scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
16f1b29e76ebcd72bc9081b982c4afbf1619fc95
OpenCellular/scripts/keygeneration/create_new_android_keys.sh
Victor Hsieh 7573ff7efb Add script to sign Android image 
sign_android_image.sh is the main script that signs the image. It makes
similar changes to an image like the Android official signing tool
(sign_target_files_apks.py) does, but more Chrome OS specific.

TEST=./sign_official_build.sh recovery recovery_image.bin \
         ../../tests/devkeys/ out_img
TEST=Same above but with a recovery image without Android image.
     Android signing was skipping.
TEST=Same above but with a M53 image.  Android signing was skipped.
TEST=Unpack the image and diff the before and after.  Looks correct.
BUG=b:29915721

Change-Id: I0ae5f0ad8d2b05e485d60262558517ea563bf527
Reviewed-on: https://chromium-review.googlesource.com/366794
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
2016-08-15 15:19:52 -07:00

64 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright 2016 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
set -e
usage() {
cat <<EOF
Usage: $0 DIR
Generate Android's 4 framework key pairs at DIR. For detail, please refer to
"Certificates and private keys" and "Manually generating keys" in
https://source.android.com/devices/tech/ota/sign_builds.html.
EOF
if [[ $# -ne 0 ]]; then
echo "ERROR: $*" >&2
exit 1
else
exit 0
fi
}
# Use the same SUBJECT used in Nexus.
SUBJECT='/C=US/ST=California/L=Mountain View/O=Google Inc./OU=Android/CN=Android'
# Generate .pk8 and .x509.pem at the given directory.
make_pair() {
local dir=$1
local name=$2
# Generate RSA key.
openssl genrsa -3 -out "${dir}/temp.pem" 2048
# Create a certificate with the public part of the key.
openssl req -new -x509 -key "${dir}/temp.pem" -out "${dir}/${name}.x509.pem" \
-days 10000 -subj "${SUBJECT}"
# Create a PKCS#8-formatted version of the private key.
openssl pkcs8 -in "${dir}/temp.pem" -topk8 -outform DER \
-out "${dir}/${name}.pk8" -nocrypt
# Best attempt to securely delete the temp.pem file.
shred --remove "${dir}/temp.pem"
}
main() {
if [[ $# -ne 1 ]]; then
usage "Invalid argument."
fi
local dir=$1
make_pair "${dir}" platform
make_pair "${dir}" shared
make_pair "${dir}" media
make_pair "${dir}" releasekey
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink