You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

176 lines
5.6 KiB

  1. #!/bin/sh
  2. #
  3. # Copyright (C) 2016 Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. #
  18. # resigns your images with your keys and also generates keys for you
  19. # puts everything in out/dist
  20. # most information taken from here:
  21. # https://source.android.com/devices/tech/ota/sign_builds.html
  22. # final check if recovery has the right key:
  23. # java -jar out/host/linux-x86/framework/dumpkey.jar vendor/replicant-security/releasekey.x509.pem
  24. # in recovery: adb shell cat /res/keys
  25. # both outputs should match
  26. # also /system/etc/security/otacerts.zip should only contain your release key
  27. set -e
  28. DEVICE=$1
  29. BASEDIR=$(pwd)
  30. KEY_DIR=$BASEDIR/vendor/replicant-security
  31. if [ -z ${OUT_DIR_COMMON_BASE+x} ]
  32. then
  33. OUT_DIR=$BASEDIR/"out"
  34. else
  35. OUT_DIR=$OUT_DIR_COMMON_BASE/${PWD##*/}
  36. fi
  37. TARGET_DIR=$OUT_DIR/target/product/$DEVICE
  38. TARGET_FILES=$TARGET_DIR/obj/PACKAGING/target_files_intermediates/*-target_files-*.zip
  39. DIST_OUT_DIR=$OUT_DIR/"dist"/$DEVICE
  40. RELEASE=replicant-6.0
  41. read_var() {
  42. local prompt="$1"
  43. local var="$2"
  44. # Store current value of variable as default.
  45. eval "local default=\"\$$var\""
  46. read -p "$prompt: [$default] " "$var"
  47. # Set default value if empty.
  48. eval "test -n \"\$$var\"" ||
  49. eval "$var='$default'"
  50. }
  51. generate_keys () {
  52. local KEY_C="NA"
  53. local KEY_ST="unknown"
  54. local KEY_L="unknown"
  55. local KEY_O="unknown"
  56. local KEY_OU="unknown"
  57. local KEY_CN="unknown"
  58. local KEY_EA="unknown"
  59. local SUBJECT
  60. echo "No keys present. Generating them now."
  61. echo
  62. echo "You are about to be asked to enter information that will be incorporated"
  63. echo "into your certificate requests."
  64. echo "What you are about to enter is what is called a Distinguished Name or a DN."
  65. echo "There are quite a few fields but you can leave some blank."
  66. echo "For some fields there will be a default value."
  67. read_var "Country Name (2 letter code)" KEY_C
  68. read_var "State or Province Name (full name)" KEY_ST
  69. read_var "Locality Name (e.g. city)" KEY_L
  70. read_var "Organization Name (e.g. company)" KEY_O
  71. read_var "Organizational Unit Name (e.g. section)" KEY_OU
  72. read_var "Common Name (e.g. your name)" KEY_CN
  73. read_var "Email Address" KEY_EA
  74. SUBJECT="/C=$KEY_C/ST=$KEY_ST/L=$KEY_L/O=$KEY_O/OU=$KEY_OU/CN=$KEY_CN/emailAddress=$KEY_EA"
  75. # Ensure that all keys and certificates are deleted in case of an error during creation,
  76. # i.e. either all certificates are in place or none.
  77. trap 'rm -rf "$KEY_DIR"' EXIT INT
  78. mkdir "$KEY_DIR"
  79. for x in releasekey platform shared media; do
  80. ./development/tools/make_key "$KEY_DIR/$x" "$SUBJECT" || true
  81. # The return value of 'make_key' cannot be trusted. Check on our own
  82. # if key and certificate has been created successfully.
  83. test -r "$KEY_DIR/$x.x509.pem"
  84. done
  85. trap - EXIT INT
  86. }
  87. if [ "$DEVICE" = "" ]
  88. then
  89. echo "Usage: $0 [DEVICE]"
  90. exit 1
  91. fi
  92. if ! [ -d "$TARGET_DIR" ]
  93. then
  94. echo "The build directory for $DEVICE does not exist."
  95. exit 1
  96. fi
  97. if ! [ -f $TARGET_FILES ]
  98. then
  99. echo "No files to sign. Make sure the build for $DEVICE completed successfully."
  100. exit 1
  101. fi
  102. if ! [ -d "$KEY_DIR" ]
  103. then
  104. generate_keys
  105. fi
  106. mkdir -p $DIST_OUT_DIR
  107. # -o option replaces the test keys with the created ones
  108. # -p makes sure the script finds signapk.jar
  109. if [ "$DEVICE" = "i9100" ] || [ "$DEVICE" = "n7000" ]
  110. then
  111. echo "Signing target APKs files ..."
  112. python $BASEDIR/device/samsung/galaxys2-common/releasetools/galaxys2_sign_target_files_apks \
  113. -s device/samsung/galaxys2-common/releasetools/extensions/releasetools.py \
  114. -o \
  115. -p $OUT_DIR/host/linux-x86 \
  116. -d $KEY_DIR \
  117. $TARGET_FILES \
  118. $DIST_OUT_DIR/signed-target_files-$DEVICE.zip
  119. echo "Signing target OTAs files ..."
  120. python $BASEDIR/build/tools/releasetools/ota_from_target_files \
  121. -s device/samsung/galaxys2-common/releasetools/extensions/releasetools.py \
  122. -k $KEY_DIR/releasekey \
  123. -p $OUT_DIR/host/linux-x86 \
  124. $DIST_OUT_DIR/signed-target_files-$DEVICE.zip \
  125. $DIST_OUT_DIR/$RELEASE-$DEVICE.zip
  126. else
  127. echo "Signing target APKs files ..."
  128. python $BASEDIR/build/tools/releasetools/sign_target_files_apks \
  129. -o \
  130. -p $OUT_DIR/host/linux-x86 \
  131. -d $KEY_DIR \
  132. $TARGET_FILES \
  133. $DIST_OUT_DIR/signed-target_files-$DEVICE.zip
  134. echo "Signing target OTAs files ..."
  135. python $BASEDIR/build/tools/releasetools/ota_from_target_files \
  136. -k $KEY_DIR/releasekey \
  137. -p $OUT_DIR/host/linux-x86 \
  138. $DIST_OUT_DIR/signed-target_files-$DEVICE.zip \
  139. $DIST_OUT_DIR/$RELEASE-$DEVICE.zip
  140. fi
  141. echo "Signing target image files ..."
  142. python $BASEDIR/build/tools/releasetools/img_from_target_files \
  143. -z \
  144. $DIST_OUT_DIR/signed-target_files-$DEVICE.zip \
  145. $DIST_OUT_DIR/signed-img-$DEVICE.zip
  146. # get the recovery from the signed-img.zip
  147. unzip -o -j $DIST_OUT_DIR/signed-img-$DEVICE.zip recovery.img -d $DIST_OUT_DIR
  148. mv $DIST_OUT_DIR/recovery.img $DIST_OUT_DIR/recovery-$DEVICE.img
  149. echo
  150. echo "Finished successfully. Install zip and recovery:"
  151. echo "$DIST_OUT_DIR/$RELEASE-$DEVICE.zip"
  152. echo "$DIST_OUT_DIR/recovery-$DEVICE.img"