About key
A. 簽名類型
android的標準簽名key有:
testkey, media, platform, shared
以上的四種,可以在源碼的/build/target/product/security/裡面看到對應的金鑰,其中shared.pk8代表私密金鑰,shared.x509.pem公開金鑰,一定是"成對"出現的。
其中testkey是作為android編譯的時候默認的簽名key,如果系統中的apk的android.mk中沒有設置LOCAL_CERTIFICATE的值,就默認使用testkey。
而如果設置成:
LOCAL_CERTIFICATE := platform
就代表使用platform來簽名,這樣的話這個apk就擁有了和system相同的簽名,因為系統級別的簽名也是使用的platform來簽名,此時使用android:sharedUserId="android.uid.system"才有用!
最後我們需要將testkey置換成releasekey。
B. 製作Release key
subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
mkdir ~/.android-certs
for x in releasekey platform shared media; do \
./development/tools/make_key ~/.android-certs/$x "$subject"; \
done
C ---> Country Name (2 letter code)
ST ---> State or Province Name (full name)
L ---> Locality Name (eg, city)
O ---> Organization Name (eg, company)
OU ---> Organizational Unit Name (eg, section)
CN ---> Common Name (eg, your name or your server’s hostname)
emailAddress ---> Contact email address
另外在使用上面的make_key腳本生成key的過程中會提示輸入password,直接enter,不要密碼!否則build的過程因為多執行緒會build失敗。(後面會介紹強制使用密碼方法)
將生成的key複製到/build/target/product/security/ 底下,testkey可以不留。
僅需一個人產生即可,其他人複製同一份security key使用,避免使用不同簽章而在燒錄過程驗證不過。
C. 修改系統默認簽名key
若LOCAL_CERTIFICATE沒有設定的話,系統預設會直接使用testkey為APK簽章。
修改預設使用的testkey為releasekey
android4.4/build/core/config.mk
修正前:
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
修正後:
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/releasekey
/build/core/makefile
修正前:
ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/target/product/security/testkey)
BUILD_VERSION_TAGS += test-keys
修正後:
ifeq ($(DEFAULT_SYSTEM_DEV_CERTIFICATE),build/target/product/security/releasekey)
BUILD_VERSION_TAGS += release-keys
===================================================================
如果你在產生key的過程有輸入password
build/tools/signapk/SignApk.java 在這隻檔案
private static String readPassword(File keyFile) {
Console console;
char[] pwd;
if((console = System.console()) != null &&
(pwd = console.readPassword("[%s]", "Enter password for " + keyFile)) != null){
return String.valueOf(pwd);
} else {
//return null;
+ return String.valueOf(password);<<加入這段 強制回傳你設置的密碼
}
}
這樣就可以解決build失敗的狀況
-----------------------------------------------------------------------------------------------------------------
build/core/config.mk
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
endif
-----------------------------------------------------------------------------------------------------------------
in your project.mk
PRODUCT_DEFAULT_DEV_CERTIFICATE := \
device/xxx/testkey
===================================================================
How do I change the KEY path and the RSA for DM-verity?
===================================================================
development/tools/make_key verity '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
out/host/linux-x86/bin/generate_verity_key -convert verity.x509.pem verity_key
mv verity_key.pub verity_key
-----------------------------------------------------------------------------------------------------------------
copy build/target/product/verity.mk to project_path/
ifdef PRODUCT_VERITY_SIGNING_KEY
PRODUCT_VERITY_SIGNING_KEY := $(PRODUCT_VERITY_SIGNING_KEY)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/verity
endif
-----------------------------------------------------------------------------------------------------------------
in your project.mk
PRODUCT_VERITY_SIGNING_KEY := \
device/xxx/verity
DISTTOOLS += \
$(HOST_OUT_EXECUTABLES)/generate_verity_key
# setup dm-verity configs.
ifneq ($(BUILD_TARGET_DEVICE),sd)
PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/mmcblkxxx
$(call inherit-product, project_path/verity.mk)
else
PRODUCT_SYSTEM_VERITY_PARTITION := /dev/block/mmcblkxxx
$(call inherit-product, project_path/verity.mk)
endif
-----------------------------------------------------------------------------------------------------------------
key都建立完成後 應該要有
testkey.pk8 testkey.pem
media.pk8 media.pem
platform.pk8 platform.pem
shared.pk8 shared.pem
verity.pk8 verity.pem.
verity_key
共九個檔案
c语言代码示例
回覆刪除c程序获取磁盘状态