Merge "Install path support for vendor modules." into ics-factoryrom
diff --git a/core/Makefile b/core/Makefile
index 93dda66..3186bda 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -71,9 +71,9 @@
ifeq ($(TARGET_BUILD_TYPE),debug)
BUILD_VERSION_TAGS += debug
endif
-# Apps are always signed with test keys, and may be re-signed in a post-build
-# step. If that happens, the "test-keys" tag will be removed by that step.
-BUILD_VERSION_TAGS += test-keys
+# Apps are always signed with dev keys, and may be re-signed in a post-build
+# step. If that happens, the "dev-keys" tag will be removed by that step.
+BUILD_VERSION_TAGS += dev-keys
BUILD_VERSION_TAGS := $(subst $(space),$(comma),$(sort $(BUILD_VERSION_TAGS)))
# A human-readable string that descibes this build in detail.
@@ -258,11 +258,11 @@
# -----------------------------------------------------------------
-# The test key is used to sign this package, and as the key required
+# The dev key is used to sign this package, and as the key required
# for future OTA packages installed by this system. Actual product
# deliverables will be re-signed by hand. We expect this file to
# exist with the suffixes ".x509.pem" and ".pk8".
-DEFAULT_KEY_CERT_PAIR := $(SRC_TARGET_DIR)/product/security/testkey
+DEFAULT_KEY_CERT_PAIR := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
# Rules that need to be present for the all targets, even
@@ -649,9 +649,9 @@
endif
# Keys authorized to sign OTA packages this build will accept. The
-# build always uses test-keys for this; release packaging tools will
+# build always uses dev-keys for this; release packaging tools will
# substitute other keys for this one.
-OTA_PUBLIC_KEYS := $(SRC_TARGET_DIR)/product/security/testkey.x509.pem
+OTA_PUBLIC_KEYS := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
# Generate a file containing the keys that will be read by the
# recovery binary.
@@ -1097,6 +1097,7 @@
ifdef INTERNAL_USERIMAGES_SPARSE_EXT_FLAG
$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(zip_root)/META/misc_info.txt
endif
+ $(hide) echo "default_system_dev_certificate=$(DEFAULT_SYSTEM_DEV_CERTIFICATE)" >> $(zip_root)/META/misc_info.txt
ifdef PRODUCT_EXTRA_RECOVERY_KEYS
$(hide) echo "extra_recovery_keys=$(PRODUCT_EXTRA_RECOVERY_KEYS)" >> $(zip_root)/META/misc_info.txt
endif
@@ -1419,7 +1420,7 @@
-v "DLL_EXTENSION=$(HOST_SHLIB_SUFFIX)" \
-o $(PRIVATE_DIR) && \
cp -f $(target_notice_file_txt) \
- $(PRIVATE_DIR)/platforms/android-$(PLATFORM_VERSION)/images/$(TARGET_CPU_ABI)/NOTICE.txt && \
+ $(PRIVATE_DIR)/system-images/android-$(PLATFORM_VERSION)/$(TARGET_CPU_ABI)/NOTICE.txt && \
cp -f $(tools_notice_file_txt) $(PRIVATE_DIR)/tools/NOTICE.txt && \
cp -f $(tools_notice_file_txt) $(PRIVATE_DIR)/platform-tools/NOTICE.txt && \
HOST_OUT_EXECUTABLES=$(HOST_OUT_EXECUTABLES) HOST_OS=$(HOST_OS) \
diff --git a/core/config.mk b/core/config.mk
index c4f08fd..41e60ea 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -288,6 +288,13 @@
APICHECK_CLASSPATH := $(APICHECK_CLASSPATH):$(HOST_OUT_JAVA_LIBRARIES)/jsilver$(COMMON_JAVA_PACKAGE_SUFFIX)
APICHECK_COMMAND := $(APICHECK) -JXmx1024m -J"classpath $(APICHECK_CLASSPATH)"
+# The default key if not set as LOCAL_CERTIFICATE
+ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
+ DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
+else
+ DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
+endif
+
# ###############################################################
# Set up final options.
# ###############################################################
diff --git a/core/package.mk b/core/package.mk
index e79059a..7bc5be4 100644
--- a/core/package.mk
+++ b/core/package.mk
@@ -299,20 +299,20 @@
# Secure release builds will have their packages signed after the fact,
# so it's ok for these private keys to be in the clear.
ifeq ($(LOCAL_CERTIFICATE),)
- LOCAL_CERTIFICATE := testkey
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
endif
ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
# The special value "EXTERNAL" means that we will sign it with the
- # default testkey, apply predexopt, but then expect the final .apk
+ # default devkey, apply predexopt, but then expect the final .apk
# (after dexopting) to be signed by an outside tool.
- LOCAL_CERTIFICATE := testkey
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1
endif
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
- LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE)
+ LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
private_key := $(LOCAL_CERTIFICATE).pk8
certificate := $(LOCAL_CERTIFICATE).x509.pem
diff --git a/core/prebuilt.mk b/core/prebuilt.mk
index 935bce1..8c03341 100644
--- a/core/prebuilt.mk
+++ b/core/prebuilt.mk
@@ -93,7 +93,7 @@
#
# This can be used for packages where we don't have access to the
# keys, but want the package to be predexopt'ed.
- LOCAL_CERTIFICATE := testkey
+ LOCAL_CERTIFICATE := $(DEFAULT_SYSTEM_DEV_CERTIFICATE)
PACKAGES.$(LOCAL_MODULE).EXTERNAL_KEY := 1
endif
ifeq ($(LOCAL_CERTIFICATE),)
@@ -114,7 +114,7 @@
else
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
- LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE)
+ LOCAL_CERTIFICATE := $(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))$(LOCAL_CERTIFICATE)
endif
PACKAGES.$(LOCAL_MODULE).PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
diff --git a/core/product.mk b/core/product.mk
index 2efc446..72cb2f7 100644
--- a/core/product.mk
+++ b/core/product.mk
@@ -82,7 +82,9 @@
PRODUCT_SDK_ADDON_COPY_FILES \
PRODUCT_SDK_ADDON_COPY_MODULES \
PRODUCT_SDK_ADDON_DOC_MODULE \
- PRODUCT_DEFAULT_WIFI_CHANNELS
+ PRODUCT_DEFAULT_WIFI_CHANNELS \
+ PRODUCT_DEFAULT_DEV_CERTIFICATE \
+
define dump-product
$(info ==== $(1) ====)\
@@ -232,6 +234,9 @@
BOARD_INSTALLER_CMDLINE \
+_product_stash_var_list += \
+ DEFAULT_SYSTEM_DEV_CERTIFICATE
+
#
# Stash vaues of the variables in _product_stash_var_list.
# $(1): Renamed prefix
diff --git a/core/product_config.mk b/core/product_config.mk
index 1567f6d..e673d5c 100644
--- a/core/product_config.mk
+++ b/core/product_config.mk
@@ -112,8 +112,8 @@
# The build server wants to do make PRODUCT-dream-installclean
# which really means TARGET_PRODUCT=dream make installclean.
ifneq ($(filter-out $(INTERNAL_VALID_VARIANTS),$(TARGET_BUILD_VARIANT)),)
- MAKECMDGOALS := $(MAKECMDGOALS) $(TARGET_BUILD_VARIANT)
- TARGET_BUILD_VARIANT := eng
+ MAKECMDGOALS := $(MAKECMDGOALS) $(TARGET_BUILD_VARIANT)
+ TARGET_BUILD_VARIANT := eng
default_goal_substitution :=
else
default_goal_substitution := $(DEFAULT_GOAL)
@@ -232,8 +232,8 @@
# Default to medium-density assets.
# (Can be overridden in the device config, e.g.: PRODUCT_AAPT_CONFIG += hdpi)
PRODUCT_AAPT_CONFIG := $(strip \
- $(PRODUCT_AAPT_CONFIG) \
- $(if $(filter %dpi,$(PRODUCT_AAPT_CONFIG)),,mdpi))
+ $(PRODUCT_AAPT_CONFIG) \
+ $(if $(filter %dpi,$(PRODUCT_AAPT_CONFIG)),,mdpi))
# Everyone gets nodpi assets which are density-independent.
PRODUCT_AAPT_CONFIG += nodpi
@@ -241,7 +241,7 @@
# Convert spaces to commas.
comma := ,
PRODUCT_AAPT_CONFIG := \
- $(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG)))
+ $(subst $(space),$(comma),$(strip $(PRODUCT_AAPT_CONFIG)))
PRODUCT_BRAND := $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_BRAND))
@@ -251,7 +251,7 @@
endif
PRODUCT_MANUFACTURER := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_MANUFACTURER))
ifndef PRODUCT_MANUFACTURER
PRODUCT_MANUFACTURER := unknown
endif
@@ -263,7 +263,16 @@
endif
PRODUCT_DEFAULT_WIFI_CHANNELS := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_WIFI_CHANNELS))
+
+PRODUCT_DEFAULT_DEV_CERTIFICATE := \
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_DEV_CERTIFICATE))
+ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
+ifneq (1,$(words $(PRODUCT_DEFAULT_DEV_CERTIFICATE)))
+ $(error PRODUCT_DEFAULT_DEV_CERTIFICATE='$(PRODUCT_DEFAULT_DEV_CERTIFICATE)', \
+ only 1 certificate is allowed.)
+endif
+endif
# A list of words like <source path>:<destination path>. The file at
# the source path should be copied to the destination path when building
@@ -271,26 +280,26 @@
# it should look like, e.g., "system/etc/file.xml". The rules
# for these copy steps are defined in config/Makefile.
PRODUCT_COPY_FILES := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COPY_FILES))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_COPY_FILES))
# The HTML file containing the contributors to the project.
PRODUCT_CONTRIBUTORS_FILE := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CONTRIBUTORS_FILE))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_CONTRIBUTORS_FILE))
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
PRODUCT_PROPERTY_OVERRIDES := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PROPERTY_OVERRIDES))
# A list of property assignments, like "key = value", with zero or more
# whitespace characters on either side of the '='.
# used for adding properties to default.prop
PRODUCT_DEFAULT_PROPERTY_OVERRIDES := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_PROPERTY_OVERRIDES))
# Should we use the default resources or add any product specific overlays
PRODUCT_PACKAGE_OVERLAYS := \
- $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGE_OVERLAYS))
+ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_PACKAGE_OVERLAYS))
DEVICE_PACKAGE_OVERLAYS := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).DEVICE_PACKAGE_OVERLAYS))
@@ -299,8 +308,8 @@
# Add the product-defined properties to the build properties.
ADDITIONAL_BUILD_PROPERTIES := \
- $(ADDITIONAL_BUILD_PROPERTIES) \
- $(PRODUCT_PROPERTY_OVERRIDES)
+ $(ADDITIONAL_BUILD_PROPERTIES) \
+ $(PRODUCT_PROPERTY_OVERRIDES)
# The OTA key(s) specified by the product config, if any. The names
# of these keys are stored in the target-files zip so that post-build
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index f247bca..229ea9c 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -31,5 +31,11 @@
# Set /system/bin/sh to ash, not mksh, to make sure we can switch back.
TARGET_SHELL := ash
+# Enable dex-preoptimization to speed up the first boot sequence
+# of an SDK AVD. Note that this operation only works on Linux for now
+ifeq ($(HOST_OS),linux)
+WITH_DEXPREOPT := true
+endif
+
# Build OpenGLES emulation guest and host libraries
BUILD_EMULATOR_OPENGL := true
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index 84b28ca..1a1bc80 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -21,5 +21,11 @@
# Set /system/bin/sh to ash, not mksh, to make sure we can switch back.
TARGET_SHELL := ash
+# Enable dex-preoptimization to speed up the first boot sequence
+# of an SDK AVD. Note that this operation only works on Linux for now
+ifeq ($(HOST_OS),linux)
+WITH_DEXPREOPT := true
+endif
+
# Build OpenGLES emulation host and guest libraries
BUILD_EMULATOR_OPENGL := true
diff --git a/target/product/core.mk b/target/product/core.mk
index ef34eee..ca5858f 100644
--- a/target/product/core.mk
+++ b/target/product/core.mk
@@ -39,6 +39,7 @@
PackageInstaller \
PicoTts \
SettingsProvider \
+ SharedStorageBackup \
TelephonyProvider \
TtsService \
UserDictionaryProvider \
diff --git a/target/product/generic_no_telephony.mk b/target/product/generic_no_telephony.mk
index 6e052fd..a1cce72 100644
--- a/target/product/generic_no_telephony.mk
+++ b/target/product/generic_no_telephony.mk
@@ -68,6 +68,7 @@
frameworks/base/media/libeffects/data/audio_effects.conf:system/etc/audio_effects.conf
$(call inherit-product-if-exists, frameworks/base/data/fonts/fonts.mk)
+$(call inherit-product-if-exists, external/lohit-fonts/fonts.mk)
$(call inherit-product-if-exists, frameworks/base/data/keyboards/keyboards.mk)
$(call inherit-product, $(SRC_TARGET_DIR)/product/core.mk)
diff --git a/target/product/sdk.mk b/target/product/sdk.mk
index aaef0b9..05aba8d 100644
--- a/target/product/sdk.mk
+++ b/target/product/sdk.mk
@@ -30,7 +30,7 @@
libWnnEngDic \
libWnnJpnDic \
libwnndict \
- Phone \
+ Phone \
PinyinIME \
Protips \
SoftKeyboard \
@@ -61,7 +61,9 @@
jsilver \
librs_jni \
ConnectivityTest \
- GpsLocationTest
+ GpsLocationTest \
+ CalendarProvider \
+ Calendar
# Host tools that are parts of the SDK.
diff --git a/tools/releasetools/check_target_files_signatures b/tools/releasetools/check_target_files_signatures
index 1325ef4..4e83129 100755
--- a/tools/releasetools/check_target_files_signatures
+++ b/tools/releasetools/check_target_files_signatures
@@ -187,7 +187,7 @@
class APK(object):
def __init__(self, full_filename, filename):
self.filename = filename
- self.cert = None
+ self.certs = set()
Push(filename+":")
try:
self.RecordCert(full_filename)
@@ -203,11 +203,10 @@
for info in apk.infolist():
if info.filename.startswith("META-INF/") and \
(info.filename.endswith(".DSA") or info.filename.endswith(".RSA")):
- if pkcs7 is not None:
- AddProblem("multiple certs")
pkcs7 = apk.read(info.filename)
- self.cert = CertFromPKCS7(pkcs7, info.filename)
- ALL_CERTS.Add(self.cert)
+ cert = CertFromPKCS7(pkcs7, info.filename)
+ self.certs.add(cert)
+ ALL_CERTS.Add(cert)
if not pkcs7:
AddProblem("no signature")
finally:
@@ -281,24 +280,19 @@
for uid in sorted(apks_by_uid.keys()):
apks = apks_by_uid[uid]
for apk in apks[1:]:
- if apk.cert != apks[0].cert:
+ if apk.certs != apks[0].certs:
break
else:
- # all the certs are the same; this uid is fine
+ # all packages have the same set of certs; this uid is fine.
continue
- AddProblem("uid %s shared across multiple certs" % (uid,))
+ AddProblem("different cert sets for packages with uid %s" % (uid,))
- print "uid %s is shared by packages with different certs:" % (uid,)
- x = [(i.cert, i.package, i) for i in apks]
- x.sort()
- lastcert = None
- for cert, _, apk in x:
- if cert != lastcert:
- lastcert = cert
- print " %s:" % (ALL_CERTS.Get(cert),)
- print " %-*s [%s]" % (self.max_pkg_len,
- apk.package, apk.filename)
+ print "uid %s is shared by packages with different cert sets:" % (uid,)
+ for apk in apks:
+ print "%-*s [%s]" % (self.max_pkg_len, apk.package, apk.filename)
+ for cert in apk.certs:
+ print " ", ALL_CERTS.Get(cert)
print
def CheckExternalSignatures(self):
@@ -319,7 +313,8 @@
"""Display a table of packages grouped by cert."""
by_cert = {}
for apk in self.apks.itervalues():
- by_cert.setdefault(apk.cert, []).append((apk.package, apk))
+ for cert in apk.certs:
+ by_cert.setdefault(cert, []).append((apk.package, apk))
order = [(-len(v), k) for (k, v) in by_cert.iteritems()]
order.sort()
@@ -352,10 +347,10 @@
for i in all:
if i in self.apks:
if i in other.apks:
- # in both; should have the same cert
- if self.apks[i].cert != other.apks[i].cert:
- by_certpair.setdefault((other.apks[i].cert,
- self.apks[i].cert), []).append(i)
+ # in both; should have at least one cert in common
+ if not (self.apks[i].cert & other.apks[i].cert):
+ by_certpair.setdefault((other.apks[i].certs,
+ self.apks[i].certs), []).append(i)
else:
print "%s [%s]: new APK (not in comparison target_files)" % (
i, self.apks[i].filename)
@@ -368,8 +363,16 @@
AddProblem("some APKs changed certs")
Banner("APK signing differences")
for (old, new), packages in sorted(by_certpair.items()):
- print "was", ALL_CERTS.Get(old)
- print "now", ALL_CERTS.Get(new)
+ for i, o in enumerate(old):
+ if i == 0:
+ print "was", ALL_CERTS.Get(o)
+ else:
+ print " ", ALL_CERTS.Get(o)
+ for i, n in enumerate(new):
+ if i == 0:
+ print "now", ALL_CERTS.Get(n)
+ else:
+ print " ", ALL_CERTS.Get(n)
for i in sorted(packages):
old_fn = other.apks[i].filename
new_fn = self.apks[i].filename
diff --git a/tools/releasetools/ota_from_target_files b/tools/releasetools/ota_from_target_files
index 4264efa..0a27a19 100755
--- a/tools/releasetools/ota_from_target_files
+++ b/tools/releasetools/ota_from_target_files
@@ -24,9 +24,14 @@
-b (--board_config) <file>
Deprecated.
- -k (--package_key) <key>
- Key to use to sign the package (default is
- "build/target/product/security/testkey").
+ -k (--package_key) <key> Key to use to sign the package (default is
+ the value of default_system_dev_certificate from the input
+ target-files's META/misc_info.txt, or
+ "build/target/product/security/testkey" if that value is not
+ specified).
+
+ For incremental OTAs, the default value is based on the source
+ target-file, not the target build.
-i (--incremental_from) <file>
Generate an incremental OTA using the given target-files zip as
@@ -72,7 +77,7 @@
import edify_generator
OPTIONS = common.OPTIONS
-OPTIONS.package_key = "build/target/product/security/testkey"
+OPTIONS.package_key = None
OPTIONS.incremental_source = None
OPTIONS.require_verbatim = set()
OPTIONS.prohibit_verbatim = set(("system/build.prop",))
@@ -794,30 +799,34 @@
OPTIONS.device_specific = os.path.normpath(OPTIONS.device_specific)
print "using device-specific extensions in", OPTIONS.device_specific
- if OPTIONS.package_key:
- temp_zip_file = tempfile.NamedTemporaryFile()
- output_zip = zipfile.ZipFile(temp_zip_file, "w",
- compression=zipfile.ZIP_DEFLATED)
- else:
- output_zip = zipfile.ZipFile(args[1], "w",
- compression=zipfile.ZIP_DEFLATED)
+ temp_zip_file = tempfile.NamedTemporaryFile()
+ output_zip = zipfile.ZipFile(temp_zip_file, "w",
+ compression=zipfile.ZIP_DEFLATED)
if OPTIONS.incremental_source is None:
WriteFullOTAPackage(input_zip, output_zip)
+ if OPTIONS.package_key is None:
+ OPTIONS.package_key = OPTIONS.info_dict.get(
+ "default_system_dev_certificate",
+ "build/target/product/security/testkey")
else:
print "unzipping source target-files..."
OPTIONS.source_tmp, source_zip = common.UnzipTemp(OPTIONS.incremental_source)
OPTIONS.target_info_dict = OPTIONS.info_dict
OPTIONS.source_info_dict = common.LoadInfoDict(source_zip)
+ if OPTIONS.package_key is None:
+ OPTIONS.package_key = OPTIONS.source_info_dict.get(
+ "default_system_dev_certificate",
+ "build/target/product/security/testkey")
if OPTIONS.verbose:
print "--- source info ---"
common.DumpInfoDict(OPTIONS.source_info_dict)
WriteIncrementalOTAPackage(input_zip, source_zip, output_zip)
output_zip.close()
- if OPTIONS.package_key:
- SignOutput(temp_zip_file.name, args[1])
- temp_zip_file.close()
+
+ SignOutput(temp_zip_file.name, args[1])
+ temp_zip_file.close()
common.Cleanup()
diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks
index 5353063..bc88ef8 100755
--- a/tools/releasetools/sign_target_files_apks
+++ b/tools/releasetools/sign_target_files_apks
@@ -36,10 +36,16 @@
-d (--default_key_mappings) <dir>
Set up the following key mappings:
- build/target/product/security/testkey ==> $dir/releasekey
- build/target/product/security/media ==> $dir/media
- build/target/product/security/shared ==> $dir/shared
- build/target/product/security/platform ==> $dir/platform
+ $devkey/devkey ==> $dir/releasekey
+ $devkey/testkey ==> $dir/releasekey
+ $devkey/media ==> $dir/media
+ $devkey/shared ==> $dir/shared
+ $devkey/platform ==> $dir/platform
+
+ where $devkey is the directory part of the value of
+ default_system_dev_certificate from the input target-files's
+ META/misc_info.txt. (Defaulting to "build/target/product/security"
+ if the value is not present in misc_info.
-d and -k options are added to the set of mappings in the order
in which they appear on the command line.
@@ -55,7 +61,7 @@
the last component of the build fingerprint). Prefix each with
'+' or '-' to indicate whether that tag should be added or
removed. Changes are processed in the order they appear.
- Default value is "-test-keys,+release-keys".
+ Default value is "-test-keys,-dev-keys,+release-keys".
"""
@@ -80,7 +86,7 @@
OPTIONS.extra_apks = {}
OPTIONS.key_map = {}
OPTIONS.replace_ota_keys = False
-OPTIONS.tag_changes = ("-test-keys", "+release-keys")
+OPTIONS.tag_changes = ("-test-keys", "-dev-keys", "+release-keys")
def GetApkCerts(tf_zip):
certmap = common.ReadApkCerts(tf_zip)
@@ -198,14 +204,12 @@
return "\n".join(output) + "\n"
-def ReplaceOtaKeys(input_tf_zip, output_tf_zip):
+def ReplaceOtaKeys(input_tf_zip, output_tf_zip, misc_info):
try:
keylist = input_tf_zip.read("META/otakeys.txt").split()
except KeyError:
raise ExternalError("can't read META/otakeys.txt from input")
- misc_info = common.LoadInfoDict(input_tf_zip)
-
extra_recovery_keys = misc_info.get("extra_recovery_keys", None)
if extra_recovery_keys:
extra_recovery_keys = [OPTIONS.key_map.get(k, k) + ".x509.pem"
@@ -227,10 +231,10 @@
print "using:\n ", "\n ".join(mapped_keys)
print "for OTA package verification"
else:
+ devkey = misc_info.get("default_system_dev_certificate",
+ "build/target/product/security/testkey")
mapped_keys.append(
- OPTIONS.key_map.get("build/target/product/security/testkey",
- "build/target/product/security/testkey")
- + ".x509.pem")
+ OPTIONS.key_map.get(devkey, devkey) + ".x509.pem")
print "META/otakeys.txt has no keys; using", mapped_keys[0]
# recovery uses a version of the key that has been slightly
@@ -259,8 +263,28 @@
tempfile.getvalue())
+def BuildKeyMap(misc_info, key_mapping_options):
+ for s, d in key_mapping_options:
+ if s is None: # -d option
+ devkey = misc_info.get("default_system_dev_certificate",
+ "build/target/product/security/testkey")
+ devkeydir = os.path.dirname(devkey)
+
+ OPTIONS.key_map.update({
+ devkeydir + "/testkey": d + "/releasekey",
+ devkeydir + "/devkey": d + "/releasekey",
+ devkeydir + "/media": d + "/media",
+ devkeydir + "/shared": d + "/shared",
+ devkeydir + "/platform": d + "/platform",
+ })
+ else:
+ OPTIONS.key_map[s] = d
+
+
def main(argv):
+ key_mapping_options = []
+
def option_handler(o, a):
if o in ("-e", "--extra_apks"):
names, key = a.split("=")
@@ -268,15 +292,9 @@
for n in names:
OPTIONS.extra_apks[n] = key
elif o in ("-d", "--default_key_mappings"):
- OPTIONS.key_map.update({
- "build/target/product/security/testkey": "%s/releasekey" % (a,),
- "build/target/product/security/media": "%s/media" % (a,),
- "build/target/product/security/shared": "%s/shared" % (a,),
- "build/target/product/security/platform": "%s/platform" % (a,),
- })
+ key_mapping_options.append((None, a))
elif o in ("-k", "--key_mapping"):
- s, d = a.split("=")
- OPTIONS.key_map[s] = d
+ key_mapping_options.append(a.split("=", 1))
elif o in ("-o", "--replace_ota_keys"):
OPTIONS.replace_ota_keys = True
elif o in ("-t", "--tag_changes"):
@@ -307,6 +325,10 @@
input_zip = zipfile.ZipFile(args[0], "r")
output_zip = zipfile.ZipFile(args[1], "w")
+ misc_info = common.LoadInfoDict(input_zip)
+
+ BuildKeyMap(misc_info, key_mapping_options)
+
apk_key_map = GetApkCerts(input_zip)
CheckAllApksSigned(input_zip, apk_key_map)