Update build script for apex signing
Description
Update builds scripts for signing apex modules.
Recently we found a vulnerability in /e/OS. As reported in this tweet. We were not properly signing as lineage mentioned in their wiki. So adapt our script for this changes
Issue(s)
https://gitlab.e.foundation/e/os/backlog/-/issues/1893
Test environment
- Install a build on a existing /e/OS device
- Fresh install with bootloader locked
- Fresh install with unlocked bootloader
Test procedures
Run a pipeline build using these branches for your devices
- 1880-t-apex_sign
- 1880-s-apex_sign
- 1880-r-apex_sign
Technical details
Signing our final OTA zip using wiki provided by lineage
https://wiki.lineageos.org/signing_builds#generate-keys-without-a-password
Changes: -
- Sign OTA Zip including apex modules
- Create IMG-*.zip same as before and make sure its working when bootloader/unlocked
- Create QFIL-*.zip same as before and make sure its working when bootloader/unlocked
- Make sure browser doesn't break after signing
Screenshots
Check list
-
Self review -
Test procedure explained -
Tested on fresh install -
Tested applied as an update -
License -
Internal documentation -
User documentation
Edited by Mohammed Althaf Thayyil