am 81703a19: Merge "Support for product-specific dev keys." into ics-factoryrom
* commit '81703a19001ec219c35cb0ecf9bafb6e0dbc1e1d':
Support for product-specific dev keys.
diff --git a/core/Makefile b/core/Makefile
index a3cfdd5..eb4c762 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -77,9 +77,9 @@
ifeq ($(TARGET_BUILD_TYPE),debug)
BUILD_VERSION_TAGS += debug
endif
-# Apps are always signed with test keys, and may be re-signed in a post-build
-# step. If that happens, the "test-keys" tag will be removed by that step.
-BUILD_VERSION_TAGS += test-keys
+# Apps are always signed with dev keys, and may be re-signed in a post-build
+# step. If that happens, the "dev-keys" tag will be removed by that step.
+BUILD_VERSION_TAGS += dev-keys
BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS)))
# A human-readable string that descibes this build in detail.
@@ -266,11 +266,11 @@
# -----------------------------------------------------------------
-# The test key is used to sign this package, and as the key required
+# The dev key is used to sign this package, and as the key required
# for future OTA packages installed by this system. Actual product
# deliverables will be re-signed by hand. We expect this file to
# exist with the suffixes ".x509.pem" and ".pk8".
-DEFAULT_KEY_CERT_PAIR := $(SRC_TARGET_DIR)/product/security/testkey
+DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
# Rules that need to be present for the all targets, even
@@ -657,9 +657,9 @@
endif
# Keys authorized to sign OTA packages this build will accept. The
-# build always uses test-keys for this; release packaging tools will
+# build always uses dev-keys for this; release packaging tools will
# substitute other keys for this one.
-OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem
+OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
# Generate a file containing the keys that will be read by the
# recovery binary.
@@ -1106,6 +1106,7 @@
ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG
$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt
endif
+ $(hide) echo "default_system_dev_certificate=$(DEFAULT_SYSTEM_DEV_CERTIFICATE)" >> $(zip_root)/META/misc_info.txt
ifdef PRODUCT_EXTRA_RECOVERY_KEYS
$(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt
endif
diff --git a/core/config.mk b/core/config.mk
index c4f08fd..41e60ea 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -288,6 +288,13 @@
APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX)
APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)"
+# The default key if not set as LOCAL_CERTIFICATE
+ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
+ DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
+else
+ DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
+endif
+
# ###############################################################
# Set up final options.
# ###############################################################
diff --git a/core/package.mk b/core/package.mk
index 9f54bb0..398e487 100644
--- a/core/package.mk
+++ b/core/package.mk
@@ -304,20 +304,20 @@
# Secure release builds will have their packages signed after the fact,
# so it's ok for these private keys to be in the clear.
ifeq ($(LOCAL_CERTIFICATE),)
- LOCAL_CERTIFICATE := testkey
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
endif
ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
# The special value "EXTERNAL" means that we will sign it with the
- # default testkey, apply predexopt, but then expect the final .apk
+ # default devkey, apply predexopt, but then expect the final .apk
# (after dexopting) to be signed by an outside tool.
- LOCAL_CERTIFICATE := testkey
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1
endif
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
- LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE)
+ LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
private_key := $(LOCAL_CERTIFICATE).pk8
certificate := $(LOCAL_CERTIFICATE).x509.pem
diff --git a/core/prebuilt.mk b/core/prebuilt.mk
index 935bce1..8c03341 100644
--- a/core/prebuilt.mk
+++ b/core/prebuilt.mk
@@ -93,7 +93,7 @@
#
# This can be used for packages where we don't have access to the
# keys, but want the package to be predexopt'ed.
- LOCAL_CERTIFICATE := testkey
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1
endif
ifeq ($(LOCAL_CERTIFICATE),)
@@ -114,7 +114,7 @@
else
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
- LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE)
+ LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
diff --git a/core/product.mk b/core/product.mk
index 2efc446..72cb2f7 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -82,7 +82,9 @@
PRODUCT_SDK_ADDON_COPY_FILES \
PRODUCT_SDK_ADDON_COPY_MODULES \
PRODUCT_SDK_ADDON_DOC_MODULE \
- PRODUCT_DEFAULT_WIFI_CHANNELS
+ PRODUCT_DEFAULT_WIFI_CHANNELS \
+ PRODUCT_DEFAULT_DEV_CERTIFICATE \
+
define dump-product
$(info ==== $(1) ====)\
@@ -232,6 +234,9 @@
BOARD_INSTALLER_CMDLINE \
+_product_stash_var_list += \
+ DEFAULT_SYSTEM_DEV_CERTIFICATE
+
#
# Stash vaues of the variables in _product_stash_var_list.
# $(1): Renamed prefix
diff --git a/core/product_config.mk b/core/product_config.mk
index 1567f6d..e673d5c 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -112,8 +112,8 @@
# The build server wants to do make PRODUCT-dream-installclean
# which really means TARGET_PRODUCT=dream make installclean.
ifneq ($(filter-out $(INTERNAL_VALID_VARIANTS),$(TARGET_BUILD_VARIANT)),)
- MAKECMDGOALS := $(MAKECMDGOALS) $(TARGET_BUILD_VARIANT)
- TARGET_BUILD_VARIANT := eng
+ MAKECMDGOALS := $(MAKECMDGOALS) $(TARGET_BUILD_VARIANT)
+ TARGET_BUILD_VARIANT := eng
default_goal_substitution :=
else
default_goal_substitution := $(DEFAULT_GOAL)
@@ -232,8 +232,8 @@
# Default to medium-density assets.
# (Can be overridden in the device config, e.g.: PRODUCT_AAPT_CONFIG += hdpi)
PRODUCT_AAPT_CONFIG := $(strip \
- $(PRODUCT_AAPT_CONFIG) \
- $(if $(filter %dpi,$(PRODUCT_AAPT_CONFIG)),,mdpi))
+ $(PRODUCT_AAPT_CONFIG) \
+ $(if $(filter %dpi,$(PRODUCT_AAPT_CONFIG)),,mdpi))
# Everyone gets nodpi assets which are density-independent.
PRODUCT_AAPT_CONFIG += nodpi
@@ -241,7 +241,7 @@
# Convert spaces to commas.
comma := ,
PRODUCT_AAPT_CONFIG := \
- $(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG)))
+ $(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG)))
PRODUCT_BRAND := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_BRAND))
@@ -251,7 +251,7 @@
endif
PRODUCT_MANUFACTURER := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER))
ifndef PRODUCT_MANUFACTURER
PRODUCT_MANUFACTURER := unknown
endif
@@ -263,7 +263,16 @@
endif
PRODUCT_DEFAULT_WIFI_CHANNELS := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS))
+
+PRODUCT_DEFAULT_DEV_CERTIFICATE := \
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_DEV_CERTIFICATE))
+ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
+ifneq (1,$(words $(PRODUCT_DEFAULT_DEV_CERTIFICATE)))
+ $(error PRODUCT_DEFAULT_DEV_CERTIFICATE='$(PRODUCT_DEFAULT_DEV_CERTIFICATE)', \
+ only 1 certificate is allowed.)
+endif
+endif
# A list of words like <source path>:<destination path>. The file at
# the source path should be copied to the destination path when building
@@ -271,26 +280,26 @@
# it should look like, e.g., "system/etc/file.xml". The rules
# for these copy steps are defined in config/Makefile.
PRODUCT_COPY_FILES := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COPY_FILES))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COPY_FILES))
# The HTML file containing the contributors to the project.
PRODUCT_CONTRIBUTORS_FILE := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CONTRIBUTORS_FILE))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CONTRIBUTORS_FILE))
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
PRODUCT_PROPERTY_OVERRIDES := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES))
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to default.prop
PRODUCT_DEFAULT_PROPERTY_OVERRIDES := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES))
# Should we use the default resources or add any product specific overlays
PRODUCT_PACKAGE_OVERLAYS := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGE_OVERLAYS))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGE_OVERLAYS))
DEVICE_PACKAGE_OVERLAYS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).DEVICE_PACKAGE_OVERLAYS))
@@ -299,8 +308,8 @@
# Add the product-defined properties to the build properties.
ADDITIONAL_BUILD_PROPERTIES := \
- $(ADDITIONAL_BUILD_PROPERTIES) \
- $(PRODUCT_PROPERTY_OVERRIDES)
+ $(ADDITIONAL_BUILD_PROPERTIES) \
+ $(PRODUCT_PROPERTY_OVERRIDES)
# The OTA key(s) specified by the product config, if any. The names
# of these keys are stored in the target-files zip so that post-build