Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-01 17:11:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
59b3f22205
DivestOS/Patches/LineageOS-19.1/android_build/0002-OTA_Keys.patch
Tad 59c28bc022 Better ensure extra keys are included 
Signed-off-by: Tad <tad@spotco.us>
2022-05-12 10:15:03 -04:00

71 lines
2.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 6 Apr 2021 05:04:32 -0400
Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Ib2a00de63b0c7a8790640462d13a84daf2076fa7
---
core/product_config.mk | 5 +++++
target/product/security/Android.mk | 22 ++++++++++++++++++----
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/core/product_config.mk b/core/product_config.mk
index 4b4ba3ccb8..dac79d1ff7 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -314,6 +314,11 @@ ENFORCE_SYSTEM_CERTIFICATE_ALLOW_LIST := $(PRODUCT_ARTIFACT_SYSTEM_CERTIFICATE_R
PRODUCT_OTA_PUBLIC_KEYS := $(sort $(PRODUCT_OTA_PUBLIC_KEYS))
PRODUCT_EXTRA_RECOVERY_KEYS := $(sort $(PRODUCT_EXTRA_RECOVERY_KEYS))
+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
+endif
+
# Resolve and setup per-module dex-preopt configs.
DEXPREOPT_DISABLED_MODULES :=
# If a module has multiple setups, the first takes precedence.
diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index cedad5b490..23187c30e5 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk
@@ -63,8 +63,15 @@ LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_STEM := otacerts.zip
LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security
include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
-$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+
+OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+
+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+endif
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS)
+$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(OTA_PUBLIC_KEYS)
$(SOONG_ZIP) -o $@ -j -symlinks=false -f $(PRIVATE_CERT)
@@ -82,11 +89,18 @@ include $(BUILD_SYSTEM)/base_rules.mk
extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
-$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+
+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ extra_recovery_keys := $(OTA_KEY_OVERRIDE_DIR)/extra.x509.pem
+endif
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(OTA_PUBLIC_KEYS)
$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys)
$(LOCAL_BUILT_MODULE): \
$(SOONG_ZIP) \
- $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \
+ $(OTA_PUBLIC_KEYS) \
$(extra_recovery_keys)
$(SOONG_ZIP) -o $@ -j -symlinks=false \
$(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))
Reference in New Issue View Git Blame Copy Permalink