change OTA tools to handle variable dev keys

  -b  (--board_config)  <file>

      Deprecated.

  -k  (--package_key)  <key>

      Key to use to sign the package (default is

      "build/target/product/security/testkey").

  -k (--package_key) <key> Key to use to sign the package (default is

      the value of default_system_dev_certificate from the input

      target-files's META/misc_info.txt, or

      "build/target/product/security/testkey" if that value is not

      specified).

      For incremental OTAs, the default value is based on the source

      target-file, not the target build.

  -i  (--incremental_from)  <file>

      Generate an incremental OTA using the given target-files zip as

import edify_generator

OPTIONS = common.OPTIONS

OPTIONS.package_key = "build/target/product/security/testkey"

OPTIONS.package_key = None

OPTIONS.incremental_source = None

OPTIONS.require_verbatim = set()

OPTIONS.prohibit_verbatim = set(("system/build.prop",))

    OPTIONS.device_specific = os.path.normpath(OPTIONS.device_specific)

    print "using device-specific extensions in", OPTIONS.device_specific

  if OPTIONS.package_key:

  temp_zip_file = tempfile.NamedTemporaryFile()

  output_zip = zipfile.ZipFile(temp_zip_file, "w",

                               compression=zipfile.ZIP_DEFLATED)

  else:

    output_zip = zipfile.ZipFile(args[1], "w",

                                 compression=zipfile.ZIP_DEFLATED)

  if OPTIONS.incremental_source is None:

    WriteFullOTAPackage(input_zip, output_zip)

    if OPTIONS.package_key is None:

      OPTIONS.package_key = OPTIONS.info_dict.get(

          "default_system_dev_certificate",

          "build/target/product/security/testkey")

  else:

    print "unzipping source target-files..."

    OPTIONS.source_tmp, source_zip = common.UnzipTemp(OPTIONS.incremental_source)

    OPTIONS.target_info_dict = OPTIONS.info_dict

    OPTIONS.source_info_dict = common.LoadInfoDict(source_zip)

    if OPTIONS.package_key is None:

      OPTIONS.package_key = OPTIONS.source_info_dict.get(

          "default_system_dev_certificate",

          "build/target/product/security/testkey")

    if OPTIONS.verbose:

      print "--- source info ---"

      common.DumpInfoDict(OPTIONS.source_info_dict)

    WriteIncrementalOTAPackage(input_zip, source_zip, output_zip)

  output_zip.close()

  if OPTIONS.package_key:

  SignOutput(temp_zip_file.name, args[1])

  temp_zip_file.close()

  -d  (--default_key_mappings)  <dir>

      Set up the following key mappings:

        build/target/product/security/testkey   ==>  $dir/releasekey

        build/target/product/security/media     ==>  $dir/media

        build/target/product/security/shared    ==>  $dir/shared

        build/target/product/security/platform  ==>  $dir/platform

        $devkey/devkey    ==>  $dir/releasekey

        $devkey/testkey   ==>  $dir/releasekey

        $devkey/media     ==>  $dir/media

        $devkey/shared    ==>  $dir/shared

        $devkey/platform  ==>  $dir/platform

      where $devkey is the directory part of the value of

      default_system_dev_certificate from the input target-files's

      META/misc_info.txt.  (Defaulting to "build/target/product/security"

      if the value is not present in misc_info.

      -d and -k options are added to the set of mappings in the order

      in which they appear on the command line.

      the last component of the build fingerprint).  Prefix each with

      '+' or '-' to indicate whether that tag should be added or

      removed.  Changes are processed in the order they appear.

      Default value is "-test-keys,+release-keys".

      Default value is "-test-keys,-dev-keys,+release-keys".

"""

OPTIONS.extra_apks = {}

OPTIONS.key_map = {}

OPTIONS.replace_ota_keys = False

OPTIONS.tag_changes = ("-test-keys", "+release-keys")

OPTIONS.tag_changes = ("-test-keys", "-dev-keys", "+release-keys")

def GetApkCerts(tf_zip):

  certmap = common.ReadApkCerts(tf_zip)

  return "\n".join(output) + "\n"

def ReplaceOtaKeys(input_tf_zip, output_tf_zip):

def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):

  try:

    keylist = input_tf_zip.read("META/otakeys.txt").split()

  except KeyError:

    raise ExternalError("can't read META/otakeys.txt from input")

  misc_info = common.LoadInfoDict(input_tf_zip)

  extra_recovery_keys = misc_info.get("extra_recovery_keys", None)

  if extra_recovery_keys:

    extra_recovery_keys = [OPTIONS.key_map.get(k, k) + ".x509.pem"

    print "using:\n   ", "\n   ".join(mapped_keys)

    print "for OTA package verification"

  else:

    mapped_keys.append(

        OPTIONS.key_map.get("build/target/product/security/testkey",

    devkey = misc_info.get("default_system_dev_certificate",

                           "build/target/product/security/testkey")

        + ".x509.pem")

    mapped_keys.append(

        OPTIONS.key_map.get(devkey, devkey) + ".x509.pem")

    print "META/otakeys.txt has no keys; using", mapped_keys[0]

  # recovery uses a version of the key that has been slightly

                     tempfile.getvalue())

def BuildKeyMap(misc_info, key_mapping_options):

  for s, d in key_mapping_options:

    if s is None:   # -d option

      devkey = misc_info.get("default_system_dev_certificate",

                             "build/target/product/security/testkey")

      devkeydir = os.path.dirname(devkey)

      OPTIONS.key_map.update({

          devkeydir + "/testkey":  d + "/releasekey",

          devkeydir + "/devkey":   d + "/releasekey",

          devkeydir + "/media":    d + "/media",

          devkeydir + "/shared":   d + "/shared",

          devkeydir + "/platform": d + "/platform",

          })

    else:

      OPTIONS.key_map[s] = d

def main(argv):

  key_mapping_options = []

  def option_handler(o, a):

    if o in ("-e", "--extra_apks"):

      names, key = a.split("=")

      for n in names:

        OPTIONS.extra_apks[n] = key

    elif o in ("-d", "--default_key_mappings"):

      OPTIONS.key_map.update({

          "build/target/product/security/testkey": "%s/releasekey" % (a,),

          "build/target/product/security/media": "%s/media" % (a,),

          "build/target/product/security/shared": "%s/shared" % (a,),

          "build/target/product/security/platform": "%s/platform" % (a,),

          })

      key_mapping_options.append((None, a))

    elif o in ("-k", "--key_mapping"):

      s, d = a.split("=")

      OPTIONS.key_map[s] = d

      key_mapping_options.append(a.split("=", 1))

    elif o in ("-o", "--replace_ota_keys"):

      OPTIONS.replace_ota_keys = True

    elif o in ("-t", "--tag_changes"):

  input_zip = zipfile.ZipFile(args[0], "r")

  output_zip = zipfile.ZipFile(args[1], "w")

  misc_info = common.LoadInfoDict(input_zip)

  BuildKeyMap(misc_info, key_mapping_options)

  apk_key_map = GetApkCerts(input_zip)

  CheckAllApksSigned(input_zip, apk_key_map)