diff options
author | Doug Zongker <dougz@android.com> | 2011-02-01 14:13:52 -0800 |
---|---|---|
committer | Doug Zongker <dougz@android.com> | 2011-02-01 14:13:52 -0800 |
commit | e121d6acf47c3056e079ff62c82171e889cec3e0 (patch) | |
tree | 2656ef9b50282c3f588665964ff7255af7388547 /tools/releasetools | |
parent | 91aea02de8e389aa2f9c01ab189c30323f7c9569 (diff) | |
download | build-e121d6acf47c3056e079ff62c82171e889cec3e0.zip build-e121d6acf47c3056e079ff62c82171e889cec3e0.tar.gz build-e121d6acf47c3056e079ff62c82171e889cec3e0.tar.bz2 |
support TARGET_EXTRA_RECOVERY_KEYS
Specifying one or more key files (without .x509.pem extension) as
TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable
keys for recovery packages. They are *not* included in otacerts.zip,
so actual downloaded over-the-air packages can't use them, but they
can be used to sign sideload-only packages.
Bug: 3413359
Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776
Diffstat (limited to 'tools/releasetools')
-rwxr-xr-x | tools/releasetools/sign_target_files_apks | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks index 5fca691..5353063 100755 --- a/tools/releasetools/sign_target_files_apks +++ b/tools/releasetools/sign_target_files_apks @@ -204,6 +204,17 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip): except KeyError: raise ExternalError("can't read META/otakeys.txt from input") + misc_info = common.LoadInfoDict(input_tf_zip) + + extra_recovery_keys = misc_info.get("extra_recovery_keys", None) + if extra_recovery_keys: + extra_recovery_keys = [OPTIONS.key_map.get(k, k) + ".x509.pem" + for k in extra_recovery_keys.split()] + if extra_recovery_keys: + print "extra recovery-only key(s): " + ", ".join(extra_recovery_keys) + else: + extra_recovery_keys = [] + mapped_keys = [] for k in keylist: m = re.match(r"^(.*)\.x509\.pem$", k) @@ -217,15 +228,18 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip): print "for OTA package verification" else: mapped_keys.append( - OPTIONS.key_map["build/target/product/security/testkey"] + ".x509.pem") + OPTIONS.key_map.get("build/target/product/security/testkey", + "build/target/product/security/testkey") + + ".x509.pem") print "META/otakeys.txt has no keys; using", mapped_keys[0] # recovery uses a version of the key that has been slightly # predigested (by DumpPublicKey.java) and put in res/keys. + # extra_recovery_keys are used only in recovery. p = common.Run(["java", "-jar", os.path.join(OPTIONS.search_path, "framework", "dumpkey.jar")] - + mapped_keys, + + mapped_keys + extra_recovery_keys, stdout=subprocess.PIPE) data, _ = p.communicate() if p.returncode != 0: @@ -234,6 +248,7 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip): # SystemUpdateActivity uses the x509.pem version of the keys, but # put into a zipfile system/etc/security/otacerts.zip. + # We DO NOT include the extra_recovery_keys (if any) here. tempfile = cStringIO.StringIO() certs_zip = zipfile.ZipFile(tempfile, "w") |