StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

releasetools: Write back default_system_dev_certificate.

Browse Source 
When signing a target_files.zip, the OTA certificate specified by
default_system_dev_certificate could be replaced with a mapped key. When
that happens, we must explicitly specify --package_key when generating
OTA packages with ota_from_target_files.py. Otherwise the OTA package
will be signed with the wrong key, which leads to verification failures.

This CL updates the default_system_dev_certificate value in
misc_info.txt accordingly.

Test: Sign a target_files.zip and replace the OTA key. Check
      META/misc_info.txt in the generated target_files.zip.
  $ ./build/make/tools/releasetools/sign_target_files_apks.py -v \
      --replace_ota_keys \
      -k build/target/product/security/testkey=build/target/product/security/platform \
      out/dist/aosp_marlin-target_files-eng.tbao.zip \
      signed-marlin-target_files-test.zip

Change-Id: I093234b5add3e27c5b3887cefeffd74e6f0a3e98
This commit is contained in:
Tao Bao
2017-11-09 10:10:10 -08:00
parent a3d94873cf
commit f718f90212
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tools/releasetools/sign_target_files_apks.py
View File

@@ -402,7 +402,7 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
except KeyError:
raise common.ExternalError("can't read META/otakeys.txt from input")
extra_recovery_keys = misc_info.get("extra_recovery_keys", None)
extra_recovery_keys = misc_info.get("extra_recovery_keys")
if extra_recovery_keys:
extra_recovery_keys = [OPTIONS.key_map.get(k, k) + ".x509.pem"
for k in extra_recovery_keys.split()]
@@ -426,8 +426,10 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
else:
devkey = misc_info.get("default_system_dev_certificate",
"build/target/product/security/testkey")
mapped_keys.append(
OPTIONS.key_map.get(devkey, devkey) + ".x509.pem")
mapped_devkey = OPTIONS.key_map.get(devkey, devkey)
if mapped_devkey != devkey:
misc_info["default_system_dev_certificate"] = mapped_devkey
mapped_keys.append(mapped_devkey + ".x509.pem")
print("META/otakeys.txt has no keys; using %s for OTA package"
" verification." % (mapped_keys[0],))