Loading core/Makefile +20 −6 Original line number Diff line number Diff line Loading @@ -1292,10 +1292,15 @@ $(winpthreads_notice_file): \ # # This rule adds to ALL_DEFAULT_INSTALLED_MODULES, so it needs to come # before the rules that use that variable to build the image. ifneq (,$(wildcard user-keys/releasekey.x509.pem)) DEFAULT_OTA_CERTIFICATE := user-keys/releasekey else DEFAULT_OTA_CERTIFICATE := $(DEFAULT_KEY_CERT_PAIR) endif ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/security/otacerts.zip $(TARGET_OUT_ETC)/security/otacerts.zip: PRIVATE_CERT := $(DEFAULT_KEY_CERT_PAIR).x509.pem $(TARGET_OUT_ETC)/security/otacerts.zip: PRIVATE_CERT := $(DEFAULT_OTA_CERTIFICATE).x509.pem $(TARGET_OUT_ETC)/security/otacerts.zip: $(SOONG_ZIP) $(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_KEY_CERT_PAIR).x509.pem $(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_OTA_CERTIFICATE).x509.pem $(hide) rm -f $@ $(hide) mkdir -p $(dir $@) $(hide) $(SOONG_ZIP) -o $@ -C $(dir $(PRIVATE_CERT)) -f $(PRIVATE_CERT) Loading @@ -1305,8 +1310,13 @@ $(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_KEY_CERT_PAIR).x509.pem # format. ifeq ($(AB_OTA_UPDATER),true) ifneq ($(PRODUCT_IOT),true) ifneq (,$(wildcard user-keys/releasekey.x509.pem)) DEFAULT_OTA_CERTIFICATE := user-keys/releasekey else DEFAULT_OTA_CERTIFICATE := $(DEFAULT_KEY_CERT_PAIR) endif ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(DEFAULT_KEY_CERT_PAIR).x509.pem $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(DEFAULT_OTA_CERTIFICATE).x509.pem $(hide) rm -f $@ $(hide) mkdir -p $(dir $@) $(hide) openssl x509 -pubkey -noout -in $< > $@ Loading Loading @@ -1910,15 +1920,19 @@ endif # Keys authorized to sign OTA packages this build will accept. The # build always uses dev-keys for this; release packaging tools will # substitute other keys for this one. OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem ifneq (,$(wildcard user-keys/releasekey.x509.pem)) DEFAULT_OTA_CERTIFICATE := user-keys/releasekey else DEFAULT_OTA_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) endif # Generate a file containing the keys that will be read by the # recovery binary. RECOVERY_INSTALL_OTA_KEYS := \ $(call intermediates-dir-for,PACKAGING,ota_keys)/otacerts.zip $(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(OTA_PUBLIC_KEYS) $(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(DEFAULT_OTA_CERTIFICATE).x509.pem $(RECOVERY_INSTALL_OTA_KEYS): extra_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) $(RECOVERY_INSTALL_OTA_KEYS): $(SOONG_ZIP) $(OTA_PUBLIC_KEYS) $(extra_keys) $(RECOVERY_INSTALL_OTA_KEYS): $(SOONG_ZIP) $(DEFAULT_OTA_CERTIFICATE).x509.pem $(extra_keys) $(hide) rm -f $@ $(hide) mkdir -p $(dir $@) $(hide) $(SOONG_ZIP) -o $@ $(foreach key_file, $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys), -C $(dir $(key_file)) -f $(key_file)) Loading Loading
core/Makefile +20 −6 Original line number Diff line number Diff line Loading @@ -1292,10 +1292,15 @@ $(winpthreads_notice_file): \ # # This rule adds to ALL_DEFAULT_INSTALLED_MODULES, so it needs to come # before the rules that use that variable to build the image. ifneq (,$(wildcard user-keys/releasekey.x509.pem)) DEFAULT_OTA_CERTIFICATE := user-keys/releasekey else DEFAULT_OTA_CERTIFICATE := $(DEFAULT_KEY_CERT_PAIR) endif ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/security/otacerts.zip $(TARGET_OUT_ETC)/security/otacerts.zip: PRIVATE_CERT := $(DEFAULT_KEY_CERT_PAIR).x509.pem $(TARGET_OUT_ETC)/security/otacerts.zip: PRIVATE_CERT := $(DEFAULT_OTA_CERTIFICATE).x509.pem $(TARGET_OUT_ETC)/security/otacerts.zip: $(SOONG_ZIP) $(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_KEY_CERT_PAIR).x509.pem $(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_OTA_CERTIFICATE).x509.pem $(hide) rm -f $@ $(hide) mkdir -p $(dir $@) $(hide) $(SOONG_ZIP) -o $@ -C $(dir $(PRIVATE_CERT)) -f $(PRIVATE_CERT) Loading @@ -1305,8 +1310,13 @@ $(TARGET_OUT_ETC)/security/otacerts.zip: $(DEFAULT_KEY_CERT_PAIR).x509.pem # format. ifeq ($(AB_OTA_UPDATER),true) ifneq ($(PRODUCT_IOT),true) ifneq (,$(wildcard user-keys/releasekey.x509.pem)) DEFAULT_OTA_CERTIFICATE := user-keys/releasekey else DEFAULT_OTA_CERTIFICATE := $(DEFAULT_KEY_CERT_PAIR) endif ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(DEFAULT_KEY_CERT_PAIR).x509.pem $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(DEFAULT_OTA_CERTIFICATE).x509.pem $(hide) rm -f $@ $(hide) mkdir -p $(dir $@) $(hide) openssl x509 -pubkey -noout -in $< > $@ Loading Loading @@ -1910,15 +1920,19 @@ endif # Keys authorized to sign OTA packages this build will accept. The # build always uses dev-keys for this; release packaging tools will # substitute other keys for this one. OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem ifneq (,$(wildcard user-keys/releasekey.x509.pem)) DEFAULT_OTA_CERTIFICATE := user-keys/releasekey else DEFAULT_OTA_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) endif # Generate a file containing the keys that will be read by the # recovery binary. RECOVERY_INSTALL_OTA_KEYS := \ $(call intermediates-dir-for,PACKAGING,ota_keys)/otacerts.zip $(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(OTA_PUBLIC_KEYS) $(RECOVERY_INSTALL_OTA_KEYS): PRIVATE_OTA_PUBLIC_KEYS := $(DEFAULT_OTA_CERTIFICATE).x509.pem $(RECOVERY_INSTALL_OTA_KEYS): extra_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) $(RECOVERY_INSTALL_OTA_KEYS): $(SOONG_ZIP) $(OTA_PUBLIC_KEYS) $(extra_keys) $(RECOVERY_INSTALL_OTA_KEYS): $(SOONG_ZIP) $(DEFAULT_OTA_CERTIFICATE).x509.pem $(extra_keys) $(hide) rm -f $@ $(hide) mkdir -p $(dir $@) $(hide) $(SOONG_ZIP) -o $@ $(foreach key_file, $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys), -C $(dir $(key_file)) -f $(key_file)) Loading
