Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / build / e121d6acf47c3056e079ff62c82171e889cec3e0^! / . / tools / releasetools / sign_target_files_apks
commite121d6acf47c3056e079ff62c82171e889cec3e0[log] [tgz]
authorDoug Zongker <dougz@android.com>Tue Feb 01 14:13:52 2011 -0800
committerDoug Zongker <dougz@android.com>Tue Feb 01 14:13:52 2011 -0800
tree2656ef9b50282c3f588665964ff7255af7388547
parent91aea02de8e389aa2f9c01ab189c30323f7c9569 [diff] [blame]
support TARGET_EXTRA_RECOVERY_KEYS

Specifying one or more key files (without .x509.pem extension) as
TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable
keys for recovery packages.  They are *not* included in otacerts.zip,
so actual downloaded over-the-air packages can't use them, but they
can be used to sign sideload-only packages.

Bug: 3413359
Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776

diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks
index 5fca691..5353063 100755
--- a/tools/releasetools/sign_target_files_apks
+++ b/tools/releasetools/sign_target_files_apks

@@ -204,6 +204,17 @@
   except KeyError:
     raise ExternalError("can't read META/otakeys.txt from input")
 
+  misc_info = common.LoadInfoDict(input_tf_zip)
+
+  extra_recovery_keys = misc_info.get("extra_recovery_keys", None)
+  if extra_recovery_keys:
+    extra_recovery_keys = [OPTIONS.key_map.get(k, k) + ".x509.pem"
+                           for k in extra_recovery_keys.split()]
+    if extra_recovery_keys:
+      print "extra recovery-only key(s): " + ", ".join(extra_recovery_keys)
+  else:
+    extra_recovery_keys = []
+
   mapped_keys = []
   for k in keylist:
     m = re.match(r"^(.*)\.x509\.pem$", k)
@@ -217,15 +228,18 @@
     print "for OTA package verification"
   else:
     mapped_keys.append(
-        OPTIONS.key_map["build/target/product/security/testkey"] + ".x509.pem")
+        OPTIONS.key_map.get("build/target/product/security/testkey",
+                            "build/target/product/security/testkey")
+        + ".x509.pem")
     print "META/otakeys.txt has no keys; using", mapped_keys[0]
 
   # recovery uses a version of the key that has been slightly
   # predigested (by DumpPublicKey.java) and put in res/keys.
+  # extra_recovery_keys are used only in recovery.
 
   p = common.Run(["java", "-jar",
                   os.path.join(OPTIONS.search_path, "framework", "dumpkey.jar")]
-                 + mapped_keys,
+                 + mapped_keys + extra_recovery_keys,
                  stdout=subprocess.PIPE)
   data, _ = p.communicate()
   if p.returncode != 0:
@@ -234,6 +248,7 @@
 
   # SystemUpdateActivity uses the x509.pem version of the keys, but
   # put into a zipfile system/etc/security/otacerts.zip.
+  # We DO NOT include the extra_recovery_keys (if any) here.
 
   tempfile = cStringIO.StringIO()
   certs_zip = zipfile.ZipFile(tempfile, "w")