summaryrefslogtreecommitdiffstats
path: root/tools/releasetools/sign_target_files_apks
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Add temporary hack to help with merge resolution."Adnan Begovic2015-10-061-514/+1
| | | | | | This reverts commit d2fbc25a6761fa15e72bc25c114c4e5f91adeb24. Change-Id: I861c39c2775f4d6ca57c058fcd9aced6d5b6be0e
* Store the base64 release key in the OTA zipsRicardo Cerqueira2015-10-061-0/+8
| | | | | | | | This can be directly grepped in pre-existing package.xml tables to make sure we're not trying to update to a differently signed build Change-Id: I7528a8e7c484ea9209cd665b9263328ae834586a
* Don't make assumptions about the formats of build descriptionsRicardo Cerqueira2015-10-061-1/+1
| | | | Change-Id: Id83a7594e9e1b9b4ffbdbaba695506d8d0d21a46
* Add temporary hack to help with merge resolution.Adnan Begovic2015-10-061-1/+506
| | | | Change-Id: I1207daf17c2bd3f7f18e35a7705635752535942f
* Make releasetools pylint clean.Dan Albert2015-03-241-502/+1
| | | | | | | | This caught a few bugs/syntax errors (a few character classes were not escaped properly in regex patterns, some indentation was illegal, etc). Change-Id: I50637607524e68c4fb9cad7167f58a46b8d26b2c
* am c6af9b8f: am 28b2b00a: Merge "Update vendor fingerprint." into lmp-mr1-devJesse Zhao2015-02-071-0/+1
|\ | | | | | | | | * commit 'c6af9b8f4a09cc4208ad119218f57022d6fead5b': Update vendor fingerprint.
| * Update vendor fingerprint.Jesse Zhao2015-02-061-0/+1
| | | | | | | | | | Change-Id: I5d4abdff8b7b13e01271440f4d4f2ffe1b015b71 Bug: 19257598
* | am 34a1bdeb: am ea1dc699: Merge "Rewrite ↵Michael Runge2014-12-151-2/+2
|\ \ | |/ | | | | | | | | | | ro.vendor.build.fingerprint/thumbprint on signing" into lmp-mr1-dev * commit '34a1bdeb333ab15ddc3840ac3e5d1e8c3245d44a': Rewrite ro.vendor.build.fingerprint/thumbprint on signing
| * Rewrite ro.vendor.build.fingerprint/thumbprint on signingMichael Runge2014-12-091-2/+2
| | | | | | | | | | | | | | | | This should also indicate release-keys. Bug: 18281807 Change-Id: I8d2568ca346625b91384f7e639d9c92e97587755
* | sign_target_files_apks: fix recovery patch generationAndrew Boie2014-11-111-2/+6
|/ | | | | | | | | | | | When rebuilding recovery, the boot images created for patching purposes still were being signed with the old verity key and not the new one specified on the command line. In addition, the replacement verity public key in the boot ramdisk wasn't being used. Change-Id: I451e17d1cf08c507580c4b58134c1069532740e8 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Fix public/private key options on sign_target_files_apksMichael Runge2014-10-141-4/+4
| | | | | | | | The if statements appear to check for public_signing and then calls the private_signing function, and vice versa. Change-Id: I4511b9bcf0e03b9ba49b69eb80db84cf31d77020
* Add support for switching to verity release keys.Geremy Condra2014-08-201-2/+33
| | | | | Bug: 15725238 Change-Id: I8f92210fd854b5a2567cf76aaecb5be02c3f9293
* store images in target-filesDoug Zongker2014-07-311-0/+5
| | | | | | | | | | | | | | | | | | | | | | Store sparse images in the target-files, and use those (when they're available) for building block OTAs. - New script add_img_to_target_files is added to make the images and add them to the IMAGES/ subdir in the target-files. It gets run from the Makefile when building a target-files. - img_from_target_files becomes mostly vestigial: it creates the img.zip by just copying the images out of the target-files. (It still knows how to build images for use on older target-files.) - ota_from_target_files uses images from the target-files in preference to rebuilding images from the source files. - sign_apk_target_files builds images and includes them in its output target files (even if the input target-files didn't have them). Bug: 16488065 Change-Id: I444e0d722d636978209467ffc01750a585c6db75
* Add sprout support to signing toolsMichael Runge2014-06-031-5/+12
| | | | | | Bug: 15379701 Change-Id: Ied8329e1162250cc5509b65ef8bf0b5a9ddda3c3
* Merge "rebuild recovery patch in sign_target_files_apks"Doug Zongker2014-02-201-8/+66
|\
| * rebuild recovery patch in sign_target_files_apksDoug Zongker2014-02-131-8/+66
| | | | | | | | | | | | | | | | | | | | | | The target_files zip should now contain the recovery-from-boot patch and the script to install it. This means that sign_target_files_apks, which generates a signed target_files from an unsigned target_files, now needs to recompute the patch and script (taking into account the key replacement, property changes, etc., that it does) so its output contains the correct patch. Change-Id: I18afd73864ba5c480b7ec11de19d1f5e7763a8c0
* | bump releasetools python requirement to 2.7Doug Zongker2014-02-181-2/+2
|/ | | | | | | These scripts already use some post-2.4 features, so let's make it official: Python 2.7 is needed to run them. Change-Id: I256e9ed99b0b62abe4e22a7b1f811acb7419e88e
* sign_target_files_apks: rewrite build.prop correctly in eng buildsAndrew Boie2013-12-111-2/+3
| | | | | | | | | In eng builds, ro.display.id has many space separated items and was resulting in an error when trying to rewrite it as 'value' gets turned into a list and never converted back to a string. Change-Id: I6c8633ed2eb52c56a4097992a32d53d80df4f844 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* am 0a7e26e2: am a3f69c93: Merge "Modify release tools to replace certs in ↵Ying Wang2013-08-091-0/+36
|\ | | | | | | | | | | | | MMAC files." * commit '0a7e26e29dfb5efbb008ced7509931e5e5eb4d71': Modify release tools to replace certs in MMAC files.
| * Modify release tools to replace certs in MMAC files.Robert Craig2013-08-091-0/+36
| | | | | | | | | | | | | | | | | | Added support to perform a string replace of specified dev keys with release keys when using the release tool scripts. Change-Id: Id0e945b0d62720c41f5ca9764a00de4bcdecaab4 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
| * Add support for using custom signapk.jar.T.R. Fullhart2013-06-051-3/+3
| | | | | | | | | | | | | | | | | | Details: * New --signapk_path, --extra_signapk_args, --java_path. * New --public_key_suffix, --private_key_suffix so you can change the filenames. * Fixes raising exceptions on error. Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4 (cherry picked from commit a28acc6972ce35e9dfab061f175e229859d3e4db)
* | distinguish signed and unsigned user builds in UIDoug Zongker2013-07-231-0/+5
| | | | | | | | | | | | | | | | | | Add "dev-keys" or "test-keys" to the value of ro.build.display.id for user builds. (This is the property that is displayed under "Build number" in the Settings UI.) Modify the signing script to remove the keys tag from this value when signing. Change-Id: I3d9d92056f8567d7f84b1be047619be7c6e4c419
* | Add support for using custom signapk.jar.T.R. Fullhart2013-06-051-3/+3
|/ | | | | | | | | Details: * New --signapk_path, --extra_signapk_args, --java_path. * New --public_key_suffix, --private_key_suffix so you can change the filenames. * Fixes raising exceptions on error. Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
* add missing parameter to ReplaceOtaKeysDoug Zongker2011-10-051-1/+1
| | | | Change-Id: Ib596235a8e3b3588d363fea82b92b69895ee5408
* change OTA tools to handle variable dev keysDoug Zongker2011-10-041-20/+42
| | | | | | | | The signing and OTA-building tools now understand the default_sys_dev_certificate value which may be present in the META/misc_info.txt file of the target-files packages. Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
* support TARGET_EXTRA_RECOVERY_KEYSDoug Zongker2011-02-011-2/+17
| | | | | | | | | | | Specifying one or more key files (without .x509.pem extension) as TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable keys for recovery packages. They are *not* included in otacerts.zip, so actual downloaded over-the-air packages can't use them, but they can be used to sign sideload-only packages. Bug: 3413359 Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776
* update ro.build.tags when signing release buildsDoug Zongker2010-01-111-16/+21
| | | | | | | | | Apply the same changes to tags to ro.build.tags that we do for the tags in the fingerprint (ro.build.fingerprint) and the description (ro.build.description). Change-Id: Ie5a057d8f04cbc32d849f91e1f9d2ea7832e81f6 http://b/2363735 - release-key user builds ship with property ro.build.tags == test-keys
* map -e with no cert to PRESIGNEDDoug Zongker2009-12-151-0/+2
| | | | Needed for backwards compatibility with scripts that use -e.
* add "EXTERNAL" as special value of LOCAL_CERTIFICATEDoug Zongker2009-12-151-16/+9
| | | | | | | | | Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a prebuilt or otherwise) as needing the default test key within the system, but one that should be signed after the target_files is produced but before sign_target_files_apks does the rest of the signing. (We use this to ship apps on the system that are signed by third parties, like Facebook.)
* include pre-signed prebuilt .apks in apkcerts.txtDoug Zongker2009-12-141-3/+9
|
* remove shared_uid cert check from sign_targt_file_apksDoug Zongker2009-12-101-63/+0
| | | | | This check (and others) are now done by the separate script check_target_files_signatures; the one here is redundant.
* stop adding ota-rel-keys tag when signingDoug Zongker2009-10-221-2/+2
| | | | | ota-rel-keys is now redundant with release-keys, since there are no "half-signed" builds any more.
* am e05628cc: fix signing user buildsDoug Zongker2009-08-201-2/+7
|\ | | | | | | | | | | | | Merge commit 'e05628cc8df4ec4b69befa9652d81eb81f0ab008' into eclair * commit 'e05628cc8df4ec4b69befa9652d81eb81f0ab008': fix signing user builds
| * fix signing user buildsDoug Zongker2009-08-201-2/+7
| | | | | | | | | | | | | | | | | | | | | | When unzipping a target-files which has been signed with OTA key replacement, you'll get "overwrite this file?" prompts because the key files appear in the zip files twice. Suppress these prompts. Many developer phone products don't define PRODUCT_OTA_PUBLIC_KEYS, so add a default key. This change doesn't affect device code.
* | support hooks for device-specific code in OTA package generationDoug Zongker2009-06-221-10/+3
|/ | | | | | | | Replace the installation of the "radio image", which is an HTC-specific notion, with calls to device-specific python modules that can add whatever additional OTA script commands are necessary. Add the -s flag to specify the location of the device-specific script (replacing the unused -s flag in sign_target_files_apks).
* fix releasetools for non-linux architecturesDoug Zongker2009-06-181-1/+3
| | | | | | The ota and img building scripts contained some hardcoded 'linux-x86' paths. Remove and replace with a slightly redefined -p option. Modify Makefile to pass correct -p when building.
* fix archive files being created with perms 000Doug Zongker2009-06-151-3/+3
| | | | | | | In python 2.5 and earlier, ZipFile.writestr(filename, data) results in the file being added to the archive with permissions 000. (See http://svn.python.org/view?view=rev&revision=65235.) Work around this by creating a ZipInfo object and setting the permissions explicitly.
* improve password entry for signing keysDoug Zongker2009-05-221-2/+2
| | | | | | | | | | | | | Allow the user to set ANDROID_PW_FILE to the name of a file for storing password keys. When the tools need additional passwords, they will rewrite this file and invoke the user's editor for the new passwords to be added. This allows passwords to be reused across invocations of the signing tools, without making the user reenter them every time. Paranoid users can use a file stored in a ramdisk, or not use this feature at all (the code will prompt for passwords in the ordinary way when ANDROID_PW_FILE is not set).
* make sure package keys are consistent with shared usersDoug Zongker2009-05-201-22/+86
| | | | | | | All APKs that want to share a given user id must be signed with the same key. Look inside each APK for what (if any) shared user id it requests, and error out if any with the same shared user are being signed with different keys.
* generalize -t option to add and remove tags in fingerprintsDoug Zongker2009-04-211-20/+27
| | | | | | To support devphone and holiday builds we need more control over the build fingerprint tags; generalize the -t option so we can arbitrarily add and remove tags.
* add option to modify build fingerprint tags when signingDoug Zongker2009-04-171-14/+49
| | | | | | Adds the -t option to sign_target_files_apks, which lets the user specify extra tags that should be added to the build fingerprint during the signing process.
* make unsigned apks explicitDoug Zongker2009-04-141-6/+22
| | | | | Allow user to explicitly specify that an apk is not to be re-signed. Fail if we have any apks that for which no key is provided.
* Merge branch 'readonly-p4-donut' into donutDoug Zongker2009-04-141-3/+7
|\
| * AI 146194: am: CL 146193 Fix signing script so keys specified in -e options ↵Doug Zongker2009-04-141-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | get passed through the key map. Clarify the help for the -e option to make clear this should happen. (This change doesn't affect device code.) Original author: dougz Merged from: //branches/cupcake/... Automated import of CL 146194
* | update the cert used for OTA verification when signingDoug Zongker2009-04-061-8/+63
|/ | | | | | | | | The build system now (in donut) produces builds that use the testkey cert for OTA package verification. Change the app-signing script to also optionally substitute the "real" cert in both the recovery and system images. Also fix bug where the build fingerprint and description were not getting properly updated in the recovery partition.
* AI 144270: am: CL 144269 Relocate the new (google-indepedent) tools for ↵Doug Zongker2009-04-021-0/+193
signing and building images & OTA packages out of vendor/google. No device code is touched by this change. Original author: dougz Merged from: //branches/cupcake/... Automated import of CL 144270
generated by cgit v1.1 at 2024-06-11 12:25:29 +0000