diff options
Diffstat (limited to 'scripts/image_signing/sign_android_image.sh')
-rwxr-xr-x | scripts/image_signing/sign_android_image.sh | 55 |
1 files changed, 36 insertions, 19 deletions
diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh index 3bd61686..a205b5ae 100755 --- a/scripts/image_signing/sign_android_image.sh +++ b/scripts/image_signing/sign_android_image.sh @@ -35,18 +35,18 @@ EOF # select key files. choose_key() { local sha1="$1" - local flavor="$2" + local keyset="$2" - if [[ "${flavor}" != "aosp" && "${flavor}" != "cheets" ]]; then - error "Unknown Android build flavor '${flavor}'" + if [[ "${keyset}" != "aosp" && "${keyset}" != "cheets" ]]; then + error "Unknown Android build keyset '${keyset}'" return 1 fi # Fingerprints below are generated by: - # 'cheets' flavor: + # 'cheets' keyset: # $ keytool -file vendor/google/certs/cheetskeys/$NAME.x509.pem -printcert \ # | grep SHA1: - # 'aosp' flavor: + # 'aosp' keyset: # $ keytool -file build/target/product/security/$NAME.x509.pem -printcert \ # | grep SHA1: declare -A platform_sha=( @@ -67,16 +67,16 @@ choose_key() { ) case "${sha1}" in - "${platform_sha["${flavor}"]}") + "${platform_sha["${keyset}"]}") echo "platform" ;; - "${media_sha["${flavor}"]}") + "${media_sha["${keyset}"]}") echo "media" ;; - "${shared_sha["${flavor}"]}") + "${shared_sha["${keyset}"]}") echo "shared" ;; - "${release_sha["${flavor}"]}") + "${release_sha["${keyset}"]}") # The release_sha[] fingerprint is from devkey. Translate to releasekey. echo "releasekey" ;; @@ -94,14 +94,31 @@ choose_key() { sign_framework_apks() { local system_mnt="$1" local key_dir="$2" - local product="" - local build_flavor="" - - product=$(grep -a "^ro\.product\.name=" "${system_mnt}/system/build.prop" | \ - cut -d "=" -f2) - build_flavor=$(echo "${product}" | cut -d "_" -f1) - info "Found product name '${product}'." - info "Detected build flavor '${build_flavor}'." + local flavor_prop="" + local keyset="" + + # Property ro.build.flavor follows those patterns: + # - cheets builds: + # ro.build.flavor=cheets_${arch}-user(debug) + # - SDK builds: + # ro.build.flavor=sdk_google_cheets_${arch}-user(debug) + # - AOSP builds: + # ro.build.flavor=aosp_cheets_${arch}-user(debug) + # "cheets" and "SDK" builds both use the same signing keys, cheetskeys. "AOSP" + # builds use the public AOSP signing keys. + flavor_prop=$(grep -a "^ro\.build\.flavor=" \ + "${system_mnt}/system/build.prop" | cut -d "=" -f2) + + info "Found build flavor property '${flavor_prop}'." + if [[ "${flavor_prop}" == aosp_cheets_* ]]; then + keyset="aosp" + elif [[ "${flavor_prop}" == cheets_* || + "${flavor_prop}" == sdk_google_cheets_* ]]; then + keyset="cheets" + else + die "Unknown build flavor property '${flavor_prop}'." + fi + info "Expecting signing keyset '${keyset}'." info "Start signing framework apks" @@ -120,9 +137,9 @@ sign_framework_apks() { sha1=$(unzip -p "${apk}" META-INF/CERT.RSA | \ keytool -printcert | awk '/^\s*SHA1:/ {print $2}') - if ! keyname=$(choose_key "${sha1}" "${build_flavor}"); then + if ! keyname=$(choose_key "${sha1}" "${keyset}"); then die "Failed to choose signing key for APK '${apk}' (SHA1 '${sha1}') in \ -build flavor '${build_flavor}'." +build flavor '${flavor_prop}'." fi if [[ -z "${keyname}" ]]; then continue |