From 4eb4173b876ab4b4d71a5be541096d346649bbef Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 30 May 2015 22:47:50 -0400 Subject: [PATCH] add optional automated signing --- core/Makefile | 48 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/core/Makefile b/core/Makefile index 7eca2db..82006c9 100644 --- a/core/Makefile +++ b/core/Makefile @@ -408,6 +408,11 @@ ifneq ($(OTA_PACKAGE_SIGNING_KEY),) DEFAULT_KEY_CERT_PAIR := $(OTA_PACKAGE_SIGNING_KEY) endif +ifneq ($(SIGNING_KEY_DIR),) + KEY_CERT_DIR := $(SIGNING_KEY_DIR) + DEFAULT_KEY_CERT_PAIR := $(SIGNING_KEY_DIR)/releasekey +endif + # Rules that need to be present for the all targets, even # if they don't do anything. .PHONY: systemimage @@ -943,13 +948,18 @@ endif # substitute other keys for this one. OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem -ifneq ($(OTA_PACKAGE_SIGNING_KEY),) - OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem - PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) +ifneq ($(SIGNING_KEY_DIR),) + OTA_PUBLIC_KEYS := $(SIGNING_KEY_DIR)/releasekey.x509.pem + PRODUCT_EXTRA_RECOVERY_KEYS += $(SIGNING_KEY_DIR)/extra else - PRODUCT_EXTRA_RECOVERY_KEYS += \ - build/target/product/security/cm \ - build/target/product/security/cm-devkey + ifneq ($(OTA_PACKAGE_SIGNING_KEY),) + OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem + PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) + else + PRODUCT_EXTRA_RECOVERY_KEYS += \ + build/target/product/security/cm \ + build/target/product/security/cm-devkey + endif endif # Generate a file containing the keys that will be read by the @@ -1593,6 +1603,12 @@ BUILT_TARGET_FILES_PACKAGE := $(intermediates)/$(name).zip $(BUILT_TARGET_FILES_PACKAGE): intermediates := $(intermediates) $(BUILT_TARGET_FILES_PACKAGE): \ zip_root := $(intermediates)/$(name) +SIGNED_TARGET_FILES_PACKAGE := $(intermediates)/signed-$(name).zip +MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(BUILT_TARGET_FILES_PACKAGE) + +ifneq ($(SIGNING_KEY_DIR),) + MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(SIGNED_TARGET_FILES_PACKAGE) +endif # $(1): Directory to copy # $(2): Location to copy it to @@ -1868,6 +1884,12 @@ else OTA_FROM_TARGET_SCRIPT := $(TARGET_RELEASETOOL_OTA_FROM_TARGET_SCRIPT) endif +ifeq ($(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT),) + SIGN_TARGET_SCRIPT := ./build/tools/releasetools/sign_target_files_apks +else + SIGN_TARGET_SCRIPT := $(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT) +endif + ifeq ($(WITH_GMS),true) $(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false else @@ -1895,7 +1917,17 @@ ifneq ($(BLOCK_BASED_OTA),false) $(INTERNAL_OTA_PACKAGE_TARGET): block_based := --block endif -$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS) +$(SIGNED_TARGET_FILES_PACKAGE): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS) + @echo "$(SIGN_TARGET_SCRIPT)" > $(PRODUCT_OUT)/sign_script_path + @echo -e ${CL_YLW}"Sign target files:"${CL_RST}" $@" + $(hide) $(SIGN_TARGET_SCRIPT) \ + -d $(KEY_CERT_DIR) \ + -o \ + -e SMSSecure.apk,Orbot.apk,Android-IMSI-Catcher-Detector.apk,FreeOTP.apk,F-Droid.apk= \ + $(BUILT_TARGET_FILES_PACKAGE) \ + $(SIGNED_TARGET_FILES_PACKAGE) + +$(INTERNAL_OTA_PACKAGE_TARGET): $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $(DISTTOOLS) @echo "$(OTA_FROM_TARGET_SCRIPT)" > $(PRODUCT_OUT)/ota_script_path @echo "$(override_device)" > $(PRODUCT_OUT)/ota_override_device @echo -e ${CL_YLW}"Package OTA:"${CL_RST}" $@" @@ -1907,7 +1939,7 @@ $(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS) --backup=$(backuptool) \ --override_device=$(override_device) $(override_prop) \ $(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \ - $(BUILT_TARGET_FILES_PACKAGE) $@ + $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $@ CM_TARGET_PACKAGE := $(PRODUCT_OUT)/cm-$(CM_VERSION).zip