Details:
* New --signapk_path, --extra_signapk_args, --java_path.
* New --public_key_suffix, --private_key_suffix so you can change the filenames.
* Fixes raising exceptions on error.
Change-Id: I0b7014b6d779d52ae896f95dfecb1bcccf536cf4
The signing and OTA-building tools now understand the
default_sys_dev_certificate value which may be present in the
META/misc_info.txt file of the target-files packages.
Change-Id: I64f09ec0b77a5184b6ddb74019255518776ee773
Specifying one or more key files (without .x509.pem extension) as
TARGET_EXTRA_RECOVERY_KEYS causes them to be included as acceptable
keys for recovery packages. They are *not* included in otacerts.zip,
so actual downloaded over-the-air packages can't use them, but they
can be used to sign sideload-only packages.
Bug: 3413359
Change-Id: I6f248ffa35f0c6b125dd8a7517493017e236c776
Apply the same changes to tags to ro.build.tags that we do for the
tags in the fingerprint (ro.build.fingerprint) and the description
(ro.build.description).
Change-Id: Ie5a057d8f04cbc32d849f91e1f9d2ea7832e81f6
http://b/2363735 - release-key user builds ship with property ro.build.tags == test-keys
Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a
prebuilt or otherwise) as needing the default test key within the
system, but one that should be signed after the target_files is
produced but before sign_target_files_apks does the rest of the
signing. (We use this to ship apps on the system that are signed by
third parties, like Facebook.)
When unzipping a target-files which has been signed with OTA key
replacement, you'll get "overwrite this file?" prompts because the key
files appear in the zip files twice. Suppress these prompts.
Many developer phone products don't define PRODUCT_OTA_PUBLIC_KEYS, so
add a default key.
This change doesn't affect device code.
Replace the installation of the "radio image", which is an
HTC-specific notion, with calls to device-specific python modules that
can add whatever additional OTA script commands are necessary. Add
the -s flag to specify the location of the device-specific script
(replacing the unused -s flag in sign_target_files_apks).
The ota and img building scripts contained some hardcoded 'linux-x86'
paths. Remove and replace with a slightly redefined -p option.
Modify Makefile to pass correct -p when building.
In python 2.5 and earlier, ZipFile.writestr(filename, data) results in
the file being added to the archive with permissions 000. (See
http://svn.python.org/view?view=rev&revision=65235.) Work around this
by creating a ZipInfo object and setting the permissions explicitly.
Allow the user to set ANDROID_PW_FILE to the name of a file for
storing password keys. When the tools need additional passwords, they
will rewrite this file and invoke the user's editor for the new
passwords to be added. This allows passwords to be reused across
invocations of the signing tools, without making the user reenter them
every time.
Paranoid users can use a file stored in a ramdisk, or not use this
feature at all (the code will prompt for passwords in the ordinary way
when ANDROID_PW_FILE is not set).
All APKs that want to share a given user id must be signed with the
same key. Look inside each APK for what (if any) shared user id it
requests, and error out if any with the same shared user are being
signed with different keys.
To support devphone and holiday builds we need more control over the
build fingerprint tags; generalize the -t option so we can arbitrarily
add and remove tags.
Adds the -t option to sign_target_files_apks, which lets the user
specify extra tags that should be added to the build fingerprint
during the signing process.
through the key map. Clarify the help for the -e option to
make clear this should happen.
(This change doesn't affect device code.)
Original author: dougz
Merged from: //branches/cupcake/...
Automated import of CL 146194
The build system now (in donut) produces builds that use the testkey
cert for OTA package verification. Change the app-signing script to
also optionally substitute the "real" cert in both the recovery and
system images. Also fix bug where the build fingerprint and
description were not getting properly updated in the recovery
partition.
building images & OTA packages out of vendor/google.
No device code is touched by this change.
Original author: dougz
Merged from: //branches/cupcake/...
Automated import of CL 144270
