Better ensure extra keys are included

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2022-05-12 10:12:31 -04:00
parent 4dbab20c06
commit 59c28bc022
6 changed files with 30 additions and 24 deletions

View File

@ -5,15 +5,15 @@ Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7 Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
--- ---
core/Makefile | 5 ++--- core/Makefile | 6 +++---
core/product_config.mk | 5 +++++ core/product_config.mk | 5 +++++
2 files changed, 7 insertions(+), 3 deletions(-) 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/core/Makefile b/core/Makefile diff --git a/core/Makefile b/core/Makefile
index 3fb424733d..67e0170e67 100644 index 3fb424733d..6d313406d6 100644
--- a/core/Makefile --- a/core/Makefile
+++ b/core/Makefile +++ b/core/Makefile
@@ -1033,9 +1033,8 @@ endif @@ -1033,9 +1033,9 @@ endif
# substitute other keys for this one. # substitute other keys for this one.
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
@ -22,6 +22,7 @@ index 3fb424733d..67e0170e67 100644
- PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) - PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
+ifneq ($(OTA_KEY_OVERRIDE_DIR),) +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
endif endif
# Generate a file containing the keys that will be read by the # Generate a file containing the keys that will be read by the

View File

@ -5,20 +5,21 @@ Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7 Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
--- ---
core/Makefile | 4 ++++ core/Makefile | 5 +++++
core/product_config.mk | 5 +++++ core/product_config.mk | 5 +++++
2 files changed, 9 insertions(+) 2 files changed, 10 insertions(+)
diff --git a/core/Makefile b/core/Makefile diff --git a/core/Makefile b/core/Makefile
index f2a524d58c..92c7928d35 100644 index f2a524d58c..bdd18d7dec 100644
--- a/core/Makefile --- a/core/Makefile
+++ b/core/Makefile +++ b/core/Makefile
@@ -1217,6 +1217,10 @@ endif @@ -1217,6 +1217,11 @@ endif
# substitute other keys for this one. # substitute other keys for this one.
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ifneq ($(OTA_KEY_OVERRIDE_DIR),) +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
+endif +endif
+ +
# Generate a file containing the keys that will be read by the # Generate a file containing the keys that will be read by the

View File

@ -5,20 +5,21 @@ Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7 Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
--- ---
core/Makefile | 4 ++++ core/Makefile | 5 +++++
core/product_config.mk | 5 +++++ core/product_config.mk | 5 +++++
2 files changed, 9 insertions(+) 2 files changed, 10 insertions(+)
diff --git a/core/Makefile b/core/Makefile diff --git a/core/Makefile b/core/Makefile
index 404bb54133..bd23c8be3d 100644 index 404bb54133..88b50d3e1d 100644
--- a/core/Makefile --- a/core/Makefile
+++ b/core/Makefile +++ b/core/Makefile
@@ -1413,6 +1413,10 @@ endif @@ -1413,6 +1413,11 @@ endif
# substitute other keys for this one. # substitute other keys for this one.
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ifneq ($(OTA_KEY_OVERRIDE_DIR),) +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
+endif +endif
+ +
# Generate a file containing the keys that will be read by the # Generate a file containing the keys that will be read by the

View File

@ -5,20 +5,21 @@ Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7 Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
--- ---
core/Makefile | 4 ++++ core/Makefile | 5 +++++
core/product_config.mk | 5 +++++ core/product_config.mk | 5 +++++
2 files changed, 9 insertions(+) 2 files changed, 10 insertions(+)
diff --git a/core/Makefile b/core/Makefile diff --git a/core/Makefile b/core/Makefile
index f6c2463439..7f4823a1ac 100644 index f6c2463439..69f2826e97 100644
--- a/core/Makefile --- a/core/Makefile
+++ b/core/Makefile +++ b/core/Makefile
@@ -1895,6 +1895,10 @@ endif @@ -1895,6 +1895,11 @@ endif
# substitute other keys for this one. # substitute other keys for this one.
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ifneq ($(OTA_KEY_OVERRIDE_DIR),) +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
+endif +endif
+ +
# Generate a file containing the keys that will be read by the # Generate a file containing the keys that will be read by the

View File

@ -6,8 +6,8 @@ Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7 Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
--- ---
core/product_config.mk | 5 +++++ core/product_config.mk | 5 +++++
target/product/security/Android.mk | 21 +++++++++++++++++---- target/product/security/Android.mk | 22 ++++++++++++++++++----
2 files changed, 22 insertions(+), 4 deletions(-) 2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/core/product_config.mk b/core/product_config.mk diff --git a/core/product_config.mk b/core/product_config.mk
index a16af05cf4..4849d50093 100644 index a16af05cf4..4849d50093 100644
@ -26,7 +26,7 @@ index a16af05cf4..4849d50093 100644
DEXPREOPT_DISABLED_MODULES := DEXPREOPT_DISABLED_MODULES :=
# If a module has multiple setups, the first takes precedence. # If a module has multiple setups, the first takes precedence.
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index d6a8b5378d..8bc882d621 100644 index d6a8b5378d..0018105865 100644
--- a/target/product/security/Android.mk --- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk +++ b/target/product/security/Android.mk
@@ -55,8 +55,15 @@ LOCAL_MODULE_CLASS := ETC @@ -55,8 +55,15 @@ LOCAL_MODULE_CLASS := ETC
@ -47,7 +47,7 @@ index d6a8b5378d..8bc882d621 100644
$(SOONG_ZIP) -o $@ -j -f $(PRIVATE_CERT) $(SOONG_ZIP) -o $@ -j -f $(PRIVATE_CERT)
@@ -72,11 +79,17 @@ include $(BUILD_SYSTEM)/base_rules.mk @@ -72,11 +79,18 @@ include $(BUILD_SYSTEM)/base_rules.mk
extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
@ -56,6 +56,7 @@ index d6a8b5378d..8bc882d621 100644
+ +
+ifneq ($(OTA_KEY_OVERRIDE_DIR),) +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ extra_recovery_keys := $(OTA_KEY_OVERRIDE_DIR)/extra.x509.pem
+endif +endif
+ +
+$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS) +$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS)

View File

@ -6,8 +6,8 @@ Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7 Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
--- ---
core/product_config.mk | 5 +++++ core/product_config.mk | 5 +++++
target/product/security/Android.mk | 21 +++++++++++++++++---- target/product/security/Android.mk | 22 ++++++++++++++++++----
2 files changed, 22 insertions(+), 4 deletions(-) 2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/core/product_config.mk b/core/product_config.mk diff --git a/core/product_config.mk b/core/product_config.mk
index 4b4ba3ccb8..dac79d1ff7 100644 index 4b4ba3ccb8..dac79d1ff7 100644
@ -26,7 +26,7 @@ index 4b4ba3ccb8..dac79d1ff7 100644
DEXPREOPT_DISABLED_MODULES := DEXPREOPT_DISABLED_MODULES :=
# If a module has multiple setups, the first takes precedence. # If a module has multiple setups, the first takes precedence.
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index cedad5b490..76d3e5ad1d 100644 index cedad5b490..23187c30e5 100644
--- a/target/product/security/Android.mk --- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk +++ b/target/product/security/Android.mk
@@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC @@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC
@ -47,7 +47,7 @@ index cedad5b490..76d3e5ad1d 100644
$(SOONG_ZIP) -o $@ -j -symlinks=false -f $(PRIVATE_CERT) $(SOONG_ZIP) -o $@ -j -symlinks=false -f $(PRIVATE_CERT)
@@ -82,11 +89,17 @@ include $(BUILD_SYSTEM)/base_rules.mk @@ -82,11 +89,18 @@ include $(BUILD_SYSTEM)/base_rules.mk
extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
@ -56,6 +56,7 @@ index cedad5b490..76d3e5ad1d 100644
+ +
+ifneq ($(OTA_KEY_OVERRIDE_DIR),) +ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem + OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ extra_recovery_keys := $(OTA_KEY_OVERRIDE_DIR)/extra.x509.pem
+endif +endif
+ +
+$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS) +$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS)