scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-25 17:27:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Android signing to support signature scheme v2

Browse Source 
Signature Scheme V2 was introduced in N.

TEST=(prepare)
     1. Produce A.img by running the original sign_android_image.sh on a
        test image.
     2. Produce B.img by running the new sign_android_image.sh on the
        same image.
TEST=Check Settings.apk with apksigner.  Saw only v1 signature exists
     with A.img, and only v2 exists with B.img, as expected.
     Certificates on both APKs have the same fingerprint.
TEST=Login with A to create a new /data state, then login with B.
     Platform apps still run.  No signature error in logcat.
BRANCH=none
BUG=b:67942659

Change-Id: Ibabc399563bfdc92836856a377997405cc660483
Reviewed-on: https://chromium-review.googlesource.com/993153
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This commit is contained in:
Victor Hsieh
2018-04-03 10:09:51 -07:00
committed by chrome-bot
parent cbfb60ff47
commit 392211f035
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/image_signing/sign_android_image.sh
View File

@@ -82,19 +82,21 @@ build flavor '${flavor_prop}'."
local temp_dir="$(make_temp_dir)"
local temp_apk="${temp_dir}/temp.apk"
local signed_apk="${temp_dir}/signed.apk"
local aligned_apk="${temp_dir}/aligned.apk"
# Follow the standard manual signing process. See
# https://developer.android.com/studio/publish/app-signing.html.
cp -a "${apk}" "${temp_apk}"
# Explicitly remove existing signature.
zip -q "${temp_apk}" -d "META-INF/*"
# Signapk now creates signature of APK Signature Scheme v2. No further APK
# changes should happen afterward. Also note that signapk now takes care of
# zipalign.
signapk "${key_dir}/$keyname.x509.pem" "${key_dir}/$keyname.pk8" \
"${temp_apk}" "${signed_apk}" > /dev/null
zipalign 4 "${signed_apk}" "${aligned_apk}"
# Copy the content instead of mv to avoid owner/mode changes.
sudo cp "${aligned_apk}" "${apk}" && rm -f "${aligned_apk}"
sudo cp "${signed_apk}" "${apk}" && rm -f "${signed_apk}"
# Set timestamp rounded to second since squash file system has resolution
# in seconds. Required in order for the packages cache generator output is