replicant-vendor_replicant/prebuilt/common/bin/otasigcheck.sh

#!/sbin/sh

# Validate that the incoming OTA is compatible with an already-installed
# system

grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log
if [ $? -eq 0 ]; then
  echo "Data will be wiped after install; skipping signature check..."
  exit 0
fi

if [ -f /data/system/packages.xml -a -f /tmp/releasekey ]; then
  relCert=$(grep -A3 'package name="com.android.htmlviewer"' /data/system/packages.xml  | grep "cert index" | head -n 1 | sed -e 's|.*"\([[:digit:]][[:digit:]]*\)".*|\1|g')

  grep "cert index=\"$relCert\"" /data/system/packages.xml | grep -q `cat /tmp/releasekey`
  if [ $? -ne 0 ]; then
     echo "You have an installed system that isn't signed with this build's key, aborting..."
     # Edify doesn't abort on non-zero executions, so let's trash the key and use sha1sum instead
     echo "INVALID" > /tmp/releasekey
     exit 1
  fi
fi

exit 0
ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00			`#!/sbin/sh`

			`# Validate that the incoming OTA is compatible with an already-installed`
			`# system`

otasigcheck: Don't fail a signature check if data will be wiped If the --wipe_data command is being passed to recovery, skip the signature check since the data will be wiped after the update is installed Change-Id: I6641f25abd044110faaf170ab2f7982460e77bcb 2014-09-24 19:46:09 +00:00			`grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log`
			`if [ $? -eq 0 ]; then`
			`echo "Data will be wiped after install; skipping signature check..."`
			`exit 0`
			`fi`

ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00			`if [ -f /data/system/packages.xml -a -f /tmp/releasekey ]; then`
otasigcheck: Fix the sed statement for multi-digit indices It appears that some versions of sed do not work with the + symbol. Instead of checking for one or more digits, check for a digit, followed by zero or more digits. Change-Id: I064df6a2bac4a634a3684ac1a5289dca1f4ba29c 2014-07-12 01:44:15 +00:00			`relCert=$(grep -A3 'package name="com.android.htmlviewer"' /data/system/packages.xml \| grep "cert index" \| head -n 1 \| sed -e 's\|."\([[:digit:]][[:digit:]]\)".*\|\1\|g')`
ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f 2014-05-09 21:24:12 +00:00
			grep "cert index=\"$relCert\"" /data/system/packages.xml \| grep -q `cat /tmp/releasekey`
			`if [ $? -ne 0 ]; then`
			`echo "You have an installed system that isn't signed with this build's key, aborting..."`
			`# Edify doesn't abort on non-zero executions, so let's trash the key and use sha1sum instead`
			`echo "INVALID" > /tmp/releasekey`
			`exit 1`
			`fi`
			`fi`

			`exit 0`