2018-04-03 14:55:28 -04:00
|
|
|
From ca96d37d0d9d7fb74f6c72f74586f86f4b959d34 Mon Sep 17 00:00:00 2001
|
2018-03-08 22:06:18 -05:00
|
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
2018-04-03 14:55:28 -04:00
|
|
|
Date: Tue, 3 Apr 2018 14:12:55 -0400
|
2018-03-08 22:06:18 -05:00
|
|
|
Subject: [PATCH] Add optional automated signing
|
|
|
|
|
|
2018-04-03 14:55:28 -04:00
|
|
|
Change-Id: I9ebd044c4c2f76688f7921b991055c57ec574986
|
2018-03-08 22:06:18 -05:00
|
|
|
---
|
2018-04-03 14:55:28 -04:00
|
|
|
core/Makefile | 42 +++++++++++++++++++++++++++++++++++++++---
|
|
|
|
|
1 file changed, 39 insertions(+), 3 deletions(-)
|
2018-03-08 22:06:18 -05:00
|
|
|
|
|
|
|
|
diff --git a/core/Makefile b/core/Makefile
|
2018-04-03 14:55:28 -04:00
|
|
|
index 1fb76cf44..034b5f791 100644
|
2018-03-08 22:06:18 -05:00
|
|
|
--- a/core/Makefile
|
|
|
|
|
+++ b/core/Makefile
|
2018-04-03 12:34:00 -04:00
|
|
|
@@ -504,6 +504,10 @@ $(call dist-for-goals,droidcore,$(SOONG_TO_CONVERT))
|
2018-03-08 22:06:18 -05:00
|
|
|
# exist with the suffixes ".x509.pem" and ".pk8".
|
|
|
|
|
DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
|
|
|
|
|
|
|
|
|
|
+ifneq ($(SIGNING_KEY_DIR),)
|
|
|
|
|
+ KEY_CERT_DIR := $(SIGNING_KEY_DIR)
|
|
|
|
|
+ DEFAULT_KEY_CERT_PAIR := $(SIGNING_KEY_DIR)/releasekey
|
|
|
|
|
+endif
|
|
|
|
|
|
|
|
|
|
# Rules that need to be present for the all targets, even
|
|
|
|
|
# if they don't do anything.
|
2018-04-03 12:34:00 -04:00
|
|
|
@@ -1204,6 +1208,16 @@ endif
|
2018-03-08 22:06:18 -05:00
|
|
|
# substitute other keys for this one.
|
|
|
|
|
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
|
|
|
|
|
|
|
|
|
|
+ifneq ($(SIGNING_KEY_DIR),)
|
|
|
|
|
+ OTA_PUBLIC_KEYS := $(SIGNING_KEY_DIR)/releasekey.x509.pem
|
|
|
|
|
+ PRODUCT_EXTRA_RECOVERY_KEYS += $(SIGNING_KEY_DIR)/extra
|
|
|
|
|
+else
|
|
|
|
|
+ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
|
|
|
|
+ OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
|
|
|
|
|
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
|
|
|
|
|
+ endif
|
|
|
|
|
+endif
|
|
|
|
|
+
|
|
|
|
|
# Generate a file containing the keys that will be read by the
|
|
|
|
|
# recovery binary.
|
|
|
|
|
RECOVERY_INSTALL_OTA_KEYS := \
|
2018-04-03 12:34:00 -04:00
|
|
|
@@ -2300,6 +2314,13 @@ $(BUILT_TARGET_FILES_PACKAGE): intermediates := $(intermediates)
|
2018-03-08 22:06:18 -05:00
|
|
|
$(BUILT_TARGET_FILES_PACKAGE): \
|
|
|
|
|
zip_root := $(intermediates)/$(name)
|
|
|
|
|
|
|
|
|
|
+SIGNED_TARGET_FILES_PACKAGE := $(intermediates)/signed-$(name).zip
|
|
|
|
|
+MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(BUILT_TARGET_FILES_PACKAGE)
|
|
|
|
|
+
|
|
|
|
|
+ifneq ($(SIGNING_KEY_DIR),)
|
|
|
|
|
+ MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(SIGNED_TARGET_FILES_PACKAGE)
|
|
|
|
|
+endif
|
|
|
|
|
+
|
|
|
|
|
# $(1): Directory to copy
|
|
|
|
|
# $(2): Location to copy it to
|
|
|
|
|
# The "ls -A" is to prevent "acp s/* d" from failing if s is empty.
|
2018-04-03 12:34:00 -04:00
|
|
|
@@ -2758,6 +2779,12 @@ else
|
2018-03-08 22:06:18 -05:00
|
|
|
OTA_SCRIPT_OVERRIDE_DEVICE := $(TARGET_OTA_ASSERT_DEVICE)
|
|
|
|
|
endif
|
|
|
|
|
|
|
|
|
|
+ifeq ($(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT),)
|
|
|
|
|
+ SIGN_TARGET_SCRIPT := ./build/tools/releasetools/sign_target_files_apks
|
|
|
|
|
+else
|
|
|
|
|
+ SIGN_TARGET_SCRIPT := $(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT)
|
|
|
|
|
+endif
|
|
|
|
|
+
|
|
|
|
|
ifeq ($(WITH_GMS),true)
|
|
|
|
|
$(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false
|
|
|
|
|
else
|
2018-04-03 14:55:28 -04:00
|
|
|
@@ -2768,18 +2795,27 @@ else
|
2018-03-08 22:06:18 -05:00
|
|
|
endif
|
|
|
|
|
endif
|
|
|
|
|
|
|
|
|
|
-$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) \
|
2018-04-03 12:34:00 -04:00
|
|
|
+$(SIGNED_TARGET_FILES_PACKAGE): $(BUILT_TARGET_FILES_PACKAGE) \
|
|
|
|
|
+ build/tools/releasetools/sign_target_files_apks
|
2018-03-08 22:06:18 -05:00
|
|
|
+ @echo "$(SIGN_TARGET_SCRIPT)" > $(PRODUCT_OUT)/sign_script_path
|
|
|
|
|
+ @echo -e ${CL_YLW}"Sign target files:"${CL_RST}" $@"
|
|
|
|
|
+ $(hide) $(SIGN_TARGET_SCRIPT) \
|
|
|
|
|
+ -d $(KEY_CERT_DIR) \
|
|
|
|
|
+ -o \
|
|
|
|
|
+ $(BUILT_TARGET_FILES_PACKAGE) \
|
|
|
|
|
+ $(SIGNED_TARGET_FILES_PACKAGE)
|
|
|
|
|
+
|
2018-04-03 12:34:00 -04:00
|
|
|
+$(INTERNAL_OTA_PACKAGE_TARGET): $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) \
|
|
|
|
|
build/tools/releasetools/ota_from_target_files
|
2018-03-08 22:06:18 -05:00
|
|
|
@echo "Package OTA: $@"
|
|
|
|
|
$(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH MKBOOTIMG=$(MKBOOTIMG) \
|
2018-04-03 14:55:28 -04:00
|
|
|
./build/tools/releasetools/ota_from_target_files -v \
|
|
|
|
|
--block \
|
|
|
|
|
- --extracted_input_target_files $(patsubst %.zip,%,$(BUILT_TARGET_FILES_PACKAGE)) \
|
|
|
|
|
-p $(HOST_OUT) \
|
2018-03-08 22:06:18 -05:00
|
|
|
-k $(KEY_CERT_PAIR) \
|
|
|
|
|
--backup=$(backuptool) \
|
|
|
|
|
$(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
|
|
|
|
|
- $(BUILT_TARGET_FILES_PACKAGE) $@
|
|
|
|
|
+ $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $@
|
|
|
|
|
|
|
|
|
|
.PHONY: otapackage
|
|
|
|
|
otapackage: $(INTERNAL_OTA_PACKAGE_TARGET)
|
|
|
|
|
--
|
2018-04-03 12:34:00 -04:00
|
|
|
2.16.3
|
2018-03-08 22:06:18 -05:00
|
|
|
|
