Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 78369ebb authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

Avoid signing debuggable boot-debug.img 

The boot-debug.img should NOT be release signed and can only be used
if the device is unlocked. Adding a check to prevent the tool from
signing this debuggable boot.img.

See the following for more details about boot-debug.img:

  https://android-review.googlesource.com/c/platform/build/+/947857

Bug: 126493225
Test: put a file /force_debuggable into boot.img, checks the following
      command fails:
        ./build/tools/releasetools/sign_target_files_apks \
        out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: Ia5232949cb9582d2b4eaa171d9e9f3fe7317d418
parent 7b3e97b1

tools/releasetools/sign_target_files_apks.py

+7 −0
Original line number Diff line number Diff line
@@ -602,6 +602,13 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, 
        print("    Rewriting AVB public key of system_other in /product")

        common.ZipWrite(output_tf_zip, public_key, filename)



    # Should NOT sign boot-debug.img.

    elif filename in (

        "BOOT/RAMDISK/force_debuggable",

        "RECOVERY/RAMDISK/force_debuggable"

        "RECOVERY/RAMDISK/first_stage_ramdisk/force_debuggable"):

      raise common.ExternalError("debuggable boot.img cannot be signed")



    # A non-APK file; copy it verbatim.

    else:

      common.ZipWriteStr(output_tf_zip, out_info, data)