StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stop creating update_engine_payload_key

Browse Source 
Now the update_engine is able to read public keysfrom otacerts directly.
So the update_engine_payload_key is no longer needed.

Also remove the key replace in sign_target_files_apks.py. So we should
not use the new script to sign the old target files.

Bug: 116660991
Test: build the system image, unit tests pass
Change-Id: I9dae1f8b397f2b5efafed66a8faac1cb9087c741
This commit is contained in:
Tianjie Xu
2019-10-15 18:06:25 -07:00
parent 3654beb83d
commit 2df23d7f41
2 changed files with 2 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tools/releasetools/sign_target_files_apks.py
View File

@@ -557,14 +557,13 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
OPTIONS.rebuild_recovery = True
# Don't copy OTA certs if we're replacing them.
# Replacement of update-payload-key.pub.pem was removed in b/116660991.
elif (
OPTIONS.replace_ota_keys and
filename in (
"BOOT/RAMDISK/system/etc/security/otacerts.zip",
"BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem",
"RECOVERY/RAMDISK/system/etc/security/otacerts.zip",
"SYSTEM/etc/security/otacerts.zip",
"SYSTEM/etc/update_engine/update-payload-key.pub.pem")):
"SYSTEM/etc/security/otacerts.zip")):
pass
# Skip META/misc_info.txt since we will write back the new values later.
@@ -832,24 +831,6 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
# We DO NOT include the extra_recovery_keys (if any) here.
WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys)
# For A/B devices, update the payload verification key.
if misc_info.get("ab_update") == "true":
# Unlike otacerts.zip that may contain multiple keys, we can only specify
# ONE payload verification key.
if len(mapped_keys) > 1:
print("\n WARNING: Found more than one OTA keys; Using the first one"
" as payload verification key.\n\n")
print("Using %s for payload verification." % (mapped_keys[0],))
pubkey = common.ExtractPublicKey(mapped_keys[0])
common.ZipWriteStr(
output_tf_zip,
"SYSTEM/etc/update_engine/update-payload-key.pub.pem",
pubkey)
common.ZipWriteStr(
output_tf_zip,
"BOOT/RAMDISK/system/etc/update_engine/update-payload-key.pub.pem",
pubkey)
def ReplaceVerityPublicKey(output_zip, filename, key_path):