StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix error where otacerts in VENDOR_BOOT isn't replaced

Browse Source 
Test: sign a target_file, check otacerts.zip
Bug: 180025432

Change-Id: I918c3772a6de83314d76884dff3b26a85ed66eb2
This commit is contained in:
Kelvin Zhang
2021-02-11 19:10:44 -05:00
parent 119f279455
commit 9f781ff907
1 changed files with 7 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tools/releasetools/sign_target_files_apks.py
View File

@@ -579,12 +579,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
# Don't copy OTA certs if we're replacing them.
# Replacement of update-payload-key.pub.pem was removed in b/116660991.
elif (
OPTIONS.replace_ota_keys and
filename in (
"BOOT/RAMDISK/system/etc/security/otacerts.zip",
"RECOVERY/RAMDISK/system/etc/security/otacerts.zip",
"SYSTEM/etc/security/otacerts.zip")):
elif OPTIONS.replace_ota_keys and filename.endswith("/otacerts.zip"):
pass
# Skip META/misc_info.txt since we will write back the new values later.
@@ -852,20 +847,12 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
print("META/otakeys.txt has no keys; using %s for OTA package"
" verification." % (mapped_keys[0],))
# recovery now uses the same x509.pem version of the keys.
# extra_recovery_keys are used only in recovery.
if misc_info.get("recovery_as_boot") == "true":
recovery_keys_location = "BOOT/RAMDISK/system/etc/security/otacerts.zip"
else:
recovery_keys_location = "RECOVERY/RAMDISK/system/etc/security/otacerts.zip"
WriteOtacerts(output_tf_zip, recovery_keys_location,
mapped_keys + extra_recovery_keys)
# SystemUpdateActivity uses the x509.pem version of the keys, but
# put into a zipfile system/etc/security/otacerts.zip.
# We DO NOT include the extra_recovery_keys (if any) here.
WriteOtacerts(output_tf_zip, "SYSTEM/etc/security/otacerts.zip", mapped_keys)
otacerts = [info
for info in input_tf_zip.infolist()
if info.filename.endswith("/otacerts.zip")]
for info in otacerts:
print("Rewriting OTA key:", info.filename, mapped_keys)
WriteOtacerts(output_tf_zip, info.filename, mapped_keys)
def ReplaceVerityPublicKey(output_zip, filename, key_path):