summaryrefslogtreecommitdiffstats
path: root/tools/releasetools
diff options
context:
space:
mode:
authorDoug Zongker <dougz@android.com>2009-08-14 12:44:19 -0700
committerDoug Zongker <dougz@android.com>2009-08-14 14:07:15 -0700
commit951495fc4802a3603f654c02c7acceda4859f5e1 (patch)
tree0e585aa71637e8e93a3b2d09ec560d49f0a38ba3 /tools/releasetools
parentc6cf01a1170c3a7a5b03135b01cf97f06e1b953d (diff)
downloadbuild-951495fc4802a3603f654c02c7acceda4859f5e1.zip
build-951495fc4802a3603f654c02c7acceda4859f5e1.tar.gz
build-951495fc4802a3603f654c02c7acceda4859f5e1.tar.bz2
update OTA package maker to do whole-file signature
Use the new -w flag to SignApk when signing OTA packages.
Diffstat (limited to 'tools/releasetools')
-rw-r--r--tools/releasetools/common.py23
-rwxr-xr-xtools/releasetools/ota_from_target_files3
2 files changed, 17 insertions, 9 deletions
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 8ca7781..feb8ce3 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -185,14 +185,20 @@ def GetKeyPasswords(keylist):
return key_passwords
-def SignFile(input_name, output_name, key, password, align=None):
+def SignFile(input_name, output_name, key, password, align=None,
+ whole_file=False):
"""Sign the input_name zip/jar/apk, producing output_name. Use the
given key and password (the latter may be None if the key does not
have a password.
If align is an integer > 1, zipalign is run to align stored files in
the output zip on 'align'-byte boundaries.
+
+ If whole_file is true, use the "-w" option to SignApk to embed a
+ signature that covers the whole file in the archive comment of the
+ zip file.
"""
+
if align == 0 or align == 1:
align = None
@@ -202,13 +208,14 @@ def SignFile(input_name, output_name, key, password, align=None):
else:
sign_name = output_name
- p = Run(["java", "-jar",
- os.path.join(OPTIONS.search_path, "framework", "signapk.jar"),
- key + ".x509.pem",
- key + ".pk8",
- input_name, sign_name],
- stdin=subprocess.PIPE,
- stdout=subprocess.PIPE)
+ cmd = ["java", "-jar",
+ os.path.join(OPTIONS.search_path, "framework", "signapk.jar")]
+ if whole_file:
+ cmd.append("-w")
+ cmd.extend([key + ".x509.pem", key + ".pk8",
+ input_name, sign_name])
+
+ p = Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
if password is not None:
password += "\n"
p.communicate(password)
diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files
index 864c35b..dbb38f2 100755
--- a/tools/releasetools/ota_from_target_files
+++ b/tools/releasetools/ota_from_target_files
@@ -273,7 +273,8 @@ def SignOutput(temp_zip_name, output_zip_name):
key_passwords = common.GetKeyPasswords([OPTIONS.package_key])
pw = key_passwords[OPTIONS.package_key]
- common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw)
+ common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw,
+ whole_file=True)
def AppendAssertions(script, input_zip):