Application signing keys when doing OEM platform build
1,233 views
Skip to first unread message
Subodh Nijsure
Nov 9, 2013, 2:28:44 PM11/9/13
to android-...@googlegroups.com
[ Is there a mailing list related to OEM build ? ]
I am building ROM for a dedicated hardware platform which runs
Android. On this platform we run our applications and also we will
allow some third party partner applications to be installed (not via
google play).
I have signed applications before using the company keys etc. But I am
struggling to find location where I should copy these keys so all APKs
on our platforms are signed by company keys during the ASOP build
process?
I don't want to do kludge like find all apks and resign them post
build before system.img is packaged etc.
Also if I want our ROM to contain public keys for our partners where
should those keys be copied so they show up in the rom at proper
place.
-Subodh
I am building ROM for a dedicated hardware platform which runs
Android. On this platform we run our applications and also we will
allow some third party partner applications to be installed (not via
google play).
I have signed applications before using the company keys etc. But I am
struggling to find location where I should copy these keys so all APKs
on our platforms are signed by company keys during the ASOP build
process?
I don't want to do kludge like find all apks and resign them post
build before system.img is packaged etc.
Also if I want our ROM to contain public keys for our partners where
should those keys be copied so they show up in the rom at proper
place.
-Subodh
dmitriy moskvitin
Nov 10, 2013, 8:37:20 AM11/10/13
to android-...@googlegroups.com
https://android.googlesource.com/platform/build/+/android-4.2.1_r1.1/core/Makefile
Check for DEFAULT_SYSTEM_DEV_CERTIFICATE value.
Check for DEFAULT_SYSTEM_DEV_CERTIFICATE value.
Glenn Kasten
Nov 10, 2013, 11:47:52 AM11/10/13
to android-...@googlegroups.com
Two lists for OEMs are android-porting and android-compatibility.
android-building is also helpful if you start from an AOSP-supported build target.
shridutt kothari
Nov 11, 2013, 4:57:56 AM11/11/13
to android-...@googlegroups.com
Hi Subodh,
On Sunday, November 10, 2013 12:58:44 AM UTC+5:30, Subodh Nijsure wrote:
[ Is there a mailing list related to OEM build ? ]
I am building ROM for a dedicated hardware platform which runs
Android. On this platform we run our applications and also we will
allow some third party partner applications to be installed (not via
google play).
I have signed applications before using the company keys etc. But I am
struggling to find location where I should copy these keys so all APKs
on our platforms are signed by company keys during the ASOP build
process?
see /build/target/product/security/README and create / replace your keys with AOSP keys at "/build/target/product/security/"
I don't want to do kludge like find all apks and resign them post
build before system.img is packaged etc.
And thus your all apps will be signed by appropriate keys at the time of AOSP build process.
Also if I want our ROM to contain public keys for our partners where
should those keys be copied so they show up in the rom at proper
place.
keeping your keys in "/build/target/product/security/" will make it copied in ROM, as it is automatically done by some script probably /build/core/Makefile.
there is some code like this:
$(RECOVERY_INSTALL_OTA_KEYS): extra_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS))$(RECOVERY_INSTALL_OTA_KEYS): $(OTA_PUBLIC_KEYS) $(DUMPKEY_JAR) $(extra_keys)@echo "DumpPublicKey: $@ <= $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys)"java -jar $(DUMPKEY_JAR) $(PRIVATE_OTA_PUBLIC_KEYS) $(extra_keys) > $@
which performs that.
-Subodh
Thanks,
Shridutt Kothari
Impetus Infotech Ltd
Reply all
Reply to author
Forward
0 new messages