StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support for product-specific dev keys.

Browse Source 
Change-Id: Id577a72ee9f7cd70e8ca77efcbf10a37885c7d6f
This commit is contained in:
Ying Wang
2011-10-04 10:50:08 -07:00
parent 6e69feed1a
commit 3c21fe5b12
6 changed files with 50 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/Makefile
View File

@@ -71,9 +71,9 @@ BUILD_VERSION_TAGS := $(BUILD_VERSION_TAGS)
ifeq ($(TARGET_BUILD_TYPE),debug) ifeq ($(TARGET_BUILD_TYPE),debug)
BUILD_VERSION_TAGS += debug BUILD_VERSION_TAGS += debug
endif endif
# Apps are always signed with test keys, and may be re-signed in a post-build # Apps are always signed with dev keys, and may be re-signed in a post-build
# step. If that happens, the "test-keys" tag will be removed by that step. # step. If that happens, the "dev-keys" tag will be removed by that step.
BUILD_VERSION_TAGS += test-keys BUILD_VERSION_TAGS += dev-keys
BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS))) BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS)))
# A human-readable string that descibes this build in detail. # A human-readable string that descibes this build in detail.
@@ -258,11 +258,11 @@ endif
# ----------------------------------------------------------------- # -----------------------------------------------------------------
# The test key is used to sign this package, and as the key required # The dev key is used to sign this package, and as the key required
# for future OTA packages installed by this system. Actual product # for future OTA packages installed by this system. Actual product
# deliverables will be re-signed by hand. We expect this file to # deliverables will be re-signed by hand. We expect this file to
# exist with the suffixes ".x509.pem" and ".pk8". # exist with the suffixes ".x509.pem" and ".pk8".
DEFAULT_KEY_CERT_PAIR := $(SRC_TARGET_DIR)/product/security/testkey DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
# Rules that need to be present for the all targets, even # Rules that need to be present for the all targets, even
@@ -649,9 +649,9 @@ ifdef BOARD_KERNEL_PAGESIZE
endif endif
# Keys authorized to sign OTA packages this build will accept. The # Keys authorized to sign OTA packages this build will accept. The
# build always uses test-keys for this; release packaging tools will # build always uses dev-keys for this; release packaging tools will
# substitute other keys for this one. # substitute other keys for this one.
OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
# Generate a file containing the keys that will be read by the # Generate a file containing the keys that will be read by the
# recovery binary. # recovery binary.
@@ -1097,6 +1097,7 @@ endif
ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG
$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt $(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt
endif endif
$(hide) echo "default_system_dev_certificate=$(DEFAULT_SYSTEM_DEV_CERTIFICATE)" >> $(zip_root)/META/misc_info.txt
ifdef PRODUCT_EXTRA_RECOVERY_KEYS ifdef PRODUCT_EXTRA_RECOVERY_KEYS
$(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt $(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt
endif endif

7
core/config.mk
View File

@@ -288,6 +288,13 @@ APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/doclava$(
APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX) APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX)
APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)" APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)"
# The default key if not set as LOCAL_CERTIFICATE
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
endif
# ############################################################### # ###############################################################
# Set up final options. # Set up final options.
# ############################################################### # ###############################################################

8
core/package.mk
View File

@@ -299,20 +299,20 @@ endif
# Secure release builds will have their packages signed after the fact, # Secure release builds will have their packages signed after the fact,
# so it's ok for these private keys to be in the clear. # so it's ok for these private keys to be in the clear.
ifeq ($(LOCAL_CERTIFICATE),) ifeq ($(LOCAL_CERTIFICATE),)
LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
endif endif
ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
# The special value "EXTERNAL" means that we will sign it with the # The special value "EXTERNAL" means that we will sign it with the
# default testkey, apply predexopt, but then expect the final .apk # default devkey, apply predexopt, but then expect the final .apk
# (after dexopting) to be signed by an outside tool. # (after dexopting) to be signed by an outside tool.
LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1 PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1
endif endif
# If this is not an absolute certificate, assign it to a generic one. # If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif endif
private_key := $(LOCAL_CERTIFICATE).pk8 private_key := $(LOCAL_CERTIFICATE).pk8
certificate := $(LOCAL_CERTIFICATE).x509.pem certificate := $(LOCAL_CERTIFICATE).x509.pem

4
core/prebuilt.mk
View File

@@ -93,7 +93,7 @@ ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
# #
# This can be used for packages where we don't have access to the # This can be used for packages where we don't have access to the
# keys, but want the package to be predexopt'ed. # keys, but want the package to be predexopt'ed.
LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1 PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1
endif endif
ifeq ($(LOCAL_CERTIFICATE),) ifeq ($(LOCAL_CERTIFICATE),)
@@ -114,7 +114,7 @@ else ifeq ($(LOCAL_CERTIFICATE),PRESIGNED)
else else
# If this is not an absolute certificate, assign it to a generic one. # If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif endif
PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8 PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8

7
core/product.mk
View File

@@ -82,7 +82,9 @@ _product_var_list := \
PRODUCT_SDK_ADDON_COPY_FILES \ PRODUCT_SDK_ADDON_COPY_FILES \
PRODUCT_SDK_ADDON_COPY_MODULES \ PRODUCT_SDK_ADDON_COPY_MODULES \
PRODUCT_SDK_ADDON_DOC_MODULE \ PRODUCT_SDK_ADDON_DOC_MODULE \
PRODUCT_DEFAULT_WIFI_CHANNELS PRODUCT_DEFAULT_WIFI_CHANNELS \
PRODUCT_DEFAULT_DEV_CERTIFICATE \
define dump-product define dump-product
$(info ==== $(1) ====)\ $(info ==== $(1) ====)\
@@ -232,6 +234,9 @@ _product_stash_var_list += \
BOARD_INSTALLER_CMDLINE \ BOARD_INSTALLER_CMDLINE \
_product_stash_var_list += \
DEFAULT_SYSTEM_DEV_CERTIFICATE
# #
# Stash vaues of the variables in _product_stash_var_list. # Stash vaues of the variables in _product_stash_var_list.
# $(1): Renamed prefix # $(1): Renamed prefix

9
core/product_config.mk
View File

@@ -265,6 +265,15 @@ endif
PRODUCT_DEFAULT_WIFI_CHANNELS := \ PRODUCT_DEFAULT_WIFI_CHANNELS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS)) $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS))
PRODUCT_DEFAULT_DEV_CERTIFICATE := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_DEV_CERTIFICATE))
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
ifneq (1,$(words $(PRODUCT_DEFAULT_DEV_CERTIFICATE)))
$(error PRODUCT_DEFAULT_DEV_CERTIFICATE='$(PRODUCT_DEFAULT_DEV_CERTIFICATE)', \
only 1 certificate is allowed.)
endif
endif
# A list of words like <source path>:<destination path>. The file at # A list of words like <source path>:<destination path>. The file at
# the source path should be copied to the destination path when building # the source path should be copied to the destination path when building
# this product. <destination path> is relative to $(PRODUCT_OUT), so # this product. <destination path> is relative to $(PRODUCT_OUT), so