Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PrepatchedImagePatcher runs before OtaCertPatcher #356

Closed
chenxiaolong opened this issue Sep 21, 2024 · 2 comments · Fixed by #357
Closed

PrepatchedImagePatcher runs before OtaCertPatcher #356

chenxiaolong opened this issue Sep 21, 2024 · 2 comments · Fixed by #357
Assignees
@chenxiaolong

Comments

@chenxiaolong
Copy link
Owner

chenxiaolong commented Sep 21, 2024
edited
Loading

I also had this problem with the same error message a few days ago. I'll try to recall what happened, but I'm not really sure what I'm doing.

What happened

  • I've been using a Google Pixel 4a with DivestOS. I've updated my OS with adb sideload previously using the same certificate files and it worked fine. Both times using avbroot ota patch with prepatched magisk boot.img.
  • In both the previous update and this time, running avbroot ota patch ... I got the error "WARN The prepatched boot image may not be compatible with the original (...)"
  • In both the previous update and this time, running avbroot ota verify ... I got the error "ERROR boot's otacerts.zip does not contain OTA certificate"

Attempts at troubleshooting

I tried using the version of avbroot I used for my last update (3.0.0) and the error is the same.

Looking inside the current .patched image's \META-INF\com\android\otacert matches my ota.crt

I tried doing what was specified previously but my system doesn't have a vendor_boot_a/b folder. It has a boot_a/b folder (not sure if it's the same), whose otacerts.zip doesn't contain a ota.x509.pem. It only contains another certificate file.

I unpacked the boot.img of the original divestOS image using avbroot extract and the last two commands and saw it also doesn't contain a ota.x509.pem. I don't think the .patched's boot.img did either.

I ran avbroot ota patch ... with debug level --log-level trace and got this output.

Originally posted by @luxqaoa in #350 (comment)
@chenxiaolong chenxiaolong self-assigned this Sep 21, 2024
@chenxiaolong chenxiaolong mentioned this issue Sep 21, 2024
Open
@chenxiaolong
Copy link
Owner Author

This seems to have been a regression since avbroot 2.0.0.

The problem happens for older devices where boot is used for both Android and recovery mode. avbroot was running its boot image patchers out of order in this scenario. OtaCertPatcher would run first, updating recovery mode's otacerts.zip properly. However, PrepatchedImagePatcher would then run and wipe out all changes that were already made since it (intentionally) uses the prepatched image given by the user.

@chenxiaolong chenxiaolong mentioned this issue Sep 21, 2024
Merged
@chenxiaolong
Copy link
Owner Author

@luxqaoa The issue is fixed in version 3.7.0. Please follow the steps at #357 (comment) to get the device back into a good state without needing to wipe and start fresh.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chenxiaolong chenxiaolong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure that PrepatchedImagePatcher runs before other patchers chenxiaolong/avbroot
1 participant
@chenxiaolong