Loading core/Makefile +8 −7 Original line number Diff line number Diff line Loading @@ -71,9 +71,9 @@ BUILD_VERSION_TAGS := $(BUILD_VERSION_TAGS) ifeq ($(TARGET_BUILD_TYPE),debug) BUILD_VERSION_TAGS += debug endif # Apps are always signed with test keys, and may be re-signed in a post-build # step. If that happens, the "test-keys" tag will be removed by that step. BUILD_VERSION_TAGS += test-keys # Apps are always signed with dev keys, and may be re-signed in a post-build # step. If that happens, the "dev-keys" tag will be removed by that step. BUILD_VERSION_TAGS += dev-keys BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS))) # A human-readable string that descibes this build in detail. Loading Loading @@ -258,11 +258,11 @@ endif # ----------------------------------------------------------------- # The test key is used to sign this package, and as the key required # The dev key is used to sign this package, and as the key required # for future OTA packages installed by this system. Actual product # deliverables will be re-signed by hand. We expect this file to # exist with the suffixes ".x509.pem" and ".pk8". DEFAULT_KEY_CERT_PAIR := $(SRC_TARGET_DIR)/product/security/testkey DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) # Rules that need to be present for the all targets, even Loading Loading @@ -649,9 +649,9 @@ ifdef BOARD_KERNEL_PAGESIZE endif # Keys authorized to sign OTA packages this build will accept. The # build always uses test-keys for this; release packaging tools will # build always uses dev-keys for this; release packaging tools will # substitute other keys for this one. OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem # Generate a file containing the keys that will be read by the # recovery binary. Loading Loading @@ -1097,6 +1097,7 @@ endif ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG $(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt endif $(hide) echo "default_system_dev_certificate=$(DEFAULT_SYSTEM_DEV_CERTIFICATE)" >> $(zip_root)/META/misc_info.txt ifdef PRODUCT_EXTRA_RECOVERY_KEYS $(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt endif Loading core/config.mk +7 −0 Original line number Diff line number Diff line Loading @@ -288,6 +288,13 @@ APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/doclava$( APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX) APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)" # The default key if not set as LOCAL_CERTIFICATE ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE) else DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey endif # ############################################################### # Set up final options. # ############################################################### Loading core/package.mk +4 −4 Original line number Diff line number Diff line Loading @@ -299,20 +299,20 @@ endif # Secure release builds will have their packages signed after the fact, # so it's ok for these private keys to be in the clear. ifeq ($(LOCAL_CERTIFICATE),) LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) endif ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) # The special value "EXTERNAL" means that we will sign it with the # default testkey, apply predexopt, but then expect the final .apk # default devkey, apply predexopt, but then expect the final .apk # (after dexopting) to be signed by an outside tool. LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1 endif # If this is not an absolute certificate, assign it to a generic one. ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif private_key := $(LOCAL_CERTIFICATE).pk8 certificate := $(LOCAL_CERTIFICATE).x509.pem Loading core/prebuilt.mk +2 −2 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) # # This can be used for packages where we don't have access to the # keys, but want the package to be predexopt'ed. LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1 endif ifeq ($(LOCAL_CERTIFICATE),) Loading @@ -114,7 +114,7 @@ else ifeq ($(LOCAL_CERTIFICATE),PRESIGNED) else # If this is not an absolute certificate, assign it to a generic one. ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8 Loading core/product.mk +6 −1 Original line number Diff line number Diff line Loading @@ -82,7 +82,9 @@ _product_var_list := \ PRODUCT_SDK_ADDON_COPY_FILES \ PRODUCT_SDK_ADDON_COPY_MODULES \ PRODUCT_SDK_ADDON_DOC_MODULE \ PRODUCT_DEFAULT_WIFI_CHANNELS PRODUCT_DEFAULT_WIFI_CHANNELS \ PRODUCT_DEFAULT_DEV_CERTIFICATE \ define dump-product $(info ==== $(1) ====)\ Loading Loading @@ -232,6 +234,9 @@ _product_stash_var_list += \ BOARD_INSTALLER_CMDLINE \ _product_stash_var_list += \ DEFAULT_SYSTEM_DEV_CERTIFICATE # # Stash vaues of the variables in _product_stash_var_list. # $(1): Renamed prefix Loading Loading
core/Makefile +8 −7 Original line number Diff line number Diff line Loading @@ -71,9 +71,9 @@ BUILD_VERSION_TAGS := $(BUILD_VERSION_TAGS) ifeq ($(TARGET_BUILD_TYPE),debug) BUILD_VERSION_TAGS += debug endif # Apps are always signed with test keys, and may be re-signed in a post-build # step. If that happens, the "test-keys" tag will be removed by that step. BUILD_VERSION_TAGS += test-keys # Apps are always signed with dev keys, and may be re-signed in a post-build # step. If that happens, the "dev-keys" tag will be removed by that step. BUILD_VERSION_TAGS += dev-keys BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS))) # A human-readable string that descibes this build in detail. Loading Loading @@ -258,11 +258,11 @@ endif # ----------------------------------------------------------------- # The test key is used to sign this package, and as the key required # The dev key is used to sign this package, and as the key required # for future OTA packages installed by this system. Actual product # deliverables will be re-signed by hand. We expect this file to # exist with the suffixes ".x509.pem" and ".pk8". DEFAULT_KEY_CERT_PAIR := $(SRC_TARGET_DIR)/product/security/testkey DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) # Rules that need to be present for the all targets, even Loading Loading @@ -649,9 +649,9 @@ ifdef BOARD_KERNEL_PAGESIZE endif # Keys authorized to sign OTA packages this build will accept. The # build always uses test-keys for this; release packaging tools will # build always uses dev-keys for this; release packaging tools will # substitute other keys for this one. OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem # Generate a file containing the keys that will be read by the # recovery binary. Loading Loading @@ -1097,6 +1097,7 @@ endif ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG $(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt endif $(hide) echo "default_system_dev_certificate=$(DEFAULT_SYSTEM_DEV_CERTIFICATE)" >> $(zip_root)/META/misc_info.txt ifdef PRODUCT_EXTRA_RECOVERY_KEYS $(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt endif Loading
core/config.mk +7 −0 Original line number Diff line number Diff line Loading @@ -288,6 +288,13 @@ APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/doclava$( APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX) APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)" # The default key if not set as LOCAL_CERTIFICATE ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE) else DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey endif # ############################################################### # Set up final options. # ############################################################### Loading
core/package.mk +4 −4 Original line number Diff line number Diff line Loading @@ -299,20 +299,20 @@ endif # Secure release builds will have their packages signed after the fact, # so it's ok for these private keys to be in the clear. ifeq ($(LOCAL_CERTIFICATE),) LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) endif ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) # The special value "EXTERNAL" means that we will sign it with the # default testkey, apply predexopt, but then expect the final .apk # default devkey, apply predexopt, but then expect the final .apk # (after dexopting) to be signed by an outside tool. LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1 endif # If this is not an absolute certificate, assign it to a generic one. ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif private_key := $(LOCAL_CERTIFICATE).pk8 certificate := $(LOCAL_CERTIFICATE).x509.pem Loading
core/prebuilt.mk +2 −2 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ ifeq ($(LOCAL_CERTIFICATE),EXTERNAL) # # This can be used for packages where we don't have access to the # keys, but want the package to be predexopt'ed. LOCAL_CERTIFICATE := testkey LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE) PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1 endif ifeq ($(LOCAL_CERTIFICATE),) Loading @@ -114,7 +114,7 @@ else ifeq ($(LOCAL_CERTIFICATE),PRESIGNED) else # If this is not an absolute certificate, assign it to a generic one. ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./) LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE) LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE) endif PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8 Loading
core/product.mk +6 −1 Original line number Diff line number Diff line Loading @@ -82,7 +82,9 @@ _product_var_list := \ PRODUCT_SDK_ADDON_COPY_FILES \ PRODUCT_SDK_ADDON_COPY_MODULES \ PRODUCT_SDK_ADDON_DOC_MODULE \ PRODUCT_DEFAULT_WIFI_CHANNELS PRODUCT_DEFAULT_WIFI_CHANNELS \ PRODUCT_DEFAULT_DEV_CERTIFICATE \ define dump-product $(info ==== $(1) ====)\ Loading Loading @@ -232,6 +234,9 @@ _product_stash_var_list += \ BOARD_INSTALLER_CMDLINE \ _product_stash_var_list += \ DEFAULT_SYSTEM_DEV_CERTIFICATE # # Stash vaues of the variables in _product_stash_var_list. # $(1): Renamed prefix Loading
