| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This reverts commit d2fbc25a6761fa15e72bc25c114c4e5f91adeb24.
Change-Id: I861c39c2775f4d6ca57c058fcd9aced6d5b6be0e
|
|
|
|
|
|
|
|
| |
This can be directly grepped in pre-existing package.xml tables
to make sure we're not trying to update to a differently signed
build
Change-Id: I7528a8e7c484ea9209cd665b9263328ae834586a
|
|
|
|
| |
Change-Id: Id83a7594e9e1b9b4ffbdbaba695506d8d0d21a46
|
|
|
|
| |
Change-Id: I1207daf17c2bd3f7f18e35a7705635752535942f
|
|
|
|
|
|
|
|
| |
This caught a few bugs/syntax errors (a few character classes were not
escaped properly in regex patterns, some indentation was illegal,
etc).
Change-Id: I50637607524e68c4fb9cad7167f58a46b8d26b2c
|
|\
| |
| |
| |
| | |
* commit 'c6af9b8f4a09cc4208ad119218f57022d6fead5b':
Update vendor fingerprint.
|
| |
| |
| |
| |
| | |
Change-Id: I5d4abdff8b7b13e01271440f4d4f2ffe1b015b71
Bug: 19257598
|
|\ \
| |/
| |
| |
| |
| |
| | |
ro.vendor.build.fingerprint/thumbprint on signing" into lmp-mr1-dev
* commit '34a1bdeb333ab15ddc3840ac3e5d1e8c3245d44a':
Rewrite ro.vendor.build.fingerprint/thumbprint on signing
|
| |
| |
| |
| |
| |
| |
| |
| | |
This should also indicate release-keys.
Bug: 18281807
Change-Id: I8d2568ca346625b91384f7e639d9c92e97587755
|
|/
|
|
|
|
|
|
|
|
|
|
| |
When rebuilding recovery, the boot images created for patching
purposes still were being signed with the old verity key and
not the new one specified on the command line.
In addition, the replacement verity public key in the boot ramdisk
wasn't being used.
Change-Id: I451e17d1cf08c507580c4b58134c1069532740e8
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
|
|
|
|
|
|
|
|
| |
The if statements appear to check for public_signing
and then calls the private_signing function, and vice
versa.
Change-Id: I4511b9bcf0e03b9ba49b69eb80db84cf31d77020
|
|
|
|
|
| |
Bug: 15725238
Change-Id: I8f92210fd854b5a2567cf76aaecb5be02c3f9293
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Store sparse images in the target-files, and use those (when they're
available) for building block OTAs.
- New script add_img_to_target_files is added to make the images and
add them to the IMAGES/ subdir in the target-files. It gets run
from the Makefile when building a target-files.
- img_from_target_files becomes mostly vestigial: it creates the
img.zip by just copying the images out of the target-files. (It
still knows how to build images for use on older target-files.)
- ota_from_target_files uses images from the target-files in
preference to rebuilding images from the source files.
- sign_apk_target_files builds images and includes them in its output
target files (even if the input target-files didn't have them).
Bug: 16488065
Change-Id: I444e0d722d636978209467ffc01750a585c6db75
|
|
|
|
|
|
| |
Bug: 15379701
Change-Id: Ied8329e1162250cc5509b65ef8bf0b5a9ddda3c3
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The target_files zip should now contain the recovery-from-boot patch
and the script to install it. This means that sign_target_files_apks,
which generates a signed target_files from an unsigned target_files,
now needs to recompute the patch and script (taking into account the
key replacement, property changes, etc., that it does) so its output
contains the correct patch.
Change-Id: I18afd73864ba5c480b7ec11de19d1f5e7763a8c0
|
|/
|
|
|
|
|
| |
These scripts already use some post-2.4 features, so let's make it
official: Python 2.7 is needed to run them.
Change-Id: I256e9ed99b0b62abe4e22a7b1f811acb7419e88e
|
|
|
|
|
|
|
|
|
| |
In eng builds, ro.display.id has many space separated items and was
resulting in an error when trying to rewrite it as 'value' gets
turned into a list and never converted back to a string.
Change-Id: I6c8633ed2eb52c56a4097992a32d53d80df4f844
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
|
|\
| |
| |
| |
| |
| |
| | |
MMAC files."
* commit '0a7e26e29dfb5efbb008ced7509931e5e5eb4d71':
Modify release tools to replace certs in MMAC files.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added support to perform a string replace of specified
dev keys with release keys when using the release tool
scripts.
Change-Id: Id0e945b0d62720c41f5ca9764a00de4bcdecaab4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
(cherry picked from commit a28acc6972ce35e9dfab061f175e229859d3e4db)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add "dev-keys" or "test-keys" to the value of ro.build.display.id for
user builds. (This is the property that is displayed under "Build
number" in the Settings UI.) Modify the signing script to remove the
keys tag from this value when signing.
Change-Id: I3d9d92056f8567d7f84b1be047619be7c6e4c419
|
|/
|
|
|
|
|
|
|
| |
Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
|
|
|
|
| |
Change-Id: Ib596235a8e3b3588d363fea82b92b69895ee5408
|
|
|
|
|
|
|
|
| |
The signing and OTA-building tools now understand the
default_sys_dev_certificate value which may be present in the
META/misc_info.txt file of the target-files packages.
Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
|
|
|
|
|
|
|
|
|
|
|
| |
Specifying one or more key files (without .x509.pem extension) as
TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable
keys for recovery packages. They are *not* included in otacerts.zip,
so actual downloaded over-the-air packages can't use them, but they
can be used to sign sideload-only packages.
Bug: 3413359
Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776
|
|
|
|
|
|
|
|
|
| |
Apply the same changes to tags to ro.build.tags that we do for the
tags in the fingerprint (ro.build.fingerprint) and the description
(ro.build.description).
Change-Id: Ie5a057d8f04cbc32d849f91e1f9d2ea7832e81f6
http://b/2363735 - release-key user builds ship with property ro.build.tags == test-keys
|
|
|
|
| |
Needed for backwards compatibility with scripts that use -e.
|
|
|
|
|
|
|
|
|
| |
Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a
prebuilt or otherwise) as needing the default test key within the
system, but one that should be signed after the target_files is
produced but before sign_target_files_apks does the rest of the
signing. (We use this to ship apps on the system that are signed by
third parties, like Facebook.)
|
| |
|
|
|
|
|
| |
This check (and others) are now done by the separate script
check_target_files_signatures; the one here is redundant.
|
|
|
|
|
| |
ota-rel-keys is now redundant with release-keys, since there are no
"half-signed" builds any more.
|
|\
| |
| |
| |
| |
| |
| | |
Merge commit 'e05628cc8df4ec4b69befa9652d81eb81f0ab008' into eclair
* commit 'e05628cc8df4ec4b69befa9652d81eb81f0ab008':
fix signing user builds
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When unzipping a target-files which has been signed with OTA key
replacement, you'll get "overwrite this file?" prompts because the key
files appear in the zip files twice. Suppress these prompts.
Many developer phone products don't define PRODUCT_OTA_PUBLIC_KEYS, so
add a default key.
This change doesn't affect device code.
|
|/
|
|
|
|
|
|
| |
Replace the installation of the "radio image", which is an
HTC-specific notion, with calls to device-specific python modules that
can add whatever additional OTA script commands are necessary. Add
the -s flag to specify the location of the device-specific script
(replacing the unused -s flag in sign_target_files_apks).
|
|
|
|
|
|
| |
The ota and img building scripts contained some hardcoded 'linux-x86'
paths. Remove and replace with a slightly redefined -p option.
Modify Makefile to pass correct -p when building.
|
|
|
|
|
|
|
| |
In python 2.5 and earlier, ZipFile.writestr(filename, data) results in
the file being added to the archive with permissions 000. (See
http://svn.python.org/view?view=rev&revision=65235.) Work around this
by creating a ZipInfo object and setting the permissions explicitly.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the user to set ANDROID_PW_FILE to the name of a file for
storing password keys. When the tools need additional passwords, they
will rewrite this file and invoke the user's editor for the new
passwords to be added. This allows passwords to be reused across
invocations of the signing tools, without making the user reenter them
every time.
Paranoid users can use a file stored in a ramdisk, or not use this
feature at all (the code will prompt for passwords in the ordinary way
when ANDROID_PW_FILE is not set).
|
|
|
|
|
|
|
| |
All APKs that want to share a given user id must be signed with the
same key. Look inside each APK for what (if any) shared user id it
requests, and error out if any with the same shared user are being
signed with different keys.
|
|
|
|
|
|
| |
To support devphone and holiday builds we need more control over the
build fingerprint tags; generalize the -t option so we can arbitrarily
add and remove tags.
|
|
|
|
|
|
| |
Adds the -t option to sign_target_files_apks, which lets the user
specify extra tags that should be added to the build fingerprint
during the signing process.
|
|
|
|
|
| |
Allow user to explicitly specify that an apk is not to be
re-signed. Fail if we have any apks that for which no key is provided.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
get passed
through the key map. Clarify the help for the -e option to
make clear this should happen.
(This change doesn't affect device code.)
Original author: dougz
Merged from: //branches/cupcake/...
Automated import of CL 146194
|
|/
|
|
|
|
|
|
|
| |
The build system now (in donut) produces builds that use the testkey
cert for OTA package verification. Change the app-signing script to
also optionally substitute the "real" cert in both the recovery and
system images. Also fix bug where the build fingerprint and
description were not getting properly updated in the recovery
partition.
|
|
signing and
building images & OTA packages out of vendor/google.
No device code is touched by this change.
Original author: dougz
Merged from: //branches/cupcake/...
Automated import of CL 144270
|