Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e1d02fb9 authored by Tianjie Xu's avatar Tianjie Xu
Browse files

Recovery now expects public keys in zipfile 

This is in line with the build system change which copies the recovery ota
install keys to a zipfile. And now recovery will parses and loads the public
keys from /res/otacerts.zip. The legacy load_keys functions will be
removed in later cls.

Bug: 116655889
Test: sideload an ota package
Change-Id: I95e91736ca9964df06d74aa292d672e2f9e442e8
parent 24ead567

install.cpp

+5 −5
Original line number Diff line number Diff line
@@ -695,18 +695,18 @@ int install_package(const std::string& path, bool* wipe_cache, bool needs_mount, 
}



bool verify_package(const unsigned char* package_data, size_t package_size) {

  static constexpr const char* PUBLIC_KEYS_FILE = "/res/keys";

  std::vector<Certificate> loadedKeys;

  if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {

  static constexpr const char* CERTIFICATE_ZIP_FILE = "/system/etc/security/otacerts.zip";

  std::vector<Certificate> loaded_keys = LoadKeysFromZipfile(CERTIFICATE_ZIP_FILE);

  if (loaded_keys.empty()) {

    LOG(ERROR) << "Failed to load keys";

    return false;

  }

  LOG(INFO) << loadedKeys.size() << " key(s) loaded from " << PUBLIC_KEYS_FILE;

  LOG(INFO) << loaded_keys.size() << " key(s) loaded from " << CERTIFICATE_ZIP_FILE;



  // Verify package.

  ui->Print("Verifying update package...\n");

  auto t0 = std::chrono::system_clock::now();

  int err = verify_file(package_data, package_size, loadedKeys,

  int err = verify_file(package_data, package_size, loaded_keys,

                        std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));

  std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;

  ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);