diff options
author | Ying Wang <wangying@google.com> | 2011-10-04 10:50:08 -0700 |
---|---|---|
committer | Ying Wang <wangying@google.com> | 2011-10-04 10:50:08 -0700 |
commit | 3c21fe5b12d95fe374b9b8c874dc4c48b7f9fce1 (patch) | |
tree | 62df898db6926f6897181aad2b716be94f7fa96d /core | |
parent | 6e69feed1a3d57d3206f7dabe32e06e8b07189e2 (diff) | |
download | build-3c21fe5b12d95fe374b9b8c874dc4c48b7f9fce1.zip build-3c21fe5b12d95fe374b9b8c874dc4c48b7f9fce1.tar.gz build-3c21fe5b12d95fe374b9b8c874dc4c48b7f9fce1.tar.bz2 |
Support for product-specific dev keys.
Change-Id: Id577a72ee9f7cd70e8ca77efcbf10a37885c7d6f
Diffstat (limited to 'core')
-rw-r--r-- | core/Makefile | 15 | ||||
-rw-r--r-- | core/config.mk | 7 | ||||
-rw-r--r-- | core/package.mk | 8 | ||||
-rw-r--r-- | core/prebuilt.mk | 4 | ||||
-rw-r--r-- | core/product.mk | 7 | ||||
-rw-r--r-- | core/product_config.mk | 37 |
6 files changed, 50 insertions, 28 deletions
diff --git a/core/Makefile b/core/Makefile index ebc8a85..3186bda 100644 --- a/core/Makefile +++ b/core/Makefile @@ -71,9 +71,9 @@ BUILD_VERSION_TAGS := $(BUILD_VERSION_TAGS) ifeq ($(TARGET_BUILD_TYPE),debug) BUILD_VERSION_TAGS += debug endif -# Apps are always signed with test keys, and may be re-signed in a post-build -# step. If that happens, the "test-keys" tag will be removed by that step. -BUILD_VERSION_TAGS += test-keys +# Apps are always signed with dev keys, and may be re-signed in a post-build +# step. If that happens, the "dev-keys" tag will be removed by that step. +BUILD_VERSION_TAGS += dev-keys BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS))) # A human-readable string that descibes this build in detail. @@ -258,11 +258,11 @@ endif # ----------------------------------------------------------------- -# The test key is used to sign this package, and as the key required +# The dev key is used to sign this package, and as the key required # for future OTA packages installed by this system. Actual product # deliverables will be re-signed by hand. We expect this file to # exist with the suffixes ".x509.pem" and ".pk8". -DEFAULT_KEY_CERT_PAIR := $(SRC_TARGET_DIR)/product/security/testkey +DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) # Rules that need to be present for the all targets, even @@ -649,9 +649,9 @@ ifdef BOARD_KERNEL_PAGESIZE endif # Keys authorized to sign OTA packages this build will accept. The -# build always uses test-keys for this; release packaging tools will +# build always uses dev-keys for this; release packaging tools will # substitute other keys for this one. -OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem +OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem # Generate a file containing the keys that will be read by the # recovery binary. @@ -1097,6 +1097,7 @@ endif ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG $(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt endif + $(hide) echo "default_system_dev_certificate=$(DEFAULT_SYSTEM_DEV_CERTIFICATE)" >> $(zip_root)/META/misc_info.txt ifdef PRODUCT_EXTRA_RECOVERY_KEYS $(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt endif diff --git a/core/config.mk b/core/config.mk index c4f08fd..41e60ea 100644 --- a/core/config.mk +++ b/core/config.mk @@ -288,6 +288,13 @@ APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/doclava$( APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX) APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)" +# The default key if not set as LOCAL_CERTIFICATE +ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE + DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE) +else + DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey +endif + # ############################################################### # Set up final options. # ############################################################### diff --git a/core/package.mk b/core/package.mk index e79059a..7bc5be4 100644 --- a/core/package.mk +++ b/core/package.mk @@ -299,20 +299,20 @@ endif # Secure release builds will have their packages signed after the fact, # so it's ok for these private keys to be in the clear. ifeq ($(LOCAL_CERTIFICATE),) - LOCAL_CERTIFICATE := testkey + LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) endif ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) # The special value "EXTERNAL" means that we will sign it with the - # default testkey, apply predexopt, but then expect the final .apk + # default devkey, apply predexopt, but then expect the final .apk # (after dexopting) to be signed by an outside tool. - LOCAL_CERTIFICATE := testkey + LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1 endif # If this is not an absolute certificate, assign it to a generic one. ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) - LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) + LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif private_key := $(LOCAL_CERTIFICATE).pk8 certificate := $(LOCAL_CERTIFICATE).x509.pem diff --git a/core/prebuilt.mk b/core/prebuilt.mk index 935bce1..8c03341 100644 --- a/core/prebuilt.mk +++ b/core/prebuilt.mk @@ -93,7 +93,7 @@ ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) # # This can be used for packages where we don't have access to the # keys, but want the package to be predexopt'ed. - LOCAL_CERTIFICATE := testkey + LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1 endif ifeq ($(LOCAL_CERTIFICATE),) @@ -114,7 +114,7 @@ else ifeq ($(LOCAL_CERTIFICATE),PRESIGNED) else # If this is not an absolute certificate, assign it to a generic one. ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) - LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) + LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8 diff --git a/core/product.mk b/core/product.mk index 2efc446..72cb2f7 100644 --- a/core/product.mk +++ b/core/product.mk @@ -82,7 +82,9 @@ _product_var_list := \ PRODUCT_SDK_ADDON_COPY_FILES \ PRODUCT_SDK_ADDON_COPY_MODULES \ PRODUCT_SDK_ADDON_DOC_MODULE \ - PRODUCT_DEFAULT_WIFI_CHANNELS + PRODUCT_DEFAULT_WIFI_CHANNELS \ + PRODUCT_DEFAULT_DEV_CERTIFICATE \ + define dump-product $(info ==== $(1) ====)\ @@ -232,6 +234,9 @@ _product_stash_var_list += \ BOARD_INSTALLER_CMDLINE \ +_product_stash_var_list += \ + DEFAULT_SYSTEM_DEV_CERTIFICATE + # # Stash vaues of the variables in _product_stash_var_list. # $(1): Renamed prefix diff --git a/core/product_config.mk b/core/product_config.mk index 1567f6d..e673d5c 100644 --- a/core/product_config.mk +++ b/core/product_config.mk @@ -112,8 +112,8 @@ ifdef product_goals # The build server wants to do make PRODUCT-dream-installclean # which really means TARGET_PRODUCT=dream make installclean. ifneq ($(filter-out $(INTERNAL_VALID_VARIANTS),$(TARGET_BUILD_VARIANT)),) - MAKECMDGOALS := $(MAKECMDGOALS) $(TARGET_BUILD_VARIANT) - TARGET_BUILD_VARIANT := eng + MAKECMDGOALS := $(MAKECMDGOALS) $(TARGET_BUILD_VARIANT) + TARGET_BUILD_VARIANT := eng default_goal_substitution := else default_goal_substitution := $(DEFAULT_GOAL) @@ -232,8 +232,8 @@ PRODUCT_AAPT_CONFIG := $(PRODUCT_LOCALES) $(PRODUCT_AAPT_CONFIG) # Default to medium-density assets. # (Can be overridden in the device config, e.g.: PRODUCT_AAPT_CONFIG += hdpi) PRODUCT_AAPT_CONFIG := $(strip \ - $(PRODUCT_AAPT_CONFIG) \ - $(if $(filter %dpi,$(PRODUCT_AAPT_CONFIG)),,mdpi)) + $(PRODUCT_AAPT_CONFIG) \ + $(if $(filter %dpi,$(PRODUCT_AAPT_CONFIG)),,mdpi)) # Everyone gets nodpi assets which are density-independent. PRODUCT_AAPT_CONFIG += nodpi @@ -241,7 +241,7 @@ PRODUCT_AAPT_CONFIG += nodpi # Convert spaces to commas. comma := , PRODUCT_AAPT_CONFIG := \ - $(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG))) + $(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG))) PRODUCT_BRAND := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_BRAND)) @@ -251,7 +251,7 @@ ifndef PRODUCT_MODEL endif PRODUCT_MANUFACTURER := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER)) ifndef PRODUCT_MANUFACTURER PRODUCT_MANUFACTURER := unknown endif @@ -263,7 +263,16 @@ else endif PRODUCT_DEFAULT_WIFI_CHANNELS := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS)) + +PRODUCT_DEFAULT_DEV_CERTIFICATE := \ + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_DEV_CERTIFICATE)) +ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE +ifneq (1,$(words $(PRODUCT_DEFAULT_DEV_CERTIFICATE))) + $(error PRODUCT_DEFAULT_DEV_CERTIFICATE='$(PRODUCT_DEFAULT_DEV_CERTIFICATE)', \ + only 1 certificate is allowed.) +endif +endif # A list of words like <source path>:<destination path>. The file at # the source path should be copied to the destination path when building @@ -271,26 +280,26 @@ PRODUCT_DEFAULT_WIFI_CHANNELS := \ # it should look like, e.g., "system/etc/file.xml". The rules # for these copy steps are defined in config/Makefile. PRODUCT_COPY_FILES := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COPY_FILES)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COPY_FILES)) # The HTML file containing the contributors to the project. PRODUCT_CONTRIBUTORS_FILE := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CONTRIBUTORS_FILE)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CONTRIBUTORS_FILE)) # A list of property assignments, like "key = value", with zero or more # whitespace characters on either side of the '='. PRODUCT_PROPERTY_OVERRIDES := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES)) # A list of property assignments, like "key = value", with zero or more # whitespace characters on either side of the '='. # used for adding properties to default.prop PRODUCT_DEFAULT_PROPERTY_OVERRIDES := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES)) # Should we use the default resources or add any product specific overlays PRODUCT_PACKAGE_OVERLAYS := \ - $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGE_OVERLAYS)) + $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGE_OVERLAYS)) DEVICE_PACKAGE_OVERLAYS := \ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).DEVICE_PACKAGE_OVERLAYS)) @@ -299,8 +308,8 @@ PRODUCT_TAGS := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_TAGS)) # Add the product-defined properties to the build properties. ADDITIONAL_BUILD_PROPERTIES := \ - $(ADDITIONAL_BUILD_PROPERTIES) \ - $(PRODUCT_PROPERTY_OVERRIDES) + $(ADDITIONAL_BUILD_PROPERTIES) \ + $(PRODUCT_PROPERTY_OVERRIDES) # The OTA key(s) specified by the product config, if any. The names # of these keys are stored in the target-files zip so that post-build |