mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 06:59:27 -05:00
6c4eadcdc7
formatting/erasing /cache will result in selinux contexts being lost these are normally restored by system/core/rootdir/init.rc in post-fs but latemount causes /cache to not be mounted beforehand preventing it from ever being fixed result is broken ota and recovery updates
105 lines
3.9 KiB
Diff
105 lines
3.9 KiB
Diff
From 4eb4173b876ab4b4d71a5be541096d346649bbef Mon Sep 17 00:00:00 2001
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
Date: Sat, 30 May 2015 22:47:50 -0400
|
|
Subject: [PATCH] add optional automated signing
|
|
|
|
---
|
|
core/Makefile | 48 ++++++++++++++++++++++++++++++++++++++++--------
|
|
1 file changed, 40 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/core/Makefile b/core/Makefile
|
|
index 7eca2db..82006c9 100644
|
|
--- a/core/Makefile
|
|
+++ b/core/Makefile
|
|
@@ -408,6 +408,11 @@ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
|
DEFAULT_KEY_CERT_PAIR := $(OTA_PACKAGE_SIGNING_KEY)
|
|
endif
|
|
|
|
+ifneq ($(SIGNING_KEY_DIR),)
|
|
+ KEY_CERT_DIR := $(SIGNING_KEY_DIR)
|
|
+ DEFAULT_KEY_CERT_PAIR := $(SIGNING_KEY_DIR)/releasekey
|
|
+endif
|
|
+
|
|
# Rules that need to be present for the all targets, even
|
|
# if they don't do anything.
|
|
.PHONY: systemimage
|
|
@@ -943,13 +948,18 @@ endif
|
|
# substitute other keys for this one.
|
|
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
|
|
|
|
-ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
|
- OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
|
|
- PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
|
|
+ifneq ($(SIGNING_KEY_DIR),)
|
|
+ OTA_PUBLIC_KEYS := $(SIGNING_KEY_DIR)/releasekey.x509.pem
|
|
+ PRODUCT_EXTRA_RECOVERY_KEYS += $(SIGNING_KEY_DIR)/extra
|
|
else
|
|
- PRODUCT_EXTRA_RECOVERY_KEYS += \
|
|
- build/target/product/security/cm \
|
|
- build/target/product/security/cm-devkey
|
|
+ ifneq ($(OTA_PACKAGE_SIGNING_KEY),)
|
|
+ OTA_PUBLIC_KEYS := $(OTA_PACKAGE_SIGNING_KEY).x509.pem
|
|
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
|
|
+ else
|
|
+ PRODUCT_EXTRA_RECOVERY_KEYS += \
|
|
+ build/target/product/security/cm \
|
|
+ build/target/product/security/cm-devkey
|
|
+ endif
|
|
endif
|
|
|
|
# Generate a file containing the keys that will be read by the
|
|
@@ -1593,6 +1603,12 @@ BUILT_TARGET_FILES_PACKAGE := $(intermediates)/$(name).zip
|
|
$(BUILT_TARGET_FILES_PACKAGE): intermediates := $(intermediates)
|
|
$(BUILT_TARGET_FILES_PACKAGE): \
|
|
zip_root := $(intermediates)/$(name)
|
|
+SIGNED_TARGET_FILES_PACKAGE := $(intermediates)/signed-$(name).zip
|
|
+MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(BUILT_TARGET_FILES_PACKAGE)
|
|
+
|
|
+ifneq ($(SIGNING_KEY_DIR),)
|
|
+ MAYBE_SIGNED_TARGET_FILES_PACKAGE := $(SIGNED_TARGET_FILES_PACKAGE)
|
|
+endif
|
|
|
|
# $(1): Directory to copy
|
|
# $(2): Location to copy it to
|
|
@@ -1868,6 +1884,12 @@ else
|
|
OTA_FROM_TARGET_SCRIPT := $(TARGET_RELEASETOOL_OTA_FROM_TARGET_SCRIPT)
|
|
endif
|
|
|
|
+ifeq ($(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT),)
|
|
+ SIGN_TARGET_SCRIPT := ./build/tools/releasetools/sign_target_files_apks
|
|
+else
|
|
+ SIGN_TARGET_SCRIPT := $(TARGET_RELEASETOOL_SIGN_TARGET_SCRIPT)
|
|
+endif
|
|
+
|
|
ifeq ($(WITH_GMS),true)
|
|
$(INTERNAL_OTA_PACKAGE_TARGET): backuptool := false
|
|
else
|
|
@@ -1895,7 +1917,17 @@ ifneq ($(BLOCK_BASED_OTA),false)
|
|
$(INTERNAL_OTA_PACKAGE_TARGET): block_based := --block
|
|
endif
|
|
|
|
-$(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
|
+$(SIGNED_TARGET_FILES_PACKAGE): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
|
+ @echo "$(SIGN_TARGET_SCRIPT)" > $(PRODUCT_OUT)/sign_script_path
|
|
+ @echo -e ${CL_YLW}"Sign target files:"${CL_RST}" $@"
|
|
+ $(hide) $(SIGN_TARGET_SCRIPT) \
|
|
+ -d $(KEY_CERT_DIR) \
|
|
+ -o \
|
|
+ -e SMSSecure.apk,Orbot.apk,Android-IMSI-Catcher-Detector.apk,FreeOTP.apk,F-Droid.apk= \
|
|
+ $(BUILT_TARGET_FILES_PACKAGE) \
|
|
+ $(SIGNED_TARGET_FILES_PACKAGE)
|
|
+
|
|
+$(INTERNAL_OTA_PACKAGE_TARGET): $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
|
@echo "$(OTA_FROM_TARGET_SCRIPT)" > $(PRODUCT_OUT)/ota_script_path
|
|
@echo "$(override_device)" > $(PRODUCT_OUT)/ota_override_device
|
|
@echo -e ${CL_YLW}"Package OTA:"${CL_RST}" $@"
|
|
@@ -1907,7 +1939,7 @@ $(INTERNAL_OTA_PACKAGE_TARGET): $(BUILT_TARGET_FILES_PACKAGE) $(DISTTOOLS)
|
|
--backup=$(backuptool) \
|
|
--override_device=$(override_device) $(override_prop) \
|
|
$(if $(OEM_OTA_CONFIG), -o $(OEM_OTA_CONFIG)) \
|
|
- $(BUILT_TARGET_FILES_PACKAGE) $@
|
|
+ $(MAYBE_SIGNED_TARGET_FILES_PACKAGE) $@
|
|
|
|
CM_TARGET_PACKAGE := $(PRODUCT_OUT)/cm-$(CM_VERSION).zip
|
|
|