diff options
| author | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2014-05-07 17:28:49 +0100 |
|---|---|---|
| committer | Adnan Begovic <adnan@cyngn.com> | 2015-10-06 16:32:35 -0700 |
| commit | 2370b42aa540719e562985e4c603d3ed7bce5e62 (patch) | |
| tree | e11eec2775c76f20f1c138e21b25df916f7f4846 | |
| parent | d8eb47ddd8a1231e057a64b5f571bca2cbfd3f71 (diff) | |
| download | build-2370b42aa540719e562985e4c603d3ed7bce5e62.zip build-2370b42aa540719e562985e4c603d3ed7bce5e62.tar.gz build-2370b42aa540719e562985e4c603d3ed7bce5e62.tar.bz2 | |
Store the base64 release key in the OTA zips
This can be directly grepped in pre-existing package.xml tables
to make sure we're not trying to update to a differently signed
build
Change-Id: I7528a8e7c484ea9209cd665b9263328ae834586a
| -rw-r--r-- | core/Makefile | 5 | ||||
| -rwxr-xr-x | tools/releasetools/ota_from_target_files | 3 | ||||
| -rwxr-xr-x | tools/releasetools/sign_target_files_apks | 8 |
3 files changed, 15 insertions, 1 deletions
diff --git a/core/Makefile b/core/Makefile index a5bfc4c..bf779b3 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1556,6 +1556,11 @@ endif $(call generate-userimage-prop-dictionary, $(zip_root)/META/misc_info.txt) $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH MKBOOTIMG=$(MKBOOTIMG) \ ./build/tools/releasetools/make_recovery_patch $(zip_root) $(zip_root) +ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE + $(hide) build/tools/getb64key.py $(PRODUCT_DEFAULT_DEV_CERTIFICATE).x509.pem > $(zip_root)/META/releasekey.txt +else + $(hide) build/tools/getb64key.py $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem > $(zip_root)/META/releasekey.txt +endif @# Zip everything up, preserving symlinks $(hide) (cd $(zip_root) && zip -qry ../$(notdir $@) .) @# Run fs_config on all the system, vendor, boot ramdisk, diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files index 1662a1a..3201587 100755 --- a/tools/releasetools/ota_from_target_files +++ b/tools/releasetools/ota_from_target_files @@ -696,6 +696,8 @@ endif; script.AddToZip(input_zip, output_zip, input_path=OPTIONS.updater_binary) WriteMetadata(metadata, output_zip) + common.ZipWriteStr(output_zip, "META-INF/org/cyanogenmod/releasekey", + ""+input_zip.read("META/releasekey.txt")) def WritePolicyConfig(file_name, output_zip): common.ZipWrite(output_zip, file_name, os.path.basename(file_name)) @@ -1506,7 +1508,6 @@ endif; WriteMetadata(metadata, output_zip) - def main(argv): def option_handler(o, a): diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks index af16761..479a282 100755 --- a/tools/releasetools/sign_target_files_apks +++ b/tools/releasetools/sign_target_files_apks @@ -379,6 +379,14 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info): common.ZipWriteStr(output_tf_zip, "RECOVERY/RAMDISK/res/keys", new_recovery_keys) + # Save the base64 key representation in the update for key-change + # validations + p = common.Run(["python", "build/tools/getb64key.py", mapped_keys[0]], + stdout=subprocess.PIPE) + data, _ = p.communicate() + if p.returncode == 0: + common.ZipWriteStr(output_tf_zip, "META/releasekey.txt", data) + # SystemUpdateActivity uses the x509.pem version of the keys, but # put into a zipfile system/etc/security/otacerts.zip. # We DO NOT include the extra_recovery_keys (if any) here. |