Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 17c83cf2 authored by Doug Zongker's avatar Doug Zongker Committed by The Android Open Source Project
Browse files

AI 144130: Don't build OTA package keys into the recovery binary; read 

  them from an external file in the recovery image.  Use the
  test-keys for all builds.

Automated import of CL 144130
parent a401b054

core/Makefile

+22 −30
Original line number Diff line number Diff line
@@ -62,9 +62,6 @@ endif 
# Apps are always signed with test keys, and may be re-signed in a post-build

# step.  If that happens, the "test-keys" tag will be removed by that step.

BUILD_VERSION_TAGS += test-keys

ifndef INCLUDE_TEST_OTA_KEYS

  BUILD_VERSION_TAGS += ota-rel-keys

endif

BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS)))



# A human-readable string that descibes this build in detail.
@@ -639,13 +636,31 @@ ifdef BOARD_KERNEL_CMDLINE 
  INTERNAL_RECOVERYIMAGE_ARGS += --cmdline "$(BOARD_KERNEL_CMDLINE)"

endif



# Keys authorized to sign OTA packages this build will accept.  The

# build always uses test-keys for this; release packaging tools will

# substitute other keys for this one.

OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem



# Generate a file containing the keys that will be read by the

# recovery binary.

RECOVERY_INSTALL_OTA_KEYS := \

	$(call intermediates-dir-for,PACKAGING,ota_keys)/keys

DUMPKEY_JAR := $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar

$(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(OTA_PUBLIC_KEYS)

$(RECOVERY_INSTALL_OTA_KEYS): $(OTA_PUBLIC_KEYS) $(DUMPKEY_JAR)

	@echo "DumpPublicKey: $@ <= $(PRIVATE_OTA_PUBLIC_KEYS)"

	@rm -rf $@

	@mkdir -p $(dir $@)

	java -jar $(DUMPKEY_JAR) $(PRIVATE_OTA_PUBLIC_KEYS) > $@



$(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) \

		$(INSTALLED_RAMDISK_TARGET) \

		$(INSTALLED_BOOTIMAGE_TARGET) \

		$(recovery_binary) \

		$(recovery_initrc) $(recovery_kernel) \

		$(INSTALLED_2NDBOOTLOADER_TARGET) \

		$(recovery_build_prop) $(recovery_resource_deps)

		$(recovery_build_prop) $(recovery_resource_deps) \

		$(RECOVERY_INSTALL_OTA_KEYS)

	@echo ----- Making recovery image ------

	rm -rf $(TARGET_RECOVERY_OUT)

	mkdir -p $(TARGET_RECOVERY_OUT)
@@ -660,6 +675,7 @@ $(INSTALLED_RECOVERYIMAGE_TARGET): $(MKBOOTFS) $(MKBOOTIMG) \ 
	cp -rf $(recovery_resources_common) $(TARGET_RECOVERY_ROOT_OUT)/

	$(foreach item,$(recovery_resources_private), \

	  cp -rf $(item) $(TARGET_RECOVERY_ROOT_OUT)/)

	cp $(RECOVERY_INSTALL_OTA_KEYS) $(TARGET_RECOVERY_ROOT_OUT)/res/keys

	cat $(INSTALLED_DEFAULT_PROP_TARGET) $(recovery_build_prop) \

	        > $(TARGET_RECOVERY_ROOT_OUT)/default.prop

	$(MKBOOTFS) $(TARGET_RECOVERY_ROOT_OUT) | gzip > $(recovery_ramdisk)
@@ -759,16 +775,6 @@ endif 
.PHONY: otapackage

otapackage: $(INTERNAL_OTA_PACKAGE_TARGET)



# Keys authorized to sign OTA packages this build will accept.

ifeq ($(INCLUDE_TEST_OTA_KEYS),true)

  OTA_PUBLIC_KEYS := \

  	$(sort $(SRC_TARGET_DIR)/product/security/testkey.x509.pem $(OTA_PUBLIC_KEYS))

endif



ifeq ($(OTA_PUBLIC_KEYS),)

  $(error No OTA_PUBLIC_KEYS defined)

endif



# Build a keystore with the authorized keys in it.

# java/android/android/server/checkin/UpdateVerifier.java uses this.

ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/security/otacerts.zip
@@ -784,21 +790,6 @@ $(TARGET_OUT_ETC)/security/otacerts.zip: $(OTA_PUBLIC_KEYS) 
#           -import -file $$f -alias $(notdir $$f) || exit 1; \

# done



ifdef RECOVERY_INSTALL_OTA_KEYS_INC

# Generate a C-includable file containing the keys.

# RECOVERY_INSTALL_OTA_KEYS_INC is defined by recovery/Android.mk.

# *** THIS IS A TOTAL HACK; EXECUTABLES MUST NOT CHANGE BETWEEN DIFFERENT

#     PRODUCTS/BUILD TYPES. ***

# TODO: make recovery read the keys from an external file.

DUMPKEY_JAR := $(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar

$(RECOVERY_INSTALL_OTA_KEYS_INC): PRIVATE_OTA_PUBLIC_KEYS := $(OTA_PUBLIC_KEYS)

$(RECOVERY_INSTALL_OTA_KEYS_INC): $(OTA_PUBLIC_KEYS) $(DUMPKEY_JAR)

	@echo "DumpPublicKey: $@ <= $(PRIVATE_OTA_PUBLIC_KEYS)"

	@rm -rf $@

	@mkdir -p $(dir $@)

	$(hide) java -jar $(DUMPKEY_JAR) $(PRIVATE_OTA_PUBLIC_KEYS) > $@

endif



# -----------------------------------------------------------------

# A zip of the directories that map to the target filesystem.

# This zip can be used to create an OTA package or filesystem image
@@ -897,6 +888,7 @@ endif 
	@# build them.

	$(hide) mkdir -p $(zip_root)/META

	$(hide) $(ACP) $(APKCERTS_FILE) $(zip_root)/META/apkcerts.txt

	$(hide)	echo "$(PRODUCT_OTA_PUBLIC_KEYS)" > $(zip_root)/META/otakeys.txt

	@# Zip everything up, preserving symlinks

	$(hide) (cd $(zip_root) && zip -qry ../$(notdir $@) .)

core/product_config.mk

+10 −21
Original line number Diff line number Diff line
@@ -219,23 +219,12 @@ ADDITIONAL_BUILD_PROPERTIES := \ 
	$(ADDITIONAL_BUILD_PROPERTIES) \

	$(PRODUCT_PROPERTY_OVERRIDES)



# Get the list of OTA public keys for the product.

OTA_PUBLIC_KEYS := \

	$(sort \

	    $(OTA_PUBLIC_KEYS) \

	    $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_OTA_PUBLIC_KEYS) \

	 )



# HACK: Not all products define OTA keys yet, and the -user build

# will fail if no keys are defined.

# TODO: Let a product opt out of needing OTA keys, and stop defaulting to

#       the test key as soon as possible.

ifeq (,$(strip $(OTA_PUBLIC_KEYS)))

  ifeq (,$(CALLED_FROM_SETUP))

    $(warning WARNING: adding test OTA key)

  endif

  OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem

endif

# The OTA key(s) specified by the product config, if any.  The names

# of these keys are stored in the target-files zip so that post-build

# signing tools can substitute them for the test key embedded by

# default.

PRODUCT_OTA_PUBLIC_KEYS := $(sort \

    $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_OTA_PUBLIC_KEYS))



# ---------------------------------------------------------------

# Force the simulator to be the simulator, and make BUILD_TYPE