replicant-vendor_replicant/prebuilt/common/bin/otasigcheck.sh

#!/sbin/sh

# Validate that the incoming OTA is compatible with an already-installed
# system

grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log
if [ $? -eq 0 ]; then
  echo "Data will be wiped after install; skipping signature check..."
  exit 0
fi

grep -q "Command:.*\"--headless\"" /tmp/recovery.log
if [ $? -eq 0 ]; then
  echo "Headless mode install; skipping signature check..."
  exit 0
fi

if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then
  relkey=$(cat "/tmp/releasekey")
  OLDIFS="$IFS"
  IFS=""
  while read line; do
    if [ "${#line}" -gt 4094 ]; then
      continue
    fi
    params=${line# *<package *}
    if [ "$line" != "$params" ]; then
      kvp=${params%% *}
      params=${params#* }
      while [ "$kvp" != "$params" ]; do
        key=${kvp%%=*}
        val=${kvp#*=}
        vlen=$(( ${#val} - 2 ))
        val=${val:1:$vlen}
        if [ "$key" = "name" ]; then
          package="$val"
        fi
        kvp=${params%% *}
        params=${params#* }
      done
      continue
    fi
    params=${line# *<cert *}
    if [ "$line" != "$params" ]; then
      keyidx=""
      keyval=""
      kvp=${params%% *}
      params=${params#* }
      while [ "$kvp" != "$params" ]; do
        key=${kvp%%=*}
        val=${kvp#*=}
        vlen=$(( ${#val} - 2 ))
        val=${val:1:$vlen}
        if [ "$key" = "index" ]; then
          keyidx="$val"
        fi
        if [ "$key" = "key" ]; then
          keyval="$val"
        fi
        kvp=${params%% *}
        params=${params#* }
      done
      if [ -n "$keyidx" ]; then
        if [ "$package" = "com.android.htmlviewer" ]; then
          cert_idx="$keyidx"
        fi
      fi
      if [ -n "$keyval" ]; then
        eval "key_$keyidx=$keyval"
      fi
      continue
    fi
  done < "/data/system/packages.xml"
  IFS="$OLDIFS"

  # Tools missing? Err on the side of caution and exit cleanly
  if [ -z "$cert_idx" ]; then
    echo "Package cert index not found; skipping signature check..."
    exit 0
  fi

  varname="key_$cert_idx"
  eval "pkgkey=\$$varname"

  if [ "$pkgkey" != "$relkey" ]; then
     echo "You have an installed system that isn't signed with this build's key, aborting..."
     exit 124
  fi
fi

exit 0
ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00			`#!/sbin/sh`

			`# Validate that the incoming OTA is compatible with an already-installed`
			`# system`

otasigcheck: Don't fail a signature check if data will be wiped If the --wipe_data command is being passed to recovery, skip the signature check since the data will be wiped after the update is installed Change-Id: I6641f25abd044110faaf170ab2f7982460e77bcb 2014-09-24 19:46:09 +00:00			`grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log`
			`if [ $? -eq 0 ]; then`
			`echo "Data will be wiped after install; skipping signature check..."`
			`exit 0`
			`fi`

otasigcheck: skip otasigcheck in headless mode We should assume that headless mode is going to handle data wipe as needed. Change-Id: Iea01a061458f5b5ecc881e41ec8ac2200722eeed 2014-11-29 01:39:21 +00:00			`grep -q "Command:.*\"--headless\"" /tmp/recovery.log`
			`if [ $? -eq 0 ]; then`
			`echo "Headless mode install; skipping signature check..."`
			`exit 0`
			`fi`

otasigcheck: Rewrite for CM 13.0 Rewrite the packages.xml parser to be slightly less brittle. Read lines from packages.xml and save off the interesting values, then compare with expected results afterward. This both avoids using grep's -A option, which is not supported in toybox, and allows the script to recognize the cert tag regardless of its position inside the package tag. Change-Id: Idc0006e38f4a3f9d5aec223a8a1571f5c11fe3bb 2015-12-02 21:24:54 +00:00			`if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then`
			`relkey=$(cat "/tmp/releasekey")`
			`OLDIFS="$IFS"`
			`IFS=""`
			`while read line; do`
otasigcheck: Avoid long lines in XML Shells based on busybox, such as found in CM 12.1 recovery and TWRP, do not properly handle pattern based parameter expansion for variables longer than 4kb. This throws our naive little XML parser into an infinite loop. Since all such lines are associated with external app certs, just skip them. Change-Id: I203b65c1ffd62bf3261b3ae315327314a5006952 2015-12-18 22:45:25 +00:00			`if [ "${#line}" -gt 4094 ]; then`
			`continue`
			`fi`
otasigcheck: Rewrite for CM 13.0 Rewrite the packages.xml parser to be slightly less brittle. Read lines from packages.xml and save off the interesting values, then compare with expected results afterward. This both avoids using grep's -A option, which is not supported in toybox, and allows the script to recognize the cert tag regardless of its position inside the package tag. Change-Id: Idc0006e38f4a3f9d5aec223a8a1571f5c11fe3bb 2015-12-02 21:24:54 +00:00			`params=${line# <package }`
			`if [ "$line" != "$params" ]; then`
			`kvp=${params%% *}`
			`params=${params#* }`
			`while [ "$kvp" != "$params" ]; do`
			`key=${kvp%%=*}`
			`val=${kvp#*=}`
			`vlen=$(( ${#val} - 2 ))`
			`val=${val:1:$vlen}`
			`if [ "$key" = "name" ]; then`
			`package="$val"`
			`fi`
			`kvp=${params%% *}`
			`params=${params#* }`
			`done`
			`continue`
			`fi`
			`params=${line# <cert }`
			`if [ "$line" != "$params" ]; then`
			`keyidx=""`
			`keyval=""`
			`kvp=${params%% *}`
			`params=${params#* }`
			`while [ "$kvp" != "$params" ]; do`
			`key=${kvp%%=*}`
			`val=${kvp#*=}`
			`vlen=$(( ${#val} - 2 ))`
			`val=${val:1:$vlen}`
			`if [ "$key" = "index" ]; then`
			`keyidx="$val"`
			`fi`
			`if [ "$key" = "key" ]; then`
			`keyval="$val"`
			`fi`
			`kvp=${params%% *}`
			`params=${params#* }`
			`done`
			`if [ -n "$keyidx" ]; then`
			`if [ "$package" = "com.android.htmlviewer" ]; then`
			`cert_idx="$keyidx"`
			`fi`
			`fi`
			`if [ -n "$keyval" ]; then`
			`eval "key_$keyidx=$keyval"`
			`fi`
			`continue`
			`fi`
			`done < "/data/system/packages.xml"`
			`IFS="$OLDIFS"`
ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00
otasigcheck: Use an explicit exit code for failures Change-Id: I2b5860ea427a4db7e29b55cc632b92c6e2910494 2014-12-01 15:15:15 +00:00			`# Tools missing? Err on the side of caution and exit cleanly`
otasigcheck: Rewrite for CM 13.0 Rewrite the packages.xml parser to be slightly less brittle. Read lines from packages.xml and save off the interesting values, then compare with expected results afterward. This both avoids using grep's -A option, which is not supported in toybox, and allows the script to recognize the cert tag regardless of its position inside the package tag. Change-Id: Idc0006e38f4a3f9d5aec223a8a1571f5c11fe3bb 2015-12-02 21:24:54 +00:00			`if [ -z "$cert_idx" ]; then`
			`echo "Package cert index not found; skipping signature check..."`
			`exit 0`
			`fi`

			`varname="key_$cert_idx"`
			`eval "pkgkey=\$$varname"`
otasigcheck: Use an explicit exit code for failures Change-Id: I2b5860ea427a4db7e29b55cc632b92c6e2910494 2014-12-01 15:15:15 +00:00
otasigcheck: Rewrite for CM 13.0 Rewrite the packages.xml parser to be slightly less brittle. Read lines from packages.xml and save off the interesting values, then compare with expected results afterward. This both avoids using grep's -A option, which is not supported in toybox, and allows the script to recognize the cert tag regardless of its position inside the package tag. Change-Id: Idc0006e38f4a3f9d5aec223a8a1571f5c11fe3bb 2015-12-02 21:24:54 +00:00			`if [ "$pkgkey" != "$relkey" ]; then`
ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00			`echo "You have an installed system that isn't signed with this build's key, aborting..."`
otasigcheck: Use an explicit exit code for failures Change-Id: I2b5860ea427a4db7e29b55cc632b92c6e2910494 2014-12-01 15:15:15 +00:00			`exit 124`
ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00			`fi`
			`fi`

			`exit 0`