-
Notifications
You must be signed in to change notification settings - Fork 50
/
signed_from_target_files
executable file
·105 lines (93 loc) · 3.55 KB
/
signed_from_target_files
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/bash
# Bail on any errors
set -e
# Allow job control
set -m
if [ -z "$ANDROID_BUILD_TOP" ]; then
echo "Run lunch first!"
exit 1
fi
while getopts "st:ed:r:o:k:" opt; do
case $opt in
s)
set -x
;;
t)
export TFP=$OPTARG
;;
e)
# Set path and additional signapk options for use with ECSS key sets
export PATH_OPTIONS="--path $ANDROID_BUILD_TOP/out/host/linux-x86/ecss"
export ALTERNATE_SIGNAPK_OPTION="--signapk_path framework/signapk_ecss.jar"
export EXTRA_SIGNAPK_ARGS="-providerClass com.intel.ecss.jce.provider.IntelECSSProvider"
;;
d)
export PROD_KEY_DIR=$OPTARG
export PACKAGE_KEY_OPTION="-k $PROD_KEY_DIR/releasekey"
;;
k)
export ADDITIONAL_KEY_MAPPINGS="$ADDITIONAL_KEY_MAPPINGS --key_mapping $OPTARG"
;;
r)
export RELEASE_NAME=$OPTARG
;;
o)
export OUTPUT_DIR=$OPTARG
;;
\?)
echo "Usage:"
echo
echo " signed_from_target_files -t <path to TFP zipfile> -d <keyset-dir>"
echo " [<optional args>] <build name>"
echo " Process an existing TFP and output a re-signed TFP and full OTA package."
echo
echo "Valid options:"
echo "-s: Show commands being run"
echo "-t <input-TFP-zipfile>: use supplied target-files to create a re-signed TFP"
echo "-e: Setup Intel EDSS signer environment"
echo "-d <keyset-dir>: Directory containing signing certs and private keys for"
echo " signing. Names mapped according to standard AOSP mapping."
echo "-k <src-key>=<dest-key>: Add key mapping for re-signing APKs. May be used"
echo " multiple times as needed."
echo "-r <release-name>: deprecated. default: signed"
echo "-o <output-dir>: Where to place output files. default: same directory as"
echo " input TFP"
exit 1
;;
esac
done
if [[ -z "$TFP" ]]; then
echo "No target files package specified!"
exit 1
fi
if [[ -z "$1" ]]; then
echo "No build name provided!"
exit 1
fi
#${VARIABLE:-default}
export PROD_KEY_DIR=${PROD_KEY_DIR:-device/intel/build/testkeys/production-test}
export ANDROID_PW_FILE=$PROD_KEY_DIR/pwfile
export RELEASE_NAME=${RELEASE_NAME:-signed}
export OUTPUT_DIR=${OUTPUT_DIR:-`dirname $TFP`}
shift $((OPTIND-1))
function sign_tfp {
t1=`mktemp tmp.tfp1.XXXXXXXX`
./build/tools/releasetools/sign_target_files_apks \
--verbose $PATH_OPTIONS $ALTERNATE_SIGNAPK_OPTION \
--extra_signapk_args "$EXTRA_SIGNAPK_ARGS" \
--replace_ota_keys \
--replace_verity_public_key $PROD_KEY_DIR/verity_key \
--replace_verity_private_key $PROD_KEY_DIR/verity \
--default_key_mappings $PROD_KEY_DIR $ADDITIONAL_KEY_MAPPINGS \
$1 $t1
./device/intel/build/releasetools/sign_target_files_efis \
--verbose $PATH_OPTIONS \
--oem-key $PROD_KEY_DIR/verity \
--key-mapping loader.efi=$PROD_KEY_DIR/DB \
$t1 $2
rm $t1
}
mkdir -p $OUTPUT_DIR
sign_tfp $TFP $OUTPUT_DIR/tfp-${1}.zip
./build/tools/releasetools/ota_from_target_files $PATH_OPTIONS $ALTERNATE_SIGNAPK_OPTION --extra_signapk_args "$EXTRA_SIGNAPK_ARGS" $PACKAGE_KEY_OPTION --block --verbose $OUTPUT_DIR/tfp-${1}.zip $OUTPUT_DIR/ota-${1}.zip
echo "All done!"