Avoid signing debuggable boot-debug.img
The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.
See the following for more details about boot-debug.img:
https://android-review.googlesource.com/c/platform/build/+/947857
Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
command fails:
./build/tools/releasetools/sign_target_files_apks \
out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
Merged-In: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
(cherry picked from commit 78369ebbc1)
This commit is contained in:
Bowgo Tsai
@@ -602,6 +602,13 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
|
|||||||
print(" Rewriting AVB public key of system_other in /product")
|
print(" Rewriting AVB public key of system_other in /product")
|
||||||
common.ZipWrite(output_tf_zip, public_key, filename)
|
common.ZipWrite(output_tf_zip, public_key, filename)
|
||||||
|
|
||||||
|
# Should NOT sign boot-debug.img.
|
||||||
|
elif filename in (
|
||||||
|
"BOOT/RAMDISK/force_debuggable",
|
||||||
|
"RECOVERY/RAMDISK/force_debuggable"
|
||||||
|
"RECOVERY/RAMDISK/first_stage_ramdisk/force_debuggable"):
|
||||||
|
raise common.ExternalError("debuggable boot.img cannot be signed")
|
||||||
|
|
||||||
# A non-APK file; copy it verbatim.
|
# A non-APK file; copy it verbatim.
|
||||||
else:
|
else:
|
||||||
common.ZipWriteStr(output_tf_zip, out_info, data)
|
common.ZipWriteStr(output_tf_zip, out_info, data)
|
||||||
|
|||||||
Reference in New Issue
Block a user