From 951495fc4802a3603f654c02c7acceda4859f5e1 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Fri, 14 Aug 2009 12:44:19 -0700 Subject: update OTA package maker to do whole-file signature Use the new -w flag to SignApk when signing OTA packages. --- tools/releasetools/common.py | 23 +++++++++++++++-------- tools/releasetools/ota_from_target_files | 3 ++- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'tools') diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 8ca7781..feb8ce3 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -185,14 +185,20 @@ def GetKeyPasswords(keylist): return key_passwords -def SignFile(input_name, output_name, key, password, align=None): +def SignFile(input_name, output_name, key, password, align=None, + whole_file=False): """Sign the input_name zip/jar/apk, producing output_name. Use the given key and password (the latter may be None if the key does not have a password. If align is an integer > 1, zipalign is run to align stored files in the output zip on 'align'-byte boundaries. + + If whole_file is true, use the "-w" option to SignApk to embed a + signature that covers the whole file in the archive comment of the + zip file. """ + if align == 0 or align == 1: align = None @@ -202,13 +208,14 @@ def SignFile(input_name, output_name, key, password, align=None): else: sign_name = output_name - p = Run(["java", "-jar", - os.path.join(OPTIONS.search_path, "framework", "signapk.jar"), - key + ".x509.pem", - key + ".pk8", - input_name, sign_name], - stdin=subprocess.PIPE, - stdout=subprocess.PIPE) + cmd = ["java", "-jar", + os.path.join(OPTIONS.search_path, "framework", "signapk.jar")] + if whole_file: + cmd.append("-w") + cmd.extend([key + ".x509.pem", key + ".pk8", + input_name, sign_name]) + + p = Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE) if password is not None: password += "\n" p.communicate(password) diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files index 864c35b..dbb38f2 100755 --- a/tools/releasetools/ota_from_target_files +++ b/tools/releasetools/ota_from_target_files @@ -273,7 +273,8 @@ def SignOutput(temp_zip_name, output_zip_name): key_passwords = common.GetKeyPasswords([OPTIONS.package_key]) pw = key_passwords[OPTIONS.package_key] - common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw) + common.SignFile(temp_zip_name, output_zip_name, OPTIONS.package_key, pw, + whole_file=True) def AppendAssertions(script, input_zip): -- cgit v1.1