
Change-Id: I1237cb0a33adfbeea57e0465b629704862ba13aa
|
|
|
|
|
|
|
|
|
|
|
| |
It will be helpful for debug if we know which blocks are corrupted after
a verification failure. This CL prints the SHA-1 for each source block
in a transfer command if these blocks don't have an expected hash. And
along with the correct SHA-1, we will catch the corrupted blocks.
Bug: 21124445
Test: Printed the mismatched SHA-1 for bullhead during an update.
Change-Id: I683d4bdaf9a335035045b3f532b3a265b2fcbbfc
|
|
|
|
|
|
|
|
|
| |
-1 is not a valid exit status.
Also replace a few exit(1) with exit(EXIT_FAILURE).
Test: mmma bootable/recovery
Change-Id: I4596c8328b770bf95acccc06a4401bd5cabd4bfd
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
Change the stash size computation from int to size_t.
Test: Apply an incremental BBOTA with the new updater.
Change-Id: Ib45b71b826fec6aa0ffafc67c17735825634eae0
|
|/
|
|
|
|
|
|
| |
Returning the parsed RangeSet directly (as opposed to using some pointer
parameter) to make the code cleaner.
Test: Apply an incremental with the new updater.
Change-Id: I8c99e701f189eb6a3eacc0d647e5a3a85fbeb3eb
|
|
|
|
|
|
|
|
|
|
| |
Shift operator ("<<") has a higher precedence level than ternary
operator ("?").
Test: BBOTA update log says "performing update" as opposed to
"performing 0".
Change-Id: I0cf60cbfc11415e94f1f9f6effe75f14d13a1874
|
|
|
|
|
| |
Test: Build an updater into a package and apply it on device.
Change-Id: I289b5768e9b1e44ef78e0479c64dbaa36fb1a685
|
|
|
|
|
|
|
|
| |
ReadArgs will switch to using std::string and std::unique_ptr. Also
cleanup the callers.
Test: mma & component test passed.
Change-Id: I4724406ae6c0c134a27bbd1cdd24ad5d343b2a3b
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|
|
|
|
|
|
|
|
|
|
|
| |
Changing the field of 'Value' in edify to std::string from char*.
Meanwhile cleaning up the users of 'Value' and switching them to
cpp style.
Test: compontent tests passed.
Bug: 31713288
Change-Id: Iec5a7d601b1e4ca40935bf1c70d325dafecec235
|
|
|
|
|
|
|
|
|
| |
So that we can write native tests for updater functions. This CL adds a
testcase for getprop() function.
Test: mmma bootable/recovery; Run recovery_component_test on device.
Change-Id: Iff4c1ff63c5c71aded2f9686fed6b71cc298c228
|
|
|
|
|
|
|
|
|
|
| |
We might end up in an infinite loop if read(2) reached EOF unexpectedly.
The problematic code in uncrypt mentioned in the bug has been fixed
by switching to libbase ReadFully(). So I grepped through the recovery
code and fixed some other occurences of the issue.
Bug: 31073201
Change-Id: Ib867029158ba23363b8f85d61c25058a635c5a6b
|
|\
| |
| |
| |
| |
| | |
am: 31f8cc84cf
Change-Id: I2ea241fb3e688f5f8b0558d638dd3ed502223f97
|
| |
| |
| |
| |
| |
| |
| |
| | |
Check the results from applypatch in PerformCommandDiff; and abort the
update on failure.
Bug:29339536
Change-Id: I5087d79ba532b54250f4c17560524255c8a4fabc
|
|\|
| |
| |
| | |
Change-Id: I2194d1170281f58eb508f2ef63b39c8729125f76
|
| |
| |
| |
| |
| |
| |
| |
| | |
If the update is a retry, ioctl(BLKDISCARD) the destination blocks before
writing to these blocks.
Bug: 28990135
Change-Id: I1e703808e68ebb1292cd66afd76be8fd6946ee59
|
|\|
| |
| |
| | |
Change-Id: I42c127f7946e678acf6596f6352f090abc0ca019
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
|
|\|
| |
| |
| |
| |
| |
| |
| |
| | |
am: dd874b1c87
* commit 'dd874b1c87eb04f28db0db2629df0adde568a74c':
Add time and I/O info to last_install
Change-Id: I02aa858d5ce488d3acbf5400811e2565cf7d9c75
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One example of last_install is:
/sideload/package.zip
1
time_total: 101
bytes_written_system: 14574000
bytes_stashed_system: 100
bytes_written_vendor: 5107400
bytes_stashed_vendor: 0
Bug: 28658632
Change-Id: I4bf79ea71a609068d38fbce6b41bcb892524aa7a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.
Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
|
| |
| |
| |
| |
| | |
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
|
| |\
| | |
| | |
| | | |
Change-Id: I1d5232f61744bb18ca5de3a16a340bc3afd110bb
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.
Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Output messages in log when recovery is attempted or succeeded during
incremental OTA update.
Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 28341362
Change-Id: I5b35ae16c069e7e9229e66963386f322bd808af1
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[1] switched a few things to android::base::unique_fd including
CommandParameters.fd. However, we were using memset(3) to zero out the
struct, which effectively assigned unique_fd(0) to fd. When it called
fd.reset(), file descriptor 0 was unintentionally closed. When FD 0 was
later reassigned via open(2), it led to lseek(2) errors: "Bad file
descriptor".
This CL switches to using braced-init (i.e. '= {}') instead, so that the
default constructor unique_fd(-1) would be called.
[1]: commit bcabd0929316fdd022ea102cc86396547ad9f070
Bug: 28391985
Change-Id: If1f99932b15552714c399e65c8b80550344b758a
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I13ba3f40bd52b5f3e3fe9002a45a9a8630040129
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently block_image_verify() stashes source blocks to /cache and
in some case triggers I/O errors. To avoid this risk, We create
a map from the hash value to the source blocks' range_set. When
executing stash command in verify mode, source range is saved but block
contents aren't stashed. And load_stash could get its value from
either the stashed file from the previous update, or the contents on
the source partition specified by the saved range.
Bug: 27584487
Bug: 25633753
Change-Id: I775baf4bee55762b6e7b204f8294afc597afd996
(cherry picked from commit 0188935d55206e8c2becb29e995f166cb7040355)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 26570379
Change-Id: I76109d09276d6e3ed3a32b6fedafb2582f545c0c
(cherry picked from commit d940887dde23597dc358b16d96ca48dd7480fee6)
|
| |_|/
|/| |
| | |
| | |
| | |
| | | |
Bug: 25951086
Change-Id: I31c74c735eb7a975b7f41fe2b2eff042e5699c0c
(cherry-picked from commit f1fc48c6e62cfee42d25ad12f443e22d50c15d0b)
|
| | |
| | |
| | |
| | |
| | | |
Bug: 18790686
Change-Id: I7d2136fb39b2266f5ae5be24819c617b08a6c21e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add and register a function to check if the device has been remounted
since last update during incremental OTA. This function reads block 0
and executes before partition recovery for version >= 4.
Bug: 21124327
Change-Id: I8b915b9f1d4736b3609daa9d16bd123225be357f
(cherry picked from commit 30bf4765593e639966df9f460df22c3fe912e7bf)
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Output messages in log when recovery is attempted or succeeded during
incremental OTA update.
Change-Id: I4033df7ae3aaecbc61921d5337eda26f79164fda
(cherry picked from commit b686ba211443490111729ba9d82eb0c0b305e185)
|
|/
|
|
| |
Change-Id: I36346fa199a3261da1ae1bc310b3557fe1716d96
|
|
|
|
| |
Change-Id: I354a8c424d340a9abe21fd716a4ee0d3b177d86f
|
|
|
|
|
|
|
|
|
| |
To accommodate new changes in N release, such as error correction [1]
and other potential changes to the updater.
[1]: commit 0a7b47397db3648afe6f3aeb2abb175934c2cbca
Change-Id: I4dd44417d07dd0a31729894628635a0aa1659008
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add block_image_recover function to rewrite corrupted blocks on the
partition. This can be attempted if block_image_verify fails.
Note that we cannot use libfec during block_image_update as it may
overwrite blocks required for error correction. A separate recovery
pass in case the image is corrupted is the only viable option.
Bug: 21893453
Change-Id: I6ff25648fff68d5f50b41a601c95c509d1cc5bce
|
|
|
|
|
|
|
|
|
| |
We have the last line being empty as a result of
android::base::Split("a\nb\n"), which leads to "missing command"
warnings in the update. Just skip all the empty lines.
Bug: 24373789
Change-Id: I5827e4600bd5cf0418d95477e4592fec47bbd3a9
|
|
|
|
| |
Change-Id: Ic769eafc8d9535b1d517d3dcbd398c3fd65cddd9
|
|
|
|
| |
Change-Id: Ide489e18dd8daf161b612f65b28921b61cdd8d8d
|
|
|
|
|
|
| |
And inline the call to LoadSrcTgtVersion1() into SaveStash().
Change-Id: Ibf4ef2bfa2cc62df59c4e8de99fd7d8039e71ecf
|
|
|
|
|
|
|
| |
Replace C-string with std::string, pointers with references, and
variable-size arrays in struct with std::vector.
Change-Id: I57f361a0e58286cbcd113e9be225981da56721b2
|
|
|
|
| |
Change-Id: I6a8d9bea4c1cd8ea7b534682061b90e893b227a2
|
|
|
|
|
|
|
| |
There is an integer overflow when the size of system goes beyond the
signed int limits. Hence changing pos to size_t.
Change-Id: I6e5e1b2f0e72030b30a6df09a01642f4c82abc79
|
|
|
|
|
|
|
| |
So we can remove a few free()s. And also replace a few pointers with
references.
Change-Id: I4b6332216704f4f9ea4a044b8d4bb7aa42a7ef26
|
|
|
|
|
|
|
| |
We need to ensure the renamed filename reaches the underlying storage.
Bug: 22840552
Change-Id: Ide2e753a2038691d472b6ee173cbf68ac998a084
|
|
|
|
|
|
|
|
|
|
| |
Currently the fsync() inside write_all() may be called multiple times
when performing a command. Move that to the outer loop and call it
only after completing the command.
Also remove the O_SYNC flag when writing a stash.
Change-Id: I71e51d76051a2f7f504eef1aa585d2cb7a000d80
|
|
Mostly trivial changes to make cpp compiler happy.
Change-Id: I69bd1d96fcccf506007f6144faf37e11cfba1270
|