[Replicant] [build] [PATCH] Recovery: Remove check for matching application signatures with their data

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Sun Aug 23 15:16:54 UTC 2020


The applications built from Replicant are signed with a key that is
generated during the build procedure. The issue is that this key tends
to change over time, and without the same keys, on a Galaxy SIII (GT-I9300)
the upgrade fail with the following message:
    detected filesystem ext4 for /dev/block/mmcblk0p12
    Can't install this package on top of incompatible data. Ple
    se try another package or run a factory test
    E:Failed to install /sideload/package.zip
    E:Please take note of all the above lines for reports.

In addition, the otasigcheck.sh script has already been removed in
LineageOS 17.1 by the following commit in vendor/lineage:
    commit 95621f3c73b94a87ca4528748535bb114ae1613f
    Author: Michael Bestas <mkbestas at lineageos.org>
    Date:   Sat Aug 4 17:46:35 2018 +0300

        Revert "ota: Validate any installed data's signature against our own"

        * otasigcheck doesn't work on encrypted devices and makes
          the zip installation fail since oreo.
        * The build part of this was never ported to oreo.

        This reverts commit aff5e54c4ef5fec7e67e830f83ee64424005d07c.

        Change-Id: I411f33c1db64844091c1692ef4706ae541925d4f

So the side effects if any should probably be minor.
---
 tools/releasetools/edify_generator.py       | 5 -----
 tools/releasetools/ota_from_target_files.py | 9 ---------
 2 files changed, 14 deletions(-)

diff --git a/tools/releasetools/edify_generator.py b/tools/releasetools/edify_generator.py
index 8ecc55127..b5a0cb085 100644
--- a/tools/releasetools/edify_generator.py
+++ b/tools/releasetools/edify_generator.py
@@ -150,11 +150,6 @@ class EdifyGenerator(object):
   def RunBackup(self, command):
     self.script.append(('run_program("/tmp/install/bin/backuptool.sh", "%s");' % command))
 
-  def ValidateSignatures(self, command):
-    self.script.append('package_extract_file("META-INF/org/replicant/releasekey", "/tmp/releasekey");')
-    # Exit code 124 == abort. run_program returns raw, so left-shift 8bit
-    self.script.append('run_program("/tmp/install/bin/otasigcheck.sh") != "31744" || abort("Can\'t install this package on top of incompatible data. Please try another package or run a factory reset");')
-
   def ShowProgress(self, frac, dur):
     """Update the progress bar, advancing it over 'frac' over the next
     'dur' seconds.  'dur' may be zero to advance it via SetProgress
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index dbc416648..925fe878f 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -637,15 +637,6 @@ else if get_stage("%(bcb_dev)s") == "3/3" then
   if HasVendorPartition(input_zip):
     system_progress -= 0.1
 
-  if not OPTIONS.wipe_user_data:
-    script.AppendExtra("if is_mounted(\"/data\") then")
-    script.ValidateSignatures("data")
-    script.AppendExtra("else")
-    script.Mount("/data")
-    script.ValidateSignatures("data")
-    script.Unmount("/data")
-    script.AppendExtra("endif;")
-
   if "selinux_fc" in OPTIONS.info_dict:
     WritePolicyConfig(OPTIONS.info_dict["selinux_fc"], output_zip)
 
-- 
2.28.0



More information about the Replicant mailing list