[Replicant] [vendor_replicant] [PATCH v3 4/4] Recovery: delete otasigcheck.sh

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Fri Oct 2 13:50:52 UTC 2020


The calls to otasigcheck.sh have already been removed in the build
repository with the following commit:
    57b200aeb4af062d2c7714de34fafe9b5d6e201c
    57b200aeb Recovery: Remove check for matching application signatures with their data

So it is not needed anymore. Removing otasigcheck.sh also makes sure that
it's not possible to call it anymore.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org>
---
 config/common.mk                   |  4 --
 prebuilt/common/bin/otasigcheck.sh | 91 ------------------------------
 2 files changed, 95 deletions(-)
 delete mode 100644 prebuilt/common/bin/otasigcheck.sh

diff --git a/config/common.mk b/config/common.mk
index 158c35cd..908841f5 100644
--- a/config/common.mk
+++ b/config/common.mk
@@ -51,10 +51,6 @@ PRODUCT_COPY_FILES += \
 PRODUCT_COPY_FILES += \
     vendor/replicant/config/permissions/backup.xml:system/etc/sysconfig/backup.xml
 
-# Signature compatibility validation
-PRODUCT_COPY_FILES += \
-    vendor/replicant/prebuilt/common/bin/otasigcheck.sh:install/bin/otasigcheck.sh
-
 # init.d support
 PRODUCT_COPY_FILES += \
     vendor/replicant/prebuilt/common/etc/init.d/00banner:system/etc/init.d/00banner \
diff --git a/prebuilt/common/bin/otasigcheck.sh b/prebuilt/common/bin/otasigcheck.sh
deleted file mode 100644
index aba53b01..00000000
--- a/prebuilt/common/bin/otasigcheck.sh
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/sh
-
-# Validate that the incoming OTA is compatible with an already-installed
-# system
-
-grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log
-if [ $? -eq 0 ]; then
-  echo "Data will be wiped after install; skipping signature check..."
-  exit 0
-fi
-
-grep -q "Command:.*\"--headless\"" /tmp/recovery.log
-if [ $? -eq 0 ]; then
-  echo "Headless mode install; skipping signature check..."
-  exit 0
-fi
-
-if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then
-  relkey=$(cat "/tmp/releasekey")
-  OLDIFS="$IFS"
-  IFS=""
-  while read line; do
-    if [ "${#line}" -gt 4094 ]; then
-      continue
-    fi
-    params=${line# *<package *}
-    if [ "$line" != "$params" ]; then
-      kvp=${params%% *}
-      params=${params#* }
-      while [ "$kvp" != "$params" ]; do
-        key=${kvp%%=*}
-        val=${kvp#*=}
-        vlen=$(( ${#val} - 2 ))
-        val=${val:1:$vlen}
-        if [ "$key" = "name" ]; then
-          package="$val"
-        fi
-        kvp=${params%% *}
-        params=${params#* }
-      done
-      continue
-    fi
-    params=${line# *<cert *}
-    if [ "$line" != "$params" ]; then
-      keyidx=""
-      keyval=""
-      kvp=${params%% *}
-      params=${params#* }
-      while [ "$kvp" != "$params" ]; do
-        key=${kvp%%=*}
-        val=${kvp#*=}
-        vlen=$(( ${#val} - 2 ))
-        val=${val:1:$vlen}
-        if [ "$key" = "index" ]; then
-          keyidx="$val"
-        fi
-        if [ "$key" = "key" ]; then
-          keyval="$val"
-        fi
-        kvp=${params%% *}
-        params=${params#* }
-      done
-      if [ -n "$keyidx" ]; then
-        if [ "$package" = "com.android.htmlviewer" ]; then
-          cert_idx="$keyidx"
-        fi
-      fi
-      if [ -n "$keyval" ]; then
-        eval "key_$keyidx=$keyval"
-      fi
-      continue
-    fi
-  done < "/data/system/packages.xml"
-  IFS="$OLDIFS"
-
-  # Tools missing? Err on the side of caution and exit cleanly
-  if [ -z "$cert_idx" ]; then
-    echo "Package cert index not found; skipping signature check..."
-    exit 0
-  fi
-
-  varname="key_$cert_idx"
-  eval "pkgkey=\$$varname"
-
-  if [ "$pkgkey" != "$relkey" ]; then
-     echo "You have an installed system that isn't signed with this build's key, aborting..."
-     exit 124
-  fi
-fi
-
-exit 0
-- 
2.28.0



More information about the Replicant mailing list