diff options
| author | Victor Hsieh <victorhsieh@chromium.org> | 2018-04-03 10:09:51 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-04-23 13:07:25 -0700 |
| commit | 392211f0358919d510179ad399d8f056180e652e (patch) | |
| tree | 3326672902a056c1b70520574aa14724a550dfdd | |
| parent | cbfb60ff478c6efd77a00b9d871045261e8dde17 (diff) | |
| download | vboot-392211f0358919d510179ad399d8f056180e652e.tar.gz | |
Update Android signing to support signature scheme v2
Signature Scheme V2 was introduced in N.
TEST=(prepare)
1. Produce A.img by running the original sign_android_image.sh on a
test image.
2. Produce B.img by running the new sign_android_image.sh on the
same image.
TEST=Check Settings.apk with apksigner. Saw only v1 signature exists
with A.img, and only v2 exists with B.img, as expected.
Certificates on both APKs have the same fingerprint.
TEST=Login with A to create a new /data state, then login with B.
Platform apps still run. No signature error in logcat.
BRANCH=none
BUG=b:67942659
Change-Id: Ibabc399563bfdc92836856a377997405cc660483
Reviewed-on: https://chromium-review.googlesource.com/993153
Commit-Ready: Victor Hsieh <victorhsieh@chromium.org>
Tested-by: Victor Hsieh <victorhsieh@chromium.org>
Reviewed-by: Bernie Thompson <bhthompson@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_android_image.sh | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh index c8238704..4bd31056 100755 --- a/scripts/image_signing/sign_android_image.sh +++ b/scripts/image_signing/sign_android_image.sh @@ -82,19 +82,21 @@ build flavor '${flavor_prop}'." local temp_dir="$(make_temp_dir)" local temp_apk="${temp_dir}/temp.apk" local signed_apk="${temp_dir}/signed.apk" - local aligned_apk="${temp_dir}/aligned.apk" # Follow the standard manual signing process. See # https://developer.android.com/studio/publish/app-signing.html. cp -a "${apk}" "${temp_apk}" # Explicitly remove existing signature. zip -q "${temp_apk}" -d "META-INF/*" + + # Signapk now creates signature of APK Signature Scheme v2. No further APK + # changes should happen afterward. Also note that signapk now takes care of + # zipalign. signapk "${key_dir}/$keyname.x509.pem" "${key_dir}/$keyname.pk8" \ "${temp_apk}" "${signed_apk}" > /dev/null - zipalign 4 "${signed_apk}" "${aligned_apk}" # Copy the content instead of mv to avoid owner/mode changes. - sudo cp "${aligned_apk}" "${apk}" && rm -f "${aligned_apk}" + sudo cp "${signed_apk}" "${apk}" && rm -f "${signed_apk}" # Set timestamp rounded to second since squash file system has resolution # in seconds. Required in order for the packages cache generator output is |