Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / 4986e81160bb0d59e109405f2d6ada11b00f55df^! / . / target
commit4986e81160bb0d59e109405f2d6ada11b00f55df[log] [tgz]
authorTao Bao <tbao@google.com>Thu Apr 18 18:37:32 2019 -0700
committerTao Bao <tbao@google.com>Fri Apr 19 21:20:09 2019 +0000
tree24c0c29473396d003b590c98de57f6406c4ac779
parent15765d2a69d6a507b0bedbbac87eb48947573225 [diff]
Build otacerts as a module.

Bug: 30414428
Test: `m -j dist` with aosp_taimen-userdebug. Check
      /system/etc/security/otacerts.zip available under system and
      recovery images.
Change-Id: I5abeb2da441fb3e3231e094063c2383eb3807852
(cherry picked from commit b7936f3d2e16bcad36dcbfc72123381726dbc3c5)

diff --git a/target/product/base_system.mk b/target/product/base_system.mk
index fb34725..38bbd25 100644
--- a/target/product/base_system.mk
+++ b/target/product/base_system.mk

@@ -214,6 +214,7 @@
     netd \
     NetworkStack \
     org.apache.http.legacy \
+    otacerts \
     PackageInstaller \
     perfetto \
     PermissionController \

diff --git a/target/product/base_vendor.mk b/target/product/base_vendor.mk
index 584327c..c27407a 100644
--- a/target/product/base_vendor.mk
+++ b/target/product/base_vendor.mk

@@ -23,6 +23,7 @@
     init_second_stage.recovery \
     ld.config.recovery.txt \
     linker.recovery \
+    otacerts.recovery \
     recovery \
     shell_and_utilities_recovery \
     watchdogd.recovery \

diff --git a/target/product/security/Android.mk b/target/product/security/Android.mk
index 4142ea9..1d695ae 100644
--- a/target/product/security/Android.mk
+++ b/target/product/security/Android.mk

@@ -23,3 +23,40 @@
     include $(BUILD_PREBUILT)
   endif
 endif
+
+
+#######################################
+# otacerts: A keystore with the authorized keys in it, which is used to verify the authenticity of
+# downloaded OTA packages.
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := otacerts
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_STEM := otacerts.zip
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security
+include $(BUILD_SYSTEM)/base_rules.mk
+$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+	$(SOONG_ZIP) -o $@ -j -f $(PRIVATE_CERT)
+
+
+#######################################
+# otacerts for recovery image.
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := otacerts.recovery
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_STEM := otacerts.zip
+LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security
+include $(BUILD_SYSTEM)/base_rules.mk
+
+extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem
+$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys)
+$(LOCAL_BUILT_MODULE): \
+	    $(SOONG_ZIP) \
+	    $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \
+	    $(extra_recovery_keys)
+	$(SOONG_ZIP) -o $@ -j \
+	    $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file))