[DESCRIPTION]
在L上,CTS有个测试项testPackageSignatures ,该测试项会使用google default key里check
是否使用的是google default key,如果是,则会test fail。
因此要使用和google default不一样的key。release key不仅可以满足CTS request,还可以满足工信部CATR TAF spec。
[SOLUTION]
1,Genernate the release key
–development/tools/make_key releasekey '/C=CN/ST=BeiJing/L=HaiDian/O=MediaTek/OU=WCD/CN=demo/emailAddress=demo@mediatek.com'
2, Genernate the platform /media/shared key,the method as follows:
Generate platform keys:
development/tools/make_key platform '/C=CN/ST=BeiJing/L=HaiDian/O=MediaTek/OU=WCD/CN=demo/emailAddress=demo@mediatek.com'
Generate media keys
development/tools/make_key media '/C=CN/ST=BeiJing/L=HaiDian/O=MediaTek/OU=WCD/CN=demo/emailAddress=demo@mediatek.com'
Generate shared keys
development/tools/make_key shared '/C=CN/ST=BeiJing/L=HaiDian/O=MediaTek/OU=WCD/CN=demo/emailAddress=demo@mediatek.com'
3, get the test key from build/target/product/security/
4, Move testkey.pk8, testkey.x509.pem,releasekey.pk8, releasekey.x509.pem, media.pk8, media.x509.pem, platform.pk8, platform.x509.pem, shared.pk8 and shared.x509.pem to device/mediatek/common/security/${Project}
5, Set MTK_SIGNATURE_CUSTOMIZATION = yes and MTK_INTERNAL = no in the ProjectConfig.mk.
6, Start a normal build, and the binary-released APK will be signed automatically.
Tips:修改系统默认签名key
在上面提到如果apk中的编译选项LOCAL_CERTIFICATE没有设置的话,就会使用默认的testkey作为签名key,我们可以修改成自己想要的key,按照上面的步骤制作一个releasekey
在主makefile文件里面:
# The "test-keys" tag marks builds signed with the old test keys,
# which are available in the SDK. "dev-keys" marks builds signed with
# non-default dev keys (usually private keys from a vendor directory).
# Both of these tags will be removed and replaced with "release-keys"
# when the target-files is signed in a post-build step.
ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/target/product/security/testkey)
BUILD_KEYS := test-keys
else
BUILD_KEYS := dev-keys
endif
于是查看DEFAULT_SYSTEM_DEV_CERTIFICATE定义,在/build/core/config.mk中查看:
# The default key if not set as LOCAL_CERTIFICATE
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
endif
于是查看PRODUCT_DEFAULT_DEV_CERTIFICATE定义,在device/mediatek/common/device.mk中查看:
7.1代码如下:
# To specify customer's releasekey
ifeq ($(MTK_INTERNAL),yes)
PRODUCT_DEFAULT_DEV_CERTIFICATE := device/mediatek/common/security/releasekey
else
ifeq ($(MTK_SIGNATURE_CUSTOMIZATION),yes)
ifeq ($(wildcard device/mediatek/common/security/$(strip $(MTK_TARGET_PROJECT))),)
$(error Please create device/mediatek/common/security/$(strip $(MTK_TARGET_PROJECT))/ and put your releasekey there!!)
else
PRODUCT_DEFAULT_DEV_CERTIFICATE := device/mediatek/common/security/$(strip $(MTK_TARGET_PROJECT))/releasekey
endif
else
# Not specify PRODUCT_DEFAULT_DEV_CERTIFICATE and the default testkey will be used.
endif
endif
9.0代码如下:(需修改,添加红色common修改,ProjectConfig.mk已经不需要MTK_INTERNAL = no)
# To specify customer's releasekey
ifneq ($(wildcard $(strip $(MTK_TARGET_PROJECT_FOLDER))/security),)
PRODUCT_DEFAULT_DEV_CERTIFICATE := $(strip $(MTK_TARGET_PROJECT_FOLDER))/security/releasekey
else ifneq ($(wildcard device/mediatek/security),)
PRODUCT_DEFAULT_DEV_CERTIFICATE := device/mediatek/security/releasekey
else
ifeq ($(MTK_SIGNATURE_CUSTOMIZATION),yes)
ifeq ($(wildcard device/mediatek/common/security/$(strip $(MTK_TARGET_PROJECT))),)
$(error Please create device/mediatek/common/security/$(strip $(MTK_TARGET_PROJECT))/ and put your releasekey there!!)
else
PRODUCT_DEFAULT_DEV_CERTIFICATE := device/mediatek/common/security/$(strip $(MTK_TARGET_PROJECT))/releasekey
endif
else
# Not specify PRODUCT_DEFAULT_DEV_CERTIFICATE and the default testkey will be used.
endif
endif
于是在主makefile文件里面修改:
ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/target/product/security/testkey)
BUILD_KEYS := test-keys
else
BUILD_KEYS := release-keys
endif
这样的话默认的所有签名将会使用releasekey。