android update.zip升级包的制作

转自 http://blog.csdn.net/mu0206mu/article/details/7399822  http://blog.sina.com.cn/s/blog_4ba5666e0100wkfh.html

手动制作update.zip包的过程：

1.创建一个update目录，该目录包含自己想要升级或替换的内容

例如：

update/

update/system

update/system/app

update/system/app/doodle_jump.apk

update/META-INF

update/META-INF/com

update/META-INF/com/google

update/META-INF/com/google/android

update/META-INF/com/google/android/update-script

该目录包含doodle_jump游戏，升级后该apk将出现在手机的/system/app/目录下。

META-INF目录下包含升级脚本，update-script脚本的内容如下：

show_progress 0.500000 0

copy_dir PACKAGE:system SYSTEM:

show_progress 0.100000 0

大家可以根据自己的升级内容添加相应的命令。

2.创建压缩包

在update/目录下运行：

$ zip -qry ../update.unsigned.zip ./

将在update/的父目录下产生update.unsigned.zip 压缩包

3.签名

$ java -Xmx512m -jar signapk.jar -w key.x509.pem key.pk8 update.unsigned.zip update.zip

生成签过名的update.zip包，其中

signapk.jar，key.x509.pem，key.pk8与具体手机系统相关

4.将签过名的update.zip包放入手机sdcard根目录，
重启系统进入recovery模式，选择

apply update.zip，成功后重启手机

ok，现在手机上已经有doodle_jump游戏了，并且它无法被删除～

Android系统Recovery工作原理之使用update.zip升级过程分析（一）---update.zip包的制作

         这篇及以后的篇幅将通过分析update.zip包在具体Android系统升级的过程，来理解Android系统中Recovery模式服务的工作原理。我们先从update.zip包的制作开始，然后是Android系统的启动模式分析，Recovery工作原理，如何从我们上层开始选择system update到重启到Recovery服务，以及在Recovery服务中具体怎样处理update.zip包升级的，我们的安装脚本updater-script怎样被解析并执行的等一系列问题。分析过程中所用的Android源码是gingerbread0919（tcc88xx开发板标配的），测试开发板是tcc88xx。这是在工作中总结的文档，当然在网上参考了不少内容，如有雷同纯属巧合吧，在分析过程中也存在很多未解决的问题，也希望大家不吝指教。

一、  update.zip包的目录结构
          |----boot.img
          |----system/
          |----recovery/
                `|----recovery-from-boot.p
                `|----etc/
                        `|----install-recovery.sh
          |---META-INF/
              `|CERT.RSA
              `|CERT.SF
              `|MANIFEST.MF
              `|----com/
                     `|----google/
                             `|----android/
                                    `|----update-binary
                                    `|----updater-script
                             `|----android/
                                    `|----metadata
二、  update.zip包目录结构详解
         以上是我们用命令make otapackage 制作的update.zip包的标准目录结构。
          1、 boot.img是更新boot分区所需要的文件。这个boot.img主要包括kernel+ramdisk。

         2、system/目录的内容在升级后会放在系统的system分区。主要用来更新系统的一些应用或则应用会用到的一些库等等。可以将Android源码编译out/target/product/tcc8800/system/中的所有文件拷贝到这个目录来代替。

          3、 recovery/目录中的recovery-from-boot.p是boot.img和recovery.img的补丁(patch),主要用来更新recovery分区，其中etc/目录下的install-recovery.sh是更新脚本。
          4、 update-binary是一个二进制文件，相当于一个脚本解释器，能够识别updater-script中描述的操作。该文件在Android源码编译后out/target/product/tcc8800/system bin/updater生成，可将updater重命名为update-binary得到。
               该文件在具体的更新包中的名字由源码中bootable/recovery/install.c中的宏ASSUMED_UPDATE_BINARY_NAME的值而定。
          5、 updater-script：此文件是一个脚本文件，具体描述了更新过程。我们可以根据具体情况编写该脚本来适应我们的具体需求。该文件的命名由源码中bootable/recovery/updater/updater.c文件中的宏SCRIPT_NAME的值而定。
          6、  metadata文件是描述设备信息及环境变量的元数据。主要包括一些编译选项，签名公钥，时间戳以及设备型号等。
          7、 我们还可以在包中添加userdata目录，来更新系统中的用户数据部分。这部分内容在更新后会存放在系统的/data目录下。

         8、update.zip包的签名：update.zip更新包在制作完成后需要对其签名，否则在升级时会出现认证失败的错误提示。而且签名要使用和目标板一致的加密公钥。加密公钥及加密需要的三个文件在Android源码编译后生成的具体路径为：

               out/host/linux-x86/framework/signapk.jar 

               build/target/product/security/testkey.x509.pem         

               build/target/product/security/testkey.pk8 。

              我们用命令make otapackage制作生成的update.zip包是已签过名的，如果自己做update.zip包时必须手动对其签名。

              具体的加密方法：$ java –jar gingerbread/out/host/linux/framework/signapk.jar –w gingerbread/build/target/product/security/testkey.x509.pem                                      gingerbread/build/target/product/security/testkey.pk8 update.zip update_signed.zip
              以上命令在update.zip包所在的路径下执行，其中signapk.jar testkey.x509.pem以及testkey.pk8文件的引用使用绝对路径。update.zip 是我们已经打好的包，update_signed.zip包是命令执行完生成的已经签过名的包。
          9、 MANIFEST.MF：这个manifest文件定义了与包的组成结构相关的数据。类似Android应用的mainfest.xml文件。
         10、 CERT.RSA：与签名文件相关联的签名程序块文件，它存储了用于签名JAR文件的公共签名。
         11、 CERT.SF：这是JAR文件的签名文件，其中前缀CERT代表签名者。
        另外，在具体升级时，对update.zip包检查时大致会分三步：①检验SF文件与RSA文件是否匹配。②检验MANIFEST.MF与签名文件中的digest是否一致。③检验包中的文件与MANIFEST中所描述的是否一致。
三、  Android升级包update.zip的生成过程分析

         1) 对于update.zip包的制作有两种方式，即手动制作和命令生成。

          第一种手动制作：即按照update.zip的目录结构手动创建我们需要的目录。然后将对应的文件拷贝到相应的目录下，比如我们向系统中新加一个应用程序。可以将新增的应用拷贝到我们新建的update/system/app/下（system目录是事先拷贝编译源码后生成的system目录），打包并签名后，拷贝到SD卡就可以使用了。这种方式在实际的tcc8800开发板中未测试成功。签名部分未通过，可能与具体的开发板相关。

          第二种制作方式：命令制作。Android源码系统中为我们提供了制作update.zip刷机包的命令，即make otapackage。该命令在编译源码完成后并在源码根目录下执行。 具体操作方式：在源码根目录下执行

                ①$ . build/envsetup.sh。 

                ②$ lunch 然后选择你需要的配置(如17)。

                ③$ make otapackage。

          在编译完源码后最好再执行一遍上面的①、②步防止执行③时出现未找到对应规则的错误提示。命令执行完成后生成的升级包所在位置在out/target/product/full_tcc8800_evm_target_files-eng.mumu.20120309.111059.zip将这个包重新命名为update.zip，并拷贝到SD卡中即可使用。

           这种方式(即完全升级)在tcc8800开发板中已测试成功。

       2) 使用make otapackage命令生成update.zip的过程分析。
            在源码根目录下执行make otapackage命令生成update.zip包主要分为两步，第一步是根据Makefile执行编译生成一个update原包（zip格式）。第二步是运行一个python脚本，并以上一步准备的zip包作为输入，最终生成我们需要的升级包。下面进一步分析这两个过程。

            第一步：编译Makefile。对应的Makefile文件所在位置：build/core/Makefile。从该文件的884行（tcc8800,gingerbread0919）开始会生成一个zip包，这个包最后会用来制作OTA package 或者filesystem image。先将这部分的对应的Makefile贴出来如下：

          

 # -----------------------------------------------------------------
 # A zip of the directories that map to the target filesystem.
 # This zip can be used to create an OTA package or filesystem image
 # as a post-build step.
 #
 name := $(TARGET_PRODUCT)
 ifeq ($(TARGET_BUILD_TYPE),debug)
   name := $(name)_debug
 endif
 name := $(name)-target_files-$(FILE_NAME_TAG)

 intermediates := $(call intermediates-dir-for,PACKAGING,target_files)
 BUILT_TARGET_FILES_PACKAGE := $(intermediates)/$(name).zip
 $(BUILT_TARGET_FILES_PACKAGE): intermediates := $(intermediates)
 $(BUILT_TARGET_FILES_PACKAGE): \
         zip_root := $(intermediates)/$(name)

 # $(1): Directory to copy
 # $(2): Location to copy it to
 # The "ls -A" is to prevent "acp s/* d" from failing if s is empty.
 define package_files-copy-root
   if [ -d "$(strip $(1))" -a "$$(ls -A $(1))" ]; then \
     mkdir -p $(2) && \
     $(ACP) -rd $(strip $(1))/* $(2); \
   fi
 endef

 built_ota_tools := \
     $(call intermediates-dir-for,EXECUTABLES,applypatch)/applypatch \
     $(call intermediates-dir-for,EXECUTABLES,applypatch_static)/applypatch_static \
     $(call intermediates-dir-for,EXECUTABLES,check_prereq)/check_prereq \
     $(call intermediates-dir-for,EXECUTABLES,updater)/updater
 $(BUILT_TARGET_FILES_PACKAGE): PRIVATE_OTA_TOOLS := $(built_ota_tools)

 $(BUILT_TARGET_FILES_PACKAGE): PRIVATE_RECOVERY_API_VERSION := $(RECOVERY_API_VERSION)

 ifeq ($(TARGET_RELEASETOOLS_EXTENSIONS),)
 # default to common dir for device vendor
 $(BUILT_TARGET_FILES_PACKAGE): tool_extensions := $(TARGET_DEVICE_DIR)/../common
 else
 $(BUILT_TARGET_FILES_PACKAGE): tool_extensions := $(TARGET_RELEASETOOLS_EXTENSIONS)
 endif

 # Depending on the various images guarantees that the underlying
 # directories are up-to-date.
 $(BUILT_TARGET_FILES_PACKAGE): \
         $(INSTALLED_BOOTIMAGE_TARGET) \
         $(INSTALLED_RADIOIMAGE_TARGET) \
         $(INSTALLED_RECOVERYIMAGE_TARGET) \
         $(INSTALLED_SYSTEMIMAGE) \
         $(INSTALLED_USERDATAIMAGE_TARGET) \
         $(INSTALLED_ANDROID_INFO_TXT_TARGET) \
         $(built_ota_tools) \
         $(APKCERTS_FILE) \
         $(HOST_OUT_EXECUTABLES)/fs_config \
         | $(ACP)
     @echo "Package target files: $@"
     $(hide) rm -rf $@ $(zip_root)
     $(hide) mkdir -p $(dir $@) $(zip_root)
     @# Components of the recovery image
     $(hide) mkdir -p $(zip_root)/RECOVERY
     $(hide) $(call package_files-copy-root, \
         $(TARGET_RECOVERY_ROOT_OUT),$(zip_root)/RECOVERY/RAMDISK)
 ifdef INSTALLED_KERNEL_TARGET
     $(hide) $(ACP) $(INSTALLED_KERNEL_TARGET) $(zip_root)/RECOVERY/kernel
 endif
 ifdef INSTALLED_2NDBOOTLOADER_TARGET
     $(hide) $(ACP) \
         $(INSTALLED_2NDBOOTLOADER_TARGET) $(zip_root)/RECOVERY/second
 endif
 ifdef BOARD_KERNEL_CMDLINE
     $(hide) echo "$(BOARD_KERNEL_CMDLINE)" > $(zip_root)/RECOVERY/cmdline
 endif
 ifdef BOARD_KERNEL_BASE
     $(hide) echo "$(BOARD_KERNEL_BASE)" > $(zip_root)/RECOVERY/base
 endif
 ifdef BOARD_KERNEL_PAGESIZE
     $(hide) echo "$(BOARD_KERNEL_PAGESIZE)" > $(zip_root)/RECOVERY/pagesize
 endif
     @# Components of the boot image
     $(hide) mkdir -p $(zip_root)/BOOT
     $(hide) $(call package_files-copy-root, \
         $(TARGET_ROOT_OUT),$(zip_root)/BOOT/RAMDISK)
 ifdef INSTALLED_KERNEL_TARGET
     $(hide) $(ACP) $(INSTALLED_KERNEL_TARGET) $(zip_root)/BOOT/kernel
 endif
 ifdef INSTALLED_2NDBOOTLOADER_TARGET
     $(hide) $(ACP) \
         $(INSTALLED_2NDBOOTLOADER_TARGET) $(zip_root)/BOOT/second
 endif
 ifdef BOARD_KERNEL_CMDLINE
     $(hide) echo "$(BOARD_KERNEL_CMDLINE)" > $(zip_root)/BOOT/cmdline
 endif
 ifdef BOARD_KERNEL_BASE
     $(hide) echo "$(BOARD_KERNEL_BASE)" > $(zip_root)/BOOT/base
 endif
 ifdef BOARD_KERNEL_PAGESIZE
     $(hide) echo "$(BOARD_KERNEL_PAGESIZE)" > $(zip_root)/BOOT/pagesize
 endif
     $(hide) $(foreach t,$(INSTALLED_RADIOIMAGE_TARGET),\
                 mkdir -p $(zip_root)/RADIO; \
                 $(ACP) $(t) $(zip_root)/RADIO/$(notdir $(t));)
     @# Contents of the system image
     $(hide) $(call package_files-copy-root, \
         $(SYSTEMIMAGE_SOURCE_DIR),$(zip_root)/SYSTEM)
     @# Contents of the data image
     $(hide) $(call package_files-copy-root, \
         $(TARGET_OUT_DATA),$(zip_root)/DATA)
     @# Extra contents of the OTA package
     $(hide) mkdir -p $(zip_root)/OTA/bin
     $(hide) $(ACP) $(INSTALLED_ANDROID_INFO_TXT_TARGET) $(zip_root)/OTA/
     $(hide) $(ACP) $(PRIVATE_OTA_TOOLS) $(zip_root)/OTA/bin/
     @# Files that do not end up in any images, but are necessary to
     @# build them.
     $(hide) mkdir -p $(zip_root)/META
     $(hide) $(ACP) $(APKCERTS_FILE) $(zip_root)/META/apkcerts.txt
     $(hide) echo "$(PRODUCT_OTA_PUBLIC_KEYS)" > $(zip_root)/META/otakeys.txt
     $(hide) echo "recovery_api_version=$(PRIVATE_RECOVERY_API_VERSION)" > $(zip_root)/META/misc_info.txt
 ifdef BOARD_FLASH_BLOCK_SIZE
     $(hide) echo "blocksize=$(BOARD_FLASH_BLOCK_SIZE)" >> $(zip_root)/META/misc_info.txt
 endif
 ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
     $(hide) echo "boot_size=$(BOARD_BOOTIMAGE_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
 endif
 ifdef BOARD_RECOVERYIMAGE_PARTITION_SIZE
     $(hide) echo "recovery_size=$(BOARD_RECOVERYIMAGE_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
 endif
 ifdef BOARD_SYSTEMIMAGE_PARTITION_SIZE
     $(hide) echo "system_size=$(BOARD_SYSTEMIMAGE_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
 endif
 ifdef BOARD_USERDATAIMAGE_PARTITION_SIZE
     $(hide) echo "userdata_size=$(BOARD_USERDATAIMAGE_PARTITION_SIZE)" >> $(zip_root)/META/misc_info.txt
 endif
     $(hide) echo "tool_extensions=$(tool_extensions)" >> $(zip_root)/META/misc_info.txt
 ifdef mkyaffs2_extra_flags
     $(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(zip_root)/META/misc_info.txt
 endif
     @# Zip everything up, preserving symlinks
     $(hide) (cd $(zip_root) && zip -qry ../$(notdir $@) .)
     @# Run fs_config on all the system files in the zip, and save the output
     $(hide) zipinfo -1 $@ | awk -F/ 'BEGIN { OFS="/" } /^SYSTEM\// {$$1 = "system"; print}' | $(HOST_OUT_EXECUTABLES)/fs_config > $(zip_root)/META/filesystem_config.txt
     $(hide) (cd $(zip_root) && zip -q ../$(notdir $@) META/filesystem_config.txt)


 target-files-package: $(BUILT_TARGET_FILES_PACKAGE)


 ifneq ($(TARGET_SIMULATOR),true)
 ifneq ($(TARGET_PRODUCT),sdk)
 ifneq ($(TARGET_DEVICE),generic)
 ifneq ($(TARGET_NO_KERNEL),true)
 ifneq ($(recovery_fstab),)

            根据上面的Makefile可以分析这个包的生成过程：

            首先创建一个root_zip根目录，并依次在此目录下创建所需要的如下其他目录

            ①创建RECOVERY目录，并填充该目录的内容，包括kernel的镜像和recovery根文件系统的镜像。此目录最终用于生成recovery.img。

            ②创建并填充BOOT目录。包含kernel和cmdline以及pagesize大小等，该目录最终用来生成boot.img。
            ③向SYSTEM目录填充system image。
            ④向DATA填充data image。
            ⑤用于生成OTA package包所需要的额外的内容。主要包括一些bin命令。
            ⑥创建META目录并向该目录下添加一些文本文件，如apkcerts.txt(描述apk文件用到的认证证书)，misc_info.txt(描述Flash内存的块大小以及boot、recovery、system、userdata等分区的大小信息)。
            ⑦使用保留连接选项压缩我们在上面获得的root_zip目录。
            ⑧使用fs_config(build/tools/fs_config)配置上面的zip包内所有的系统文件(system/下各目录、文件)的权限属主等信息。fs_config包含了一个头文件#include“private/android_filesystem_config.h”。在这个头文件中以硬编码的方式设定了system目录下各文件的权限、属主。执行完配置后会将配置后的信息以文本方式输出 到META/filesystem_config.txt中。并再一次zip压缩成我们最终需要的原始包。

             第二步：上面的zip包只是一个编译过程中生成的原始包。这个原始zip包在实际的编译过程中有两个作用，一是用来生成OTA update升级包，二是用来生成系统镜像。在编译过程中若生成OTA update升级包时会调用（具体位置在Makefile的1037行到1058行）一个名为ota_from_target_files的python脚本，位置在/build/tools/releasetools/ota_from_target_files。这个脚本的作用是以第一步生成的zip原始包作为输入，最终生成可用的OTA升级zip包。

             下面我们分析使用这个脚本生成最终OTA升级包的过程。

                   ㈠ 首先看一下这个脚本开始部分的帮助文档。代码如下：

 #!/usr/bin/env python
 #
 # Copyright (C) 2008 The Android Open Source Project
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 """
 Given a target-files zipfile, produces an OTA package that installs
 that build.  An incremental OTA is produced if -i is given, otherwise
 a full OTA is produced.

 Usage:  ota_from_target_files [flags] input_target_files output_ota_package

   -b  (--board_config)  <file>
       Deprecated.

   -k  (--package_key)  <key>
       Key to use to sign the package (default is
       "build/target/product/security/testkey").

   -i  (--incremental_from)  <file>
       Generate an incremental OTA using the given target-files zip as
       the starting build.

   -w  (--wipe_user_data)
       Generate an OTA package that will wipe the user data partition
       when installed.

   -n  (--no_prereq)
       Omit the timestamp prereq check normally included at the top of
       the build scripts (used for developer OTA packages which
       legitimately need to go back and forth).

   -e  (--extra_script)  <file>
       Insert the contents of file at the end of the update script.

 """

                        下面简单翻译一下他们的使用方法以及选项的作用。

                        Usage: ota_from_target_files [flags] input_target_files output_ota_package
                        -b 过时的。
                        -k签名所使用的密钥
                        -i生成增量OTA包时使用此选项。后面我们会用到这个选项来生成OTA增量包。
                        -w是否清除userdata分区
                        -n在升级时是否不检查时间戳，缺省要检查，即缺省情况下只能基于旧版本升级。
                        -e是否有额外运行的脚本
                        -m执行过程中生成脚本(updater-script)所需要的格式,目前有两种即amend和edify。对应上两种版本升级时会采用不同的解释器。缺省会同时生成两种格式的脚 本。
                        -p定义脚本用到的一些可执行文件的路径。
                        -s定义额外运行脚本的路径。
                        -x定义额外运行的脚本可能用的键值对。
                        -v执行过程中打印出执行的命令。
                        -h命令帮助

                   ㈡ 下面我们分析ota_from_target_files这个python脚本是怎样生成最终zip包的。先讲这个脚本的代码贴出来如下：

 import sys

 if sys.hexversion < 0x02040000:
   print >> sys.stderr, "Python 2.4 or newer is required."
   sys.exit(1)

 import copy
 import errno
 import os
 import re
 import sha
 import subprocess
 import tempfile
 import time
 import zipfile

 import common
 import edify_generator

 OPTIONS = common.OPTIONS
 OPTIONS.package_key = "build/target/product/security/testkey"
 OPTIONS.incremental_source = None
 OPTIONS.require_verbatim = set()
 OPTIONS.prohibit_verbatim = set(("system/build.prop",))
 OPTIONS.patch_threshold = 0.95
 OPTIONS.wipe_user_data = False
 OPTIONS.omit_prereq = False
 OPTIONS.extra_script = None
 OPTIONS.worker_threads = 3

 def MostPopularKey(d, default):
   """Given a dict, return the key corresponding to the largest
   value.  Returns 'default' if the dict is empty."""
   x = [(v, k) for (k, v) in d.iteritems()]
   if not x: return default
   x.sort()
   return x[-1][1]


 def IsSymlink(info):
   """Return true if the zipfile.ZipInfo object passed in represents a
   symlink."""
   return (info.external_attr >> 16) == 0120777


 class Item:
   """Items represent the metadata (user, group, mode) of files and
   directories in the system image."""
   ITEMS = {}
   def __init__(self, name, dir=False):
     self.name = name
     self.uid = None
     self.gid = None
     self.mode = None
     self.dir = dir

     if name:
       self.parent = Item.Get(os.path.dirname(name), dir=True)
       self.parent.children.append(self)
     else:
       self.parent = None
     if dir:
       self.children = []

   def Dump(self, indent=0):
     if self.uid is not None:
       print "%s%s %d %d %o" % ("  "*indent, self.name, self.uid, self.gid, self.mode)
     else:
       print "%s%s %s %s %s" % ("  "*indent, self.name, self.uid, self.gid, self.mode)
     if self.dir:
       print "%s%s" % ("  "*indent, self.descendants)
       print "%s%s" % ("  "*indent, self.best_subtree)
       for i in self.children:
         i.Dump(indent=indent+1)

   @classmethod
   def Get(cls, name, dir=False):
     if name not in cls.ITEMS:
       cls.ITEMS[name] = Item(name, dir=dir)
     return cls.ITEMS[name]

   @classmethod
   def GetMetadata(cls, input_zip):

     try:
       # See if the target_files contains a record of what the uid,
       # gid, and mode is supposed to be.
       output = input_zip.read("META/filesystem_config.txt")
     except KeyError:
       # Run the external 'fs_config' program to determine the desired
       # uid, gid, and mode for every Item object.  Note this uses the
       # one in the client now, which might not be the same as the one
       # used when this target_files was built.
       p = common.Run(["fs_config"], stdin=subprocess.PIPE,
                      stdout=subprocess.PIPE, stderr=subprocess.PIPE)
       suffix = { False: "", True: "/" }
       input = "".join(["%s%s\n" % (i.name, suffix[i.dir])
                        for i in cls.ITEMS.itervalues() if i.name])
       output, error = p.communicate(input)
       assert not error

     for line in output.split("\n"):
       if not line: continue
       name, uid, gid, mode = line.split()
       i = cls.ITEMS.get(name, None)
       if i is not None:
         i.uid = int(uid)
         i.gid = int(gid)
         i.mode = int(mode, 8)
         if i.dir:
           i.children.sort(key=lambda i: i.name)

     # set metadata for the files generated by this script.
     i = cls.ITEMS.get("system/recovery-from-boot.p", None)
     if i: i.uid, i.gid, i.mode = 0, 0, 0644
     i = cls.ITEMS.get("system/etc/install-recovery.sh", None)
     if i: i.uid, i.gid, i.mode = 0, 0, 0544

   def CountChildMetadata(self):
     """Count up the (uid, gid, mode) tuples for all children and
     determine the best strategy for using set_perm_recursive and
     set_perm to correctly chown/chmod all the files to their desired
     values.  Recursively calls itself for all descendants.

     Returns a dict of {(uid, gid, dmode, fmode): count} counting up
     all descendants of this node.  (dmode or fmode may be None.)  Also
     sets the best_subtree of each directory Item to the (uid, gid,
     dmode, fmode) tuple that will match the most descendants of that
     Item.
     """

     assert self.dir
     d = self.descendants = {(self.uid, self.gid, self.mode, None): 1}
     for i in self.children:
       if i.dir:
         for k, v in i.CountChildMetadata().iteritems():
           d[k] = d.get(k, 0) + v
       else:
         k = (i.uid, i.gid, None, i.mode)
         d[k] = d.get(k, 0) + 1

     # Find the (uid, gid, dmode, fmode) tuple that matches the most
     # descendants.

     # First, find the (uid, gid) pair that matches the most
     # descendants.
     ug = {}
     for (uid, gid, _, _), count in d.iteritems():
       ug[(uid, gid)] = ug.get((uid, gid), 0) + count
     ug = MostPopularKey(ug, (0, 0))

     # Now find the dmode and fmode that match the most descendants
     # with that (uid, gid), and choose those.
     best_dmode = (0, 0755)
     best_fmode = (0, 0644)
     for k, count in d.iteritems():
       if k[:2] != ug: continue
       if k[2] is not None and count >= best_dmode[0]: best_dmode = (count, k[2])
       if k[3] is not None and count >= best_fmode[0]: best_fmode = (count, k[3])
     self.best_subtree = ug + (best_dmode[1], best_fmode[1])

     return d

   def SetPermissions(self, script):
     """Append set_perm/set_perm_recursive commands to 'script' to
     set all permissions, users, and groups for the tree of files
     rooted at 'self'."""

     self.CountChildMetadata()

     def recurse(item, current):
       # current is the (uid, gid, dmode, fmode) tuple that the current
       # item (and all its children) have already been set to.  We only
       # need to issue set_perm/set_perm_recursive commands if we're
       # supposed to be something different.
       if item.dir:
         if current != item.best_subtree:
           script.SetPermissionsRecursive("/"+item.name, *item.best_subtree)
           current = item.best_subtree

         if item.uid != current[0] or item.gid != current[1] or \
            item.mode != current[2]:
           script.SetPermissions("/"+item.name, item.uid, item.gid, item.mode)

         for i in item.children:
           recurse(i, current)
       else:
         if item.uid != current[0] or item.gid != current[1] or \
                item.mode != current[3]:
           script.SetPermissions("/"+item.name, item.uid, item.gid, item.mode)

     recurse(self, (-1, -1, -1, -1))


 def CopySystemFiles(input_zip, output_zip=None,
                     substitute=None):
   """Copies files underneath system/ in the input zip to the output
   zip.  Populates the Item class with their metadata, and returns a
   list of symlinks.  output_zip may be None, in which case the copy is
   skipped (but the other side effects still happen).  substitute is an
   optional dict of {output filename: contents} to be output instead of
   certain input files.
   """

   symlinks = []

   for info in input_zip.infolist():
     if info.filename.startswith("SYSTEM/"):
       basefilename = info.filename[7:]
       if IsSymlink(info):
         symlinks.append((input_zip.read(info.filename),
                          "/system/" + basefilename))
       else:
         info2 = copy.copy(info)
         fn = info2.filename = "system/" + basefilename
         if substitute and fn in substitute and substitute[fn] is None:
           continue
         if output_zip is not None:
           if substitute and fn in substitute:
             data = substitute[fn]
           else:
             data = input_zip.read(info.filename)
           output_zip.writestr(info2, data)
         if fn.endswith("/"):
           Item.Get(fn[:-1], dir=True)
         else:
           Item.Get(fn, dir=False)

   symlinks.sort()
   return symlinks


 def SignOutput(temp_zip_name, output_zip_name):
   key_passwords = common.GetKeyPasswords([OPTIONS.package_key])
   pw = key_passwords[OPTIONS.package_key]

   common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw,
                   whole_file=True)


 def AppendAssertions(script, input_zip):
   device = GetBuildProp("ro.product.device", input_zip)
   script.AssertDevice(device)


 def MakeRecoveryPatch(output_zip, recovery_img, boot_img):
   """Generate a binary patch that creates the recovery image starting
   with the boot image.  (Most of the space in these images is just the
   kernel, which is identical for the two, so the resulting patch
   should be efficient.)  Add it to the output zip, along with a shell
   script that is run from init.rc on first boot to actually do the
   patching and install the new recovery image.

   recovery_img and boot_img should be File objects for the
   corresponding images.

   Returns an Item for the shell script, which must be made
   executable.
   """

   d = common.Difference(recovery_img, boot_img)
   _, _, patch = d.ComputePatch()
   common.ZipWriteStr(output_zip, "recovery/recovery-from-boot.p", patch)
   Item.Get("system/recovery-from-boot.p", dir=False)

   boot_type, boot_device = common.GetTypeAndDevice("/boot", OPTIONS.info_dict)
   recovery_type, recovery_device = common.GetTypeAndDevice("/recovery", OPTIONS.info_dict)

   # Images with different content will have a different first page, so
   # we check to see if this recovery has already been installed by
   # testing just the first 2k.
   HEADER_SIZE = 2048
   header_sha1 = sha.sha(recovery_img.data[:HEADER_SIZE]).hexdigest()
   sh = """#!/system/bin/sh
 if ! applypatch -c %(recovery_type)s:%(recovery_device)s:%(header_size)d:%(header_sha1)s; then
   log -t recovery "Installing new recovery image"
   applypatch %(boot_type)s:%(boot_device)s:%(boot_size)d:%(boot_sha1)s %(recovery_type)s:%(recovery_device)s %(recovery_sha1)s %(recovery_size)d %(boot_sha1)s:/system/recovery-from-boot.p
 else
   log -t recovery "Recovery image already installed"
 fi
 """ % { 'boot_size': boot_img.size,
         'boot_sha1': boot_img.sha1,
         'header_size': HEADER_SIZE,
         'header_sha1': header_sha1,
         'recovery_size': recovery_img.size,
         'recovery_sha1': recovery_img.sha1,
         'boot_type': boot_type,
         'boot_device': boot_device,
         'recovery_type': recovery_type,
         'recovery_device': recovery_device,
         }
   common.ZipWriteStr(output_zip, "recovery/etc/install-recovery.sh", sh)
   return Item.Get("system/etc/install-recovery.sh", dir=False)


 def WriteFullOTAPackage(input_zip, output_zip):
   # TODO: how to determine this?  We don't know what version it will
   # be installed on top of.  For now, we expect the API just won't
   # change very often.
   script = edify_generator.EdifyGenerator(3, OPTIONS.info_dict)

   metadata = {"post-build": GetBuildProp("ro.build.fingerprint", input_zip),
               "pre-device": GetBuildProp("ro.product.device", input_zip),
               "post-timestamp": GetBuildProp("ro.build.date.utc", input_zip),
               }

   device_specific = common.DeviceSpecificParams(
       input_zip=input_zip,
       input_version=OPTIONS.info_dict["recovery_api_version"],
       output_zip=output_zip,
       script=script,
       input_tmp=OPTIONS.input_tmp,
       metadata=metadata,
       info_dict=OPTIONS.info_dict)

   if not OPTIONS.omit_prereq:
     ts = GetBuildProp("ro.build.date.utc", input_zip)
     script.AssertOlderBuild(ts)

   AppendAssertions(script, input_zip)
   device_specific.FullOTA_Assertions()

   script.ShowProgress(0.5, 0)

   if OPTIONS.wipe_user_data:
     script.FormatPartition("/data")

   script.FormatPartition("/system")
   script.Mount("/system")
   script.UnpackPackageDir("recovery", "/system")
   script.UnpackPackageDir("system", "/system")

   symlinks = CopySystemFiles(input_zip, output_zip)
   script.MakeSymlinks(symlinks)

   boot_img = common.File("boot.img", common.BuildBootableImage(
       os.path.join(OPTIONS.input_tmp, "BOOT")))
   recovery_img = common.File("recovery.img", common.BuildBootableImage(
       os.path.join(OPTIONS.input_tmp, "RECOVERY")))
   MakeRecoveryPatch(output_zip, recovery_img, boot_img)

   Item.GetMetadata(input_zip)
   Item.Get("system").SetPermissions(script)

   common.CheckSize(boot_img.data, "boot.img", OPTIONS.info_dict)
   common.ZipWriteStr(output_zip, "boot.img", boot_img.data)
   script.ShowProgress(0.2, 0)

   script.ShowProgress(0.2, 10)
   script.WriteRawImage("/boot", "boot.img")

   script.ShowProgress(0.1, 0)
   device_specific.FullOTA_InstallEnd()

   if OPTIONS.extra_script is not None:
     script.AppendExtra(OPTIONS.extra_script)

   script.UnmountAll()
   script.AddToZip(input_zip, output_zip)
   WriteMetadata(metadata, output_zip)


 def WriteMetadata(metadata, output_zip):
   common.ZipWriteStr(output_zip, "META-INF/com/android/metadata",
                      "".join(["%s=%s\n" % kv
                               for kv in sorted(metadata.iteritems())]))




 def LoadSystemFiles(z):
   """Load all the files from SYSTEM/... in a given target-files
   ZipFile, and return a dict of {filename: File object}."""
   out = {}
   for info in z.infolist():
     if info.filename.startswith("SYSTEM/") and not IsSymlink(info):
       fn = "system/" + info.filename[7:]
       data = z.read(info.filename)
       out[fn] = common.File(fn, data)
   return out


 def GetBuildProp(property, z):
   """Return the fingerprint of the build of a given target-files
   ZipFile object."""
   bp = z.read("SYSTEM/build.prop")
   if not property:
     return bp
   m = re.search(re.escape(property) + r"=(.*)\n", bp)
   if not m:
     raise common.ExternalError("couldn't find %s in build.prop" % (property,))
   return m.group(1).strip()


 def WriteIncrementalOTAPackage(target_zip, source_zip, output_zip):
   source_version = OPTIONS.source_info_dict["recovery_api_version"]
   target_version = OPTIONS.target_info_dict["recovery_api_version"]

   if source_version == 0:
     print ("WARNING: generating edify script for a source that "
            "can't install it.")
   script = edify_generator.EdifyGenerator(source_version, OPTIONS.info_dict)

   metadata = {"pre-device": GetBuildProp("ro.product.device", source_zip),
               "post-timestamp": GetBuildProp("ro.build.date.utc", target_zip),
               }

   device_specific = common.DeviceSpecificParams(
       source_zip=source_zip,
       source_version=source_version,
       target_zip=target_zip,
       target_version=target_version,
       output_zip=output_zip,
       script=script,