diff options
| author | Doug Zongker <dougz@android.com> | 2009-08-14 12:44:19 -0700 |
|---|---|---|
| committer | Doug Zongker <dougz@android.com> | 2009-08-14 14:07:15 -0700 |
| commit | 951495fc4802a3603f654c02c7acceda4859f5e1 (patch) | |
| tree | 0e585aa71637e8e93a3b2d09ec560d49f0a38ba3 /tools | |
| parent | c6cf01a1170c3a7a5b03135b01cf97f06e1b953d (diff) | |
| download | build-951495fc4802a3603f654c02c7acceda4859f5e1.zip build-951495fc4802a3603f654c02c7acceda4859f5e1.tar.gz build-951495fc4802a3603f654c02c7acceda4859f5e1.tar.bz2 | |
update OTA package maker to do whole-file signature
Use the new -w flag to SignApk when signing OTA packages.
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/releasetools/common.py | 23 | ||||
| -rwxr-xr-x | tools/releasetools/ota_from_target_files | 3 |
2 files changed, 17 insertions, 9 deletions
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 8ca7781..feb8ce3 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -185,14 +185,20 @@ def GetKeyPasswords(keylist): return key_passwords -def SignFile(input_name, output_name, key, password, align=None): +def SignFile(input_name, output_name, key, password, align=None, + whole_file=False): """Sign the input_name zip/jar/apk, producing output_name. Use the given key and password (the latter may be None if the key does not have a password. If align is an integer > 1, zipalign is run to align stored files in the output zip on 'align'-byte boundaries. + + If whole_file is true, use the "-w" option to SignApk to embed a + signature that covers the whole file in the archive comment of the + zip file. """ + if align == 0 or align == 1: align = None @@ -202,13 +208,14 @@ def SignFile(input_name, output_name, key, password, align=None): else: sign_name = output_name - p = Run(["java", "-jar", - os.path.join(OPTIONS.search_path, "framework", "signapk.jar"), - key + ".x509.pem", - key + ".pk8", - input_name, sign_name], - stdin=subprocess.PIPE, - stdout=subprocess.PIPE) + cmd = ["java", "-jar", + os.path.join(OPTIONS.search_path, "framework", "signapk.jar")] + if whole_file: + cmd.append("-w") + cmd.extend([key + ".x509.pem", key + ".pk8", + input_name, sign_name]) + + p = Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE) if password is not None: password += "\n" p.communicate(password) diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files index 864c35b..dbb38f2 100755 --- a/tools/releasetools/ota_from_target_files +++ b/tools/releasetools/ota_from_target_files @@ -273,7 +273,8 @@ def SignOutput(temp_zip_name, output_zip_name): key_passwords = common.GetKeyPasswords([OPTIONS.package_key]) pw = key_passwords[OPTIONS.package_key] - common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw) + common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw, + whole_file=True) def AppendAssertions(script, input_zip): |