mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-08 00:21:46 +00:00
image_signing: Fix detection of build flavor
The original "ro.product.name" of the Android image is modified by the Chrome OS build process to change it to the CrOS device name instead, which breaks the detection of the build flavor. Instead, we now rely on the "ro.build.flavor" property which is not modified. If the build flavor is either cheets_* or sdk_google_cheets_*, we expect the keys to be the cheets keys. AOSP keys are used for aosp_cheets_* build flavors. BUG=b:72947583 TEST=run against caroline image, scripts detects 'cheets' build flavor TEST=run against novato-arc64 image (SDK), script detects 'cheets' build flavor TEST=run against newbie image (AOSP), script detects 'aosp' build flavor TEST=run against invalid build property 'paosp_cheets_...', script aborts as expected BRANCH=None Change-Id: I662436b256b59238b00c7374120f315b538fcd75 Reviewed-on: https://chromium-review.googlesource.com/911905 Commit-Ready: Nicolas Norvez <norvez@chromium.org> Tested-by: Nicolas Norvez <norvez@chromium.org> Reviewed-by: Victor Hsieh <victorhsieh@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
This commit is contained in:
Nicolas Norvez
committed by
chrome-bot
chrome-bot
parent
6164b22471
commit
7efa7465b1
@@ -35,18 +35,18 @@ EOF
|
||||
# select key files.
|
||||
choose_key() {
|
||||
local sha1="$1"
|
||||
local flavor="$2"
|
||||
local keyset="$2"
|
||||
|
||||
if [[ "${flavor}" != "aosp" && "${flavor}" != "cheets" ]]; then
|
||||
error "Unknown Android build flavor '${flavor}'"
|
||||
if [[ "${keyset}" != "aosp" && "${keyset}" != "cheets" ]]; then
|
||||
error "Unknown Android build keyset '${keyset}'"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Fingerprints below are generated by:
|
||||
# 'cheets' flavor:
|
||||
# 'cheets' keyset:
|
||||
# $ keytool -file vendor/google/certs/cheetskeys/$NAME.x509.pem -printcert \
|
||||
# | grep SHA1:
|
||||
# 'aosp' flavor:
|
||||
# 'aosp' keyset:
|
||||
# $ keytool -file build/target/product/security/$NAME.x509.pem -printcert \
|
||||
# | grep SHA1:
|
||||
declare -A platform_sha=(
|
||||
@@ -67,16 +67,16 @@ choose_key() {
|
||||
)
|
||||
|
||||
case "${sha1}" in
|
||||
"${platform_sha["${flavor}"]}")
|
||||
"${platform_sha["${keyset}"]}")
|
||||
echo "platform"
|
||||
;;
|
||||
"${media_sha["${flavor}"]}")
|
||||
"${media_sha["${keyset}"]}")
|
||||
echo "media"
|
||||
;;
|
||||
"${shared_sha["${flavor}"]}")
|
||||
"${shared_sha["${keyset}"]}")
|
||||
echo "shared"
|
||||
;;
|
||||
"${release_sha["${flavor}"]}")
|
||||
"${release_sha["${keyset}"]}")
|
||||
# The release_sha[] fingerprint is from devkey. Translate to releasekey.
|
||||
echo "releasekey"
|
||||
;;
|
||||
@@ -94,14 +94,31 @@ choose_key() {
|
||||
sign_framework_apks() {
|
||||
local system_mnt="$1"
|
||||
local key_dir="$2"
|
||||
local product=""
|
||||
local build_flavor=""
|
||||
local flavor_prop=""
|
||||
local keyset=""
|
||||
|
||||
product=$(grep -a "^ro\.product\.name=" "${system_mnt}/system/build.prop" | \
|
||||
cut -d "=" -f2)
|
||||
build_flavor=$(echo "${product}" | cut -d "_" -f1)
|
||||
info "Found product name '${product}'."
|
||||
info "Detected build flavor '${build_flavor}'."
|
||||
# Property ro.build.flavor follows those patterns:
|
||||
# - cheets builds:
|
||||
# ro.build.flavor=cheets_${arch}-user(debug)
|
||||
# - SDK builds:
|
||||
# ro.build.flavor=sdk_google_cheets_${arch}-user(debug)
|
||||
# - AOSP builds:
|
||||
# ro.build.flavor=aosp_cheets_${arch}-user(debug)
|
||||
# "cheets" and "SDK" builds both use the same signing keys, cheetskeys. "AOSP"
|
||||
# builds use the public AOSP signing keys.
|
||||
flavor_prop=$(grep -a "^ro\.build\.flavor=" \
|
||||
"${system_mnt}/system/build.prop" | cut -d "=" -f2)
|
||||
|
||||
info "Found build flavor property '${flavor_prop}'."
|
||||
if [[ "${flavor_prop}" == aosp_cheets_* ]]; then
|
||||
keyset="aosp"
|
||||
elif [[ "${flavor_prop}" == cheets_* ||
|
||||
"${flavor_prop}" == sdk_google_cheets_* ]]; then
|
||||
keyset="cheets"
|
||||
else
|
||||
die "Unknown build flavor property '${flavor_prop}'."
|
||||
fi
|
||||
info "Expecting signing keyset '${keyset}'."
|
||||
|
||||
info "Start signing framework apks"
|
||||
|
||||
@@ -120,9 +137,9 @@ sign_framework_apks() {
|
||||
sha1=$(unzip -p "${apk}" META-INF/CERT.RSA | \
|
||||
keytool -printcert | awk '/^\s*SHA1:/ {print $2}')
|
||||
|
||||
if ! keyname=$(choose_key "${sha1}" "${build_flavor}"); then
|
||||
if ! keyname=$(choose_key "${sha1}" "${keyset}"); then
|
||||
die "Failed to choose signing key for APK '${apk}' (SHA1 '${sha1}') in \
|
||||
build flavor '${build_flavor}'."
|
||||
build flavor '${flavor_prop}'."
|
||||
fi
|
||||
if [[ -z "${keyname}" ]]; then
|
||||
continue
|
||||
|
||||
Reference in New Issue
Block a user