clean up and refine README

9 years ago · d7ce4d65aa
parent ea493a7d6d
commit d7ce4d65aa
7 changed files with 38 additions and 277 deletions
--- a/README.md
+++ b/README.md
@ -1,15 +1,46 @@
 # Nexus_boot_image_editor
-edit boot.img for Nexus Devices
-
 [![Build Status](https://travis-ci.org/cfig/Nexus_boot_image_editor.svg?branch=master)](https://travis-ci.org/cfig/Nexus_boot_image_editor)

+Utilies for editing Nexus(or Nexus compatible) devices boot.img , then you don't need full Android source code to edit your boot images.
+
+## Prerequisite
+#### Host OS requirement:
+
+The unpacking task only works on Linux, the packing task can work on Linux & OSX.
+So the recommended OS is Linux.
+
+#### Target Android requirement:
+
+(1) Targeted boot.img MUST follows AOSP [verified boot flow](https://source.android.com/security/verifiedboot/index.html), which means it packs linux kernel and rootfs together, then sign it with OEM/USER keys.
+
+(2) These utilities are known to work for Nexus (or Nexus compatible) boot.img for the following Android releases:
+
+ - Marshmallow (API Level 23)
+ - Lollipop (API Level 21,22)
+
+You can get a full [Android version list](https://source.android.com/source/build-numbers.html) here.
+
+## Usage
+First put your boot.img at **$(CURDIR)/boot.img**, then start gradle 'unpack' task:
+
+    cp <original_boot_image> boot.img
+    ./gradew unpack
+
+Your get the flattened kernel and /root filesystem under **$(CURDIR)/build/unzip\_boot**:
+
+    build/unzip_boot/
+    ├── bootimg.cfg
+    ├── kernel
+    └── root

-## [usage]
-TBD
+Then you can edit the actual file contents, like rootfs or kernel.
+Now, pack the boot.img again

+    ./gradew pack

-## test
-filename: src/test/resources/boot.img
+You get the repacked boot.img at $(CURDIR):

-extracted from Nexus 5x(code: bullhead) factory images from [Google](https://dl.google.com/dl/android/aosp/bullhead-mda89e-factory-29247942.tgz)
+    boot.img.signed

+## example & test
+An example boot.img has been placed at **src/test/resources/boot.img**, which is extracted from Nexus 5x(code: bullhead) factory images from [Google](https://dl.google.com/dl/android/aosp/bullhead-mda89e-factory-29247942.tgz), you can take it as a quick start.
--- a/boot.mk
+++ b/boot.mk
@ -1,93 +0,0 @@
-.DEFAULT_GOAL := flat
-
-SHELL := /bin/bash
-WORK_DIR := unzip_boot
-
-help:
-	@echo "flat        : boot.subimg -> unzip_boot/*"
-	@echo "boot.img    : unsigned boot image"
-	@echo "boot.subimg : signed boot image"
-	@echo "addon       : (recovery only) add additional tools"
-
-.PHONY: flat
-flat:
-	rm -fr $(WORK_DIR)
-	mkdir -p $(WORK_DIR)/root
-	abootimg -x boot.subimg $(WORK_DIR)/bootimg.cfg $(this_kernel) $(this_ramdisk).gz
-	gzip -c -d $(this_ramdisk).gz > $(this_ramdisk)
-	rm $(this_ramdisk).gz
-	cd $(WORK_DIR)/root && \
-		cpio -i -F ../ramdisk.img
-	@rm $(WORK_DIR)/ramdisk.img
-	@echo && echo "===================================" && file $(WORK_DIR)/* && echo "==================================="
-kernel_cmdline := "$(shell grep -Po '(?<=cmdline = ).*' $(WORK_DIR)/bootimg.cfg)"
-this_root := $(WORK_DIR)/root
-this_kernel := $(WORK_DIR)/kernel
-this_ramdisk := $(WORK_DIR)/ramdisk.img
-ifeq '$(TARGET_PRODUCT)' ''
-$(warning NON-android)
-this_verity_key := tools/security/verity
-else
-$(warning android)
-this_verity_key := build/target/product/security/verity
-endif
-
-.INTERMEDIATE: $(this_ramdisk).gz boot.img
-$(this_ramdisk).gz: $(this_root)
-	mkbootfs $< | gzip > $@
-boot.img: $(this_ramdisk).gz $(this_kernel)
-	mkbootimg \
-		--kernel $(this_kernel) \
-		--ramdisk $(this_ramdisk).gz \
-		--cmdline "$(shell echo $(kernel_cmdline))" \
-		--base 0x01000000 \
-		--output $@
-boot.subimg: boot.img
-	$(call signer,/boot,$<,$@)
-
-define signer
-	boot_signer $(1) $(2) $(this_verity_key).pk8 $(this_verity_key).x509.pem $(3)
-endef
-
-mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
-real_mkfile_path := $(shell readlink $(mkfile_path))
-
-libs := libc.so libcrypto.so libcutils.so libm.so libselinux.so libstdc++.so libpcre.so liblog.so libnetutils.so libsysutils.so libutils.so libbacktrace.so libstlport.so libgccdemangle.so libunwind.so libunwind-ptrace.so
-bins := toolbox sh linker netcfg logd logcat
-addon: | unzip_boot/root/system/bin
-addon: | unzip_boot/root/system/lib
-addon: INITRC := unzip_boot/root/init.recovery.marvellberlin.rc
-addon:
-	#initrc
-	echo "service console /system/bin/sh" > $(INITRC)
-	echo "    console" >> $(INITRC)
-	echo "    user root" >> $(INITRC)
-	echo "    group root" >> $(INITRC)
-	echo >> $(INITRC)
-	echo "service logd /system/bin/logd" >> $(INITRC)
-	echo "    socket logd stream 0666 logd logd" >> $(INITRC)
-	echo "    socket logdr seqpacket 0666 logd logd" >> $(INITRC)
-	echo "    socket logdw dgram 0222 logd logd" >> $(INITRC)
-	echo "    seclabel u:r:logd:s0" >> $(INITRC)
-	#recovery
-	#cp out/target/product/$(TARGET_PRODUCT)/system/bin/recovery unzip_boot/root/sbin/
-	#@cp -v out/target/product/$(TARGET_PRODUCT)/obj/EXECUTABLES/recovery_intermediates/recovery unzip_boot/root/sbin/
-	#bin
-	@$(foreach item,$(bins), \
-	  cp -v out/target/product/$(TARGET_PRODUCT)/system/bin/$(item)   unzip_boot/root/system/bin/; $(newline))
-	#lib
-	@$(foreach item,$(libs), \
-	  cp -v out/target/product/$(TARGET_PRODUCT)/system/lib/$(item)   unzip_boot/root/system/lib/; $(newline))
-	#@cp -v out/target/product/$(TARGET_PRODUCT)/system/etc/sepolicy.recovery unzip_boot/root/sepolicy
-	@cp -v out/target/product/$(TARGET_PRODUCT)/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery unzip_boot/root/sepolicy
-
-
-unzip_boot/root/system/bin:
-	mkdir $@
-unzip_boot/root/system/lib:
-	mkdir $@
-
-#service console /system/bin/sh
-#    console
-#    user root
-#    group root
--- a/bouncycastle/Android.mk
+++ b/bouncycastle/Android.mk
@ -1,143 +0,0 @@
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-LOCAL_PATH := $(call my-dir)
-
-# used for bouncycastle-hostdex where we want everything for testing
-all_bcprov_src_files := $(call all-java-files-under,bcprov/src/main/java)
-
-# used for bouncycastle for target where we want to be sure to use OpenSSLDigest
-android_bcprov_src_files := $(filter-out \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java, \
- $(all_bcprov_src_files))
-
-# used for bouncycastle-host where we can't use OpenSSLDigest
-ri_bcprov_src_files := $(filter-out \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java, \
- $(all_bcprov_src_files))
-
-# These cannot build in the PDK, because the PDK requires all libraries
-# compile against SDK versions. LOCAL_NO_STANDARD_LIBRARIES conflicts with
-# this requirement.
-ifneq ($(TARGET_BUILD_PDK),true)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(android_bcprov_src_files)
-    LOCAL_JAVACFLAGS := -encoding UTF-8
-    LOCAL_JAVA_LIBRARIES := core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-    include $(BUILD_JAVA_LIBRARY)
-
-    # non-jarjar version to build okhttp-tests
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(android_bcprov_src_files)
-    LOCAL_JAVACFLAGS := -encoding UTF-8
-    LOCAL_JAVA_LIBRARIES := core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    # unbundled bouncycastle jar
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-unbundled
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SDK_VERSION := 9
-    LOCAL_SRC_FILES := $(ri_bcprov_src_files)
-    LOCAL_JAVACFLAGS := -encoding UTF-8
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-endif # TARGET_BUILD_PDK != true
-
-# This is used to generate a list of what is unused so it can be removed when bouncycastle is updated.
-# Based on "Finding dead code" example in ProGuard manual at http://proguard.sourceforge.net/
-.PHONY: bouncycastle-proguard-deadcode
-bouncycastle-proguard-deadcode: $(full_classes_compiled_jar) $(full_java_libs)
-	$(PROGUARD) \
-		-injars $(full_classes_compiled_jar) \
-		-libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!com/android/org/conscrypt/OpenSSLMessageDigest.class),$(full_java_libs)))" \
-		-dontoptimize \
-		-dontobfuscate \
-		-dontpreverify \
-		-ignorewarnings \
-		-printusage \
-		-keep class org.bouncycastle.jce.provider.BouncyCastleProvider "{ public protected *; }" \
-		-keep class org.bouncycastle.jce.provider.symmetric.AESMappings "{ public protected *; }" \
-		-keep class org.bouncycastle.asn1.ASN1TaggedObject "{ public protected *; }" \
-		-keep class org.bouncycastle.asn1.x509.CertificateList "{ public protected *; }" \
-		-keep class org.bouncycastle.crypto.AsymmetricBlockCipher "{ public protected *; }" \
-		-keep class org.bouncycastle.x509.ExtendedPKIXBuilderParameters "{ public protected *; }" \
-		`(find $(LOCAL_PATH) -name '*.java' | xargs grep '"org.bouncycastle' | egrep '  (put|add)' | sed -e 's/");//' -e 's/.*"//'; \
-		  find $(LOCAL_PATH) -name '*.java' | xargs grep '  addHMACAlgorithm' | sed 's/"org.bouncycastle/\norg.bouncycastle/g' | grep ^org.bouncycastle | sed 's/".*//'; \
-                  find . -name '*.java' | xargs grep 'import org.bouncycastle' | grep -v /bouncycastle/ | sed -e 's/.*:import //' -e 's/;//') \
-		  | sed -e 's/^/-keep class /' -e 's/$$/ { public protected \*; } /' | sort | uniq` \
-		-keepclassmembers "class * { \
-		    static final %                *; \
-		    static final java.lang.String *; \
-		}" \
-		-keepclassmembers "class * implements java.io.Serializable { \
-		    private static final java.io.ObjectStreamField[] serialPersistentFields; \
-		    private void writeObject(java.io.ObjectOutputStream); \
-		    private void readObject(java.io.ObjectInputStream); \
-		    java.lang.Object writeReplace(); \
-		    java.lang.Object readResolve(); \
-		}" \
-		-keepclassmembers "interface org.bouncycastle.crypto.paddings.BlockCipherPadding { \
-		    abstract public java.lang.String getPaddingName(); \
-		}" \
-		-keepclassmembers "class * implements org.bouncycastle.crypto.paddings.BlockCipherPadding { \
-		    public java.lang.String getPaddingName(); \
-		}"
-
-# Conscrypt isn't built in the PDK, so this cannot be built because it has a
-# dependency on conscrypt-hostdex.
-ifneq ($(TARGET_BUILD_PDK),true)
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcprov_src_files)
-    LOCAL_JAVACFLAGS := -encoding UTF-8
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_JAVA_LIBRARIES := conscrypt-hostdex
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-    include $(BUILD_HOST_DALVIK_JAVA_LIBRARY)
-endif
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(ri_bcprov_src_files)
-LOCAL_JAVACFLAGS := -encoding UTF-8
-LOCAL_MODULE_TAGS := optional
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-bcpkix-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(call all-java-files-under,bcpkix/src/main/java)
-LOCAL_JAVACFLAGS := -encoding UTF-8
-LOCAL_MODULE_TAGS := optional
-LOCAL_JAVA_LIBRARIES := bouncycastle-host
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_HOST_JAVA_LIBRARY)
--- a/security/Android.mk
+++ b/security/Android.mk
@ -1,12 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-#######################################
-# verity_key
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := verity_key
-LOCAL_SRC_FILES := $(LOCAL_MODULE)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
-
-include $(BUILD_PREBUILT)
--- a/src/libmincrypt/tools/Android.mk
+++ b/src/libmincrypt/tools/Android.mk
@ -1,22 +0,0 @@
-# Copyright (C) 2008 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := dumpkey
-LOCAL_SRC_FILES := DumpPublicKey.java
-LOCAL_JAR_MANIFEST := DumpPublicKey.mf
-LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-host
-include $(BUILD_HOST_JAVA_LIBRARY)
--- a/src/main/resources/mkbootfs
+++ b/src/main/resources/mkbootfs
--- a/src/main/resources/mkbootimg
+++ b/src/main/resources/mkbootimg