Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d13b9a24 authored by Justin Yun's avatar Justin Yun
Browse files

Move otacerts module from Android.mk to Android.bp 

Remove the otacerts module defined in Android.mk. Instead, provide
variables to soong.

Bug: 335364209
Test: Define "PRODUCT_DEFAULT_DEV_CERTIFICATE := \
                 build/make/target/product/security/testkey" and
      m aosp_cf_system_x86_64
Change-Id: I99a484e04984da8bd7f58deecd90c880de16fd71
parent dc7ecb5c

core/soong_config.mk

+2 −0
Original line number Diff line number Diff line
@@ -109,6 +109,8 @@ $(call add_json_str, AAPTPreferredConfig, $(PRODUCT_AAPT_PREF_CON 
$(call add_json_list, AAPTPrebuiltDPI,                   $(PRODUCT_AAPT_PREBUILT_DPI))



$(call add_json_str,  DefaultAppCertificate,             $(PRODUCT_DEFAULT_DEV_CERTIFICATE))

$(call add_json_list, ExtraOtaKeys,                      $(PRODUCT_EXTRA_OTA_KEYS))

$(call add_json_list, ExtraOtaRecoveryKeys,              $(PRODUCT_EXTRA_RECOVERY_KEYS))

$(call add_json_str,  MainlineSepolicyDevCertificates,   $(MAINLINE_SEPOLICY_DEV_CERTIFICATES))



$(call add_json_str,  AppsDefaultVersionName,            $(APPS_DEFAULT_VERSION_NAME))

target/product/security/Android.bp

+12 −0
Original line number Diff line number Diff line
@@ -25,3 +25,15 @@ prebuilt_etc { 
    sub_dir: "security/fsverity",

    filename_from_src: true,

}



// otacerts: A keystore with the authorized keys in it, which is used to verify

// the authenticity of downloaded OTA packages.

// This module zips files defined in PRODUCT_DEFAULT_DEV_CERTIFICATE and

// PRODUCT_EXTRA_OTA_KEYS for system or PRODUCT_EXTRA_RECOVERY_KEYS for recovery

// image

otacerts_zip {

    name: "otacerts",

    recovery_available: true,

    relative_install_path: "security",

    filename: "otacerts.zip",

}

target/product/security/Android.mk

+0 −51
Original line number Diff line number Diff line
@@ -15,54 +15,3 @@ ifdef PRODUCT_ADB_KEYS 
    include $(BUILD_PREBUILT)

  endif

endif
 




#######################################

# otacerts: A keystore with the authorized keys in it, which is used to verify the authenticity of

# downloaded OTA packages.

include $(CLEAR_VARS)



LOCAL_MODULE := otacerts

LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0

LOCAL_LICENSE_CONDITIONS := notice

LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE

LOCAL_MODULE_CLASS := ETC

LOCAL_MODULE_STEM := otacerts.zip

LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security

include $(BUILD_SYSTEM)/base_rules.mk



extra_ota_keys := $(addsuffix .x509.pem,$(PRODUCT_EXTRA_OTA_KEYS))



$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem

$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_OTA_KEYS := $(extra_ota_keys)

$(LOCAL_BUILT_MODULE): \

	    $(SOONG_ZIP) \

	    $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \

	    $(extra_ota_keys)

	$(SOONG_ZIP) -o $@ -j -symlinks=false \

	    $(addprefix -f ,$(PRIVATE_CERT) $(PRIVATE_EXTRA_OTA_KEYS))





#######################################

# otacerts for recovery image.

include $(CLEAR_VARS)



LOCAL_MODULE := otacerts.recovery

LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0

LOCAL_LICENSE_CONDITIONS := notice

LOCAL_NOTICE_FILE := build/soong/licenses/LICENSE

LOCAL_MODULE_CLASS := ETC

LOCAL_MODULE_STEM := otacerts.zip

LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security

include $(BUILD_SYSTEM)/base_rules.mk



extra_recovery_keys := $(addsuffix .x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))



$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem

$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys)

$(LOCAL_BUILT_MODULE): \

	    $(SOONG_ZIP) \

	    $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \

	    $(extra_recovery_keys)

	$(SOONG_ZIP) -o $@ -j -symlinks=false \

	    $(addprefix -f ,$(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS))