Signing Android-x86 builds with release-keys

[Henri Koivuneva]

Hi,

First of all, thank you for this awesome project.

I have one question I've been trying to find an answer for the past year, without success: how to sign Android-x86 builds with release-keys? How do you do it for your official builds?

I've created the keys, set build to user, pointed to them in device.mk, but I still get a dev-keys build. I tried the command sign_target_files_apks but it looks for a zip as it's meant for flashable devices. 

Please help. I need a custom build due to my hardware and personal configurations and this is one step which might help with apps that faint when they smell root or test/dev-keys.

Thank you in advance.

[Michael Goffioul]

What works for me is to define PRODUCT_DEFAULT_DEV_CERTIFICATE in my toplevel .mk file. I point it to a directory containing my key set. This basically makes it use my own keys while building, instead of resigning everything in a post-build step. Obviously, if you change the key, you need to rebuild everything from scratch. Also for this to work, your keys must not be protected by a password.

Michael.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-x86+unsubscribe@googlegroups.com.
To post to this group, send email to andro...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-x86.
For more options, visit https://groups.google.com/d/optout.

[Henri Koivuneva]

Thank you. Yeah, I noticed it must NOT have a password :D the build process didn't like that too much.

Still build_fingerprint.txt, some entries in build.prop + default.prop + selinux_version have dev-keys. I'm not sure if they matter, though... Depends on if the tamper checking mechanisms in the apps check for just the build display ID & tags + fingerprint in build.prop..

I'll do more testing and will report back! Which toplevel .mk do you mean? device.mk or build/core/main.mk or something else?

perjantai 30. kesäkuuta 2017 22.42.35 UTC+3 Michael Goffioul kirjoitti:

What works for me is to define PRODUCT_DEFAULT_DEV_CERTIFICATE in my toplevel .mk file. I point it to a directory containing my key set. This basically makes it use my own keys while building, instead of resigning everything in a post-build step. Obviously, if you change the key, you need to rebuild everything from scratch. Also for this to work, your keys must not be protected by a password.

Michael.

On Fri, Jun 30, 2017 at 3:31 PM, Henri Koivuneva <henri.k...@gmail.com> wrote:

Hi,

First of all, thank you for this awesome project.

I have one question I've been trying to find an answer for the past year, without success: how to sign Android-x86 builds with release-keys? How do you do it for your official builds?

I've created the keys, set build to user, pointed to them in device.mk - private - private, but I still get a dev-keys build. I tried the command sign_target_files_apks but it looks for a zip as it's meant for flashable devices. 

Please help. I need a custom build due to my hardware and personal configurations and this is one step which might help with apps that faint when they smell root or test/dev-keys.

Thank you in advance.

--
You received this message because you are subscribed to the Google Groups "Android-x86" group.

To unsubscribe from this group and stop receiving emails from it, send an email to android-x86...@googlegroups.com.

[Michael Goffioul]

I was mainly interested in getting the framework signed with my own key. Indeed various properties still reference dev keys, this hasn't been a problem for me so far. To change that, you'll have to dive into the files build/core/*.mk and see how you can override those props.

Michael.

To unsubscribe from this group and stop receiving emails from it, send an email to android-x86+unsubscribe@googlegroups.com.