2016-02-06 10:16:34 +00:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# Copyright (C) 2016 Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
#
|
|
|
|
# resigns your images with your keys and also generates keys for you
|
|
|
|
# puts everything in out/dist
|
|
|
|
# most information taken from here:
|
|
|
|
# https://source.android.com/devices/tech/ota/sign_builds.html
|
|
|
|
|
|
|
|
# final check if recovery has the right key:
|
|
|
|
# java -jar out/host/linux-x86/framework/dumpkey.jar vendor/replicant-security/releasekey.x509.pem
|
|
|
|
# in recovery: adb shell cat /res/keys
|
|
|
|
# both outputs should match
|
|
|
|
# also /system/etc/security/otacerts.zip should only contain your release key
|
|
|
|
|
2016-02-06 17:02:17 +00:00
|
|
|
set -e
|
|
|
|
|
2017-01-26 21:07:23 +00:00
|
|
|
DEVICE=$1
|
2016-02-06 10:16:34 +00:00
|
|
|
BASEDIR=$(pwd)
|
|
|
|
KEY_DIR=$BASEDIR/vendor/replicant-security
|
2017-01-02 20:22:19 +00:00
|
|
|
|
|
|
|
if [ -z ${OUT_DIR_COMMON_BASE+x} ]
|
|
|
|
then
|
|
|
|
OUT_DIR=$BASEDIR/"out"
|
|
|
|
else
|
|
|
|
OUT_DIR=$OUT_DIR_COMMON_BASE/${PWD##*/}
|
|
|
|
fi
|
|
|
|
|
2017-01-26 21:07:23 +00:00
|
|
|
TARGET_DIR=$OUT_DIR/target/product/$DEVICE
|
|
|
|
TARGET_FILES=$TARGET_DIR/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip
|
2017-04-30 17:42:51 +00:00
|
|
|
DIST_OUT_DIR=$OUT_DIR/"dist"/$DEVICE
|
2016-02-06 10:16:34 +00:00
|
|
|
RELEASE=replicant-6.0
|
|
|
|
|
2019-01-30 00:09:14 +00:00
|
|
|
read_var() {
|
|
|
|
local prompt="$1"
|
|
|
|
local var="$2"
|
|
|
|
# Store current value of variable as default.
|
|
|
|
eval "local default=\"\$$var\""
|
|
|
|
|
|
|
|
read -p "$prompt: [$default] " "$var"
|
|
|
|
# Set default value if empty.
|
|
|
|
eval "test -n \"\$$var\"" ||
|
|
|
|
eval "$var='$default'"
|
|
|
|
}
|
|
|
|
|
2016-02-06 10:16:34 +00:00
|
|
|
generate_keys () {
|
2019-01-30 00:09:14 +00:00
|
|
|
local KEY_C="NA"
|
|
|
|
local KEY_ST="unknown"
|
|
|
|
local KEY_L="unknown"
|
|
|
|
local KEY_O="unknown"
|
|
|
|
local KEY_OU="unknown"
|
|
|
|
local KEY_CN="unknown"
|
|
|
|
local KEY_EA="unknown"
|
|
|
|
local SUBJECT
|
2016-02-06 10:16:34 +00:00
|
|
|
|
|
|
|
echo "No keys present. Generating them now."
|
|
|
|
echo
|
|
|
|
echo "You are about to be asked to enter information that will be incorporated"
|
|
|
|
echo "into your certificate requests."
|
|
|
|
echo "What you are about to enter is what is called a Distinguished Name or a DN."
|
|
|
|
echo "There are quite a few fields but you can leave some blank."
|
|
|
|
echo "For some fields there will be a default value."
|
|
|
|
|
2019-01-30 00:09:14 +00:00
|
|
|
read_var "Country Name (2 letter code)" KEY_C
|
|
|
|
read_var "State or Province Name (full name)" KEY_ST
|
|
|
|
read_var "Locality Name (e.g. city)" KEY_L
|
|
|
|
read_var "Organization Name (e.g. company)" KEY_O
|
|
|
|
read_var "Organizational Unit Name (e.g. section)" KEY_OU
|
|
|
|
read_var "Common Name (e.g. your name)" KEY_CN
|
|
|
|
read_var "Email Address" KEY_EA
|
|
|
|
SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
|
2016-02-06 10:16:34 +00:00
|
|
|
|
2019-01-30 00:09:15 +00:00
|
|
|
# Ensure that all keys and certificates are deleted in case of an error during creation,
|
|
|
|
# i.e. either all certificates are in place or none.
|
|
|
|
trap 'rm -rf "$KEY_DIR"' EXIT INT
|
|
|
|
mkdir "$KEY_DIR"
|
|
|
|
for x in releasekey platform shared media; do
|
|
|
|
./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
|
|
|
|
# The return value of 'make_key' cannot be trusted. Check on our own
|
|
|
|
# if key and certificate has been created successfully.
|
|
|
|
test -r "$KEY_DIR/$x.x509.pem"
|
2016-02-06 10:16:34 +00:00
|
|
|
done
|
2019-01-30 00:09:15 +00:00
|
|
|
trap - EXIT INT
|
2016-02-06 10:16:34 +00:00
|
|
|
}
|
|
|
|
|
2017-01-26 21:07:23 +00:00
|
|
|
if [ "$DEVICE" = "" ]
|
|
|
|
then
|
|
|
|
echo "Usage: $0 [DEVICE]"
|
|
|
|
exit 1
|
|
|
|
fi
|
2016-02-06 10:16:34 +00:00
|
|
|
|
2017-01-26 21:07:23 +00:00
|
|
|
if ! [ -d "$TARGET_DIR" ]
|
2016-02-06 10:16:34 +00:00
|
|
|
then
|
2017-01-26 21:07:23 +00:00
|
|
|
echo "The build directory for $DEVICE does not exist."
|
|
|
|
exit 1
|
2016-02-06 10:16:34 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if ! [ -f $TARGET_FILES ]
|
|
|
|
then
|
2017-01-26 21:07:23 +00:00
|
|
|
echo "No files to sign. Make sure the build for $DEVICE completed successfully."
|
2016-02-06 10:16:34 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2017-01-26 21:07:23 +00:00
|
|
|
if ! [ -d "$KEY_DIR" ]
|
|
|
|
then
|
|
|
|
generate_keys
|
|
|
|
fi
|
|
|
|
|
2017-01-02 20:22:19 +00:00
|
|
|
mkdir -p $DIST_OUT_DIR
|
2016-02-06 10:16:34 +00:00
|
|
|
|
|
|
|
# -o option replaces the test keys with the created ones
|
2017-01-26 21:07:23 +00:00
|
|
|
# -p makes sure the script finds signapk.jar
|
2017-06-12 18:25:57 +00:00
|
|
|
if [ "$DEVICE" = "i9100" ] || [ "$DEVICE" = "n7000" ]
|
2017-01-29 18:19:05 +00:00
|
|
|
then
|
2019-01-30 00:09:12 +00:00
|
|
|
echo "Signing target APKs files ..."
|
2017-01-29 18:19:05 +00:00
|
|
|
python $BASEDIR/device/samsung/galaxys2-common/releasetools/galaxys2_sign_target_files_apks \
|
2017-02-15 00:56:01 +00:00
|
|
|
-s device/samsung/galaxys2-common/releasetools/extensions/releasetools.py \
|
2017-01-29 18:19:05 +00:00
|
|
|
-o \
|
|
|
|
-p $OUT_DIR/host/linux-x86 \
|
2019-01-30 00:09:13 +00:00
|
|
|
-d $KEY_DIR \
|
|
|
|
$TARGET_FILES \
|
2017-01-29 18:19:05 +00:00
|
|
|
$DIST_OUT_DIR/signed-target_files-$DEVICE.zip
|
2017-02-15 00:56:01 +00:00
|
|
|
|
2019-01-30 00:09:12 +00:00
|
|
|
echo "Signing target OTAs files ..."
|
2017-02-15 00:56:01 +00:00
|
|
|
python $BASEDIR/build/tools/releasetools/ota_from_target_files \
|
|
|
|
-s device/samsung/galaxys2-common/releasetools/extensions/releasetools.py \
|
|
|
|
-k $KEY_DIR/releasekey \
|
|
|
|
-p $OUT_DIR/host/linux-x86 \
|
|
|
|
$DIST_OUT_DIR/signed-target_files-$DEVICE.zip \
|
|
|
|
$DIST_OUT_DIR/$RELEASE-$DEVICE.zip
|
|
|
|
|
2017-01-29 18:19:05 +00:00
|
|
|
else
|
2019-01-30 00:09:12 +00:00
|
|
|
echo "Signing target APKs files ..."
|
2017-01-29 18:19:05 +00:00
|
|
|
python $BASEDIR/build/tools/releasetools/sign_target_files_apks \
|
|
|
|
-o \
|
|
|
|
-p $OUT_DIR/host/linux-x86 \
|
2019-01-30 00:09:13 +00:00
|
|
|
-d $KEY_DIR \
|
|
|
|
$TARGET_FILES \
|
2017-01-29 18:19:05 +00:00
|
|
|
$DIST_OUT_DIR/signed-target_files-$DEVICE.zip
|
2016-02-06 10:16:34 +00:00
|
|
|
|
2019-01-30 00:09:12 +00:00
|
|
|
echo "Signing target OTAs files ..."
|
2017-02-15 00:56:01 +00:00
|
|
|
python $BASEDIR/build/tools/releasetools/ota_from_target_files \
|
|
|
|
-k $KEY_DIR/releasekey \
|
|
|
|
-p $OUT_DIR/host/linux-x86 \
|
|
|
|
$DIST_OUT_DIR/signed-target_files-$DEVICE.zip \
|
|
|
|
$DIST_OUT_DIR/$RELEASE-$DEVICE.zip
|
|
|
|
fi
|
2016-02-06 10:16:34 +00:00
|
|
|
|
2019-01-30 00:09:12 +00:00
|
|
|
echo "Signing target image files ..."
|
2016-02-06 10:16:34 +00:00
|
|
|
python $BASEDIR/build/tools/releasetools/img_from_target_files \
|
2017-02-15 00:56:01 +00:00
|
|
|
-z \
|
2017-01-26 21:07:23 +00:00
|
|
|
$DIST_OUT_DIR/signed-target_files-$DEVICE.zip \
|
|
|
|
$DIST_OUT_DIR/signed-img-$DEVICE.zip
|
2016-02-06 10:16:34 +00:00
|
|
|
|
|
|
|
# get the recovery from the signed-img.zip
|
2017-01-26 21:07:23 +00:00
|
|
|
unzip -o -j $DIST_OUT_DIR/signed-img-$DEVICE.zip recovery.img -d $DIST_OUT_DIR
|
|
|
|
mv $DIST_OUT_DIR/recovery.img $DIST_OUT_DIR/recovery-$DEVICE.img
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo "Finished successfully. Install zip and recovery:"
|
|
|
|
echo "$DIST_OUT_DIR/$RELEASE-$DEVICE.zip"
|
|
|
|
echo "$DIST_OUT_DIR/recovery-$DEVICE.img"
|