Extracts keyid inline using openssl commands.
The keyid is passed as one of the kernel command line parameters
for the dm-android-verity module to mount root fs(system)
with verity enabled.
(cherry-picked from 3af315aed5https://googleplex-android-review.git.corp.google.com/#/c/1061691/)
BUG: 28384658
Change-Id: I8efbe1b0e415ef1d396f9b51cfa4b3fa01b22484
All instances have disappeared from the build server, so switch this to
error before more turn up.
Change-Id: Iac07526a6e77ebf33733033249f2a108aae3fa7d
Allow exceptions specified by module (VENDOR_EXCEPTION_MODULES) and
path (VENDOR_EXCEPTION_PATHS, not including leading vendor/).
BUG=26968426
Change-Id: I068e43f3eae14f8793c33ae916d46979ab1681d1
system_root_image expects the key at ROOT/verity_key as opposed to
BOOT/verity_key. Also refactor the verity key replacement lines.
Bug: 29397395
Test: 'sign_target_files_apks.py --replace_verity_private_key newkey --replace_verity_public_key newkey.pub target_files.zip signed-target_files.zip' and verify the replaced key in boot.img.
Change-Id: I58a5defff4be008ad55d4b5a5b7148569c3b8d66
(cherry picked from commit e0ee794fa1)
For A/B OTAs, by default it calls 'openssl pkeyutl' to sign the payload
and metadata with the package private key. If the private key cannot be
accessed directly, a payload signer that knows how to do that should be
supplied via "--payload_signer <signer>".
The signer will be called with "-inkey <path_to_private_key>",
"-in <input_file>" and "-out <output_file>" parameters.
Test: Use a dummy signer, call 'ota_from_target_files.py --payload_signer <signer> <target_files.zip> <ota.zip>' and verify the signatures in the generated package.
Bug: 28701652
Change-Id: I26cfdd3fdba6fc90799221741b75426988e46fd3
(cherry picked from commit dea0f8bfed)
Replace verity keyid with the keyid extracted from cert
passed through --replace_verity_keyid. The veritykeyid in the
BOOT/cmdline of input target files is replaced with keyid
extracted from --replace_verity_keyid and written to the
output target files.
BUG: 28384658
Change-Id: Ic683f36f543c4fcd94b6f95e40f01200fbf45ee1
(cherry picked from commit b58d23fe00)
It replaces the package verification key (change of path due to
system_root_image flag), as well as the payload verification key.
Bug: 29397395
Change-Id: I10435072aaf4356f2d8b5e1b6e82eb9cead7ad62
(cherry picked from commit 24a7206430)
* Add expand/collapse-all buttons to expand/collapse all warnings.
* Use HTML styles to reduce output file size.
Change-Id: Ica188cc4f123ce0ab8547f88315325c3e0560a39
Test: Checked output html file with Chrome browser.
This should make it easier to add parameters/options without breaking
existing clients.
Bug: 27461702
Change-Id: Ia4577f78d703a6b91828dd08492c78d5e9afb110
Now that the source trees all use NATIVE_TESTS for intermediate files
and generated sources, make it a requirement.
Change-Id: Id5718fabe63f6e8dde7981a6f0f5bd89e0ec7ee5
Standardize symlinking /system/vendor -> /vendor for aosp_* devices,
since some /vendor binaries still use /system/vendor/... paths.
Support using a prebuilt vendor image and including it into all the
normal packaging steps.
Bug: 28987532
Change-Id: I27040e8a8d1df0777e16cd1e3c3a9f1b28695e96
This surfaces relevant NoSuchAlgorithmExceptions to the caller instead
of rethrowing as other exception types. Some setups need to be able to
distringuish issues due to their own misconfiguration
(required crypto algorithm mising -- NoSuchAlgorithmException) from
issues with the APK being signed or verified.
Bug: 27461702
Change-Id: I993f73edb29b2cd4cc485734a89a924ec357ef19
This enables verification of APKs which are served to a specific
range of Android platform versions, or to replicate behavior of
particular platform versions.
Bug: 27461702
Change-Id: I44ab4c99419eb97d72c4ccd109137fe1efda577d
We're moving the platform/build repository down a level, then symlinking
the directories and necessary files back into build/. So if we're still
in build/, keep searching for Android.mk files, otherwise stop, since
they'll be found through the symlinks.
Bug: 28001743
Change-Id: Ieea6e3b1fca265b548395c6af148ebb4efa43b0f
