[Replicant] [build] [PATCH] Recovery: Remove check for matching application signatures with their data
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Sun Aug 23 15:16:54 UTC 2020
The applications built from Replicant are signed with a key that is
generated during the build procedure. The issue is that this key tends
to change over time, and without the same keys, on a Galaxy SIII (GT-I9300)
the upgrade fail with the following message:
detected filesystem ext4 for /dev/block/mmcblk0p12
Can't install this package on top of incompatible data. Ple
se try another package or run a factory test
E:Failed to install /sideload/package.zip
E:Please take note of all the above lines for reports.
In addition, the otasigcheck.sh script has already been removed in
LineageOS 17.1 by the following commit in vendor/lineage:
commit 95621f3c73b94a87ca4528748535bb114ae1613f
Author: Michael Bestas <mkbestas at lineageos.org>
Date: Sat Aug 4 17:46:35 2018 +0300
Revert "ota: Validate any installed data's signature against our own"
* otasigcheck doesn't work on encrypted devices and makes
the zip installation fail since oreo.
* The build part of this was never ported to oreo.
This reverts commit aff5e54c4ef5fec7e67e830f83ee64424005d07c.
Change-Id: I411f33c1db64844091c1692ef4706ae541925d4f
So the side effects if any should probably be minor.
---
tools/releasetools/edify_generator.py | 5 -----
tools/releasetools/ota_from_target_files.py | 9 ---------
2 files changed, 14 deletions(-)
diff --git a/tools/releasetools/edify_generator.py b/tools/releasetools/edify_generator.py
index 8ecc55127..b5a0cb085 100644
--- a/tools/releasetools/edify_generator.py
+++ b/tools/releasetools/edify_generator.py
@@ -150,11 +150,6 @@ class EdifyGenerator(object):
def RunBackup(self, command):
self.script.append(('run_program("/tmp/install/bin/backuptool.sh", "%s");' % command))
- def ValidateSignatures(self, command):
- self.script.append('package_extract_file("META-INF/org/replicant/releasekey", "/tmp/releasekey");')
- # Exit code 124 == abort. run_program returns raw, so left-shift 8bit
- self.script.append('run_program("/tmp/install/bin/otasigcheck.sh") != "31744" || abort("Can\'t install this package on top of incompatible data. Please try another package or run a factory reset");')
-
def ShowProgress(self, frac, dur):
"""Update the progress bar, advancing it over 'frac' over the next
'dur' seconds. 'dur' may be zero to advance it via SetProgress
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index dbc416648..925fe878f 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -637,15 +637,6 @@ else if get_stage("%(bcb_dev)s") == "3/3" then
if HasVendorPartition(input_zip):
system_progress -= 0.1
- if not OPTIONS.wipe_user_data:
- script.AppendExtra("if is_mounted(\"/data\") then")
- script.ValidateSignatures("data")
- script.AppendExtra("else")
- script.Mount("/data")
- script.ValidateSignatures("data")
- script.Unmount("/data")
- script.AppendExtra("endif;")
-
if "selinux_fc" in OPTIONS.info_dict:
WritePolicyConfig(OPTIONS.info_dict["selinux_fc"], output_zip)
--
2.28.0
More information about the Replicant
mailing list