Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-10 13:22:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
eb3e51e7e3
DivestOS/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch
Tad f3e672fb18 Failed attempt at fixing signing 
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.

Override it at the source and set it explicitely as well.

This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.

11.0 signing is ignored.

This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.

--

After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00

46 lines
1.5 KiB
Diff
Raw Blame History

From d77b1a23b87813edb3133d314760249e1873cdf8 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 5 Apr 2021 23:00:41 -0400
Subject: [PATCH] Allow setting OTA public keys from environment variable
Change-Id: Id2338b2d30f7c477583a34f4171d37b70f0a6e92
---
core/Makefile | 4 ++++
core/product_config.mk | 5 +++++
2 files changed, 9 insertions(+)
diff --git a/core/Makefile b/core/Makefile
index 404bb5413..bd23c8be3 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1413,6 +1413,10 @@ endif
# substitute other keys for this one.
OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+endif
+
# Generate a file containing the keys that will be read by the
# recovery binary.
RECOVERY_INSTALL_OTA_KEYS := \
diff --git a/core/product_config.mk b/core/product_config.mk
index 2c3f21f1d..a300efbcf 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -399,6 +399,11 @@ PRODUCT_OTA_PUBLIC_KEYS := $(sort \
PRODUCT_EXTRA_RECOVERY_KEYS := $(sort \
$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_EXTRA_RECOVERY_KEYS))
+ifneq ($(OTA_KEY_OVERRIDE_DIR),)
+ PRODUCT_OTA_PUBLIC_KEYS := $(OTA_KEY_OVERRIDE_DIR)/releasekey.x509.pem
+ PRODUCT_EXTRA_RECOVERY_KEYS := $(OTA_KEY_OVERRIDE_DIR)/extra
+endif
+
PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER))
PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \
--
2.30.2
Reference in New Issue View Git Blame Copy Permalink