[Replicant] [vendor_replicant] [PATCH v3 4/4] Recovery: delete otasigcheck.sh
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Fri Oct 2 13:50:52 UTC 2020
The calls to otasigcheck.sh have already been removed in the build
repository with the following commit:
57b200aeb4af062d2c7714de34fafe9b5d6e201c
57b200aeb Recovery: Remove check for matching application signatures with their data
So it is not needed anymore. Removing otasigcheck.sh also makes sure that
it's not possible to call it anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org>
---
config/common.mk | 4 --
prebuilt/common/bin/otasigcheck.sh | 91 ------------------------------
2 files changed, 95 deletions(-)
delete mode 100644 prebuilt/common/bin/otasigcheck.sh
diff --git a/config/common.mk b/config/common.mk
index 158c35cd..908841f5 100644
--- a/config/common.mk
+++ b/config/common.mk
@@ -51,10 +51,6 @@ PRODUCT_COPY_FILES += \
PRODUCT_COPY_FILES += \
vendor/replicant/config/permissions/backup.xml:system/etc/sysconfig/backup.xml
-# Signature compatibility validation
-PRODUCT_COPY_FILES += \
- vendor/replicant/prebuilt/common/bin/otasigcheck.sh:install/bin/otasigcheck.sh
-
# init.d support
PRODUCT_COPY_FILES += \
vendor/replicant/prebuilt/common/etc/init.d/00banner:system/etc/init.d/00banner \
diff --git a/prebuilt/common/bin/otasigcheck.sh b/prebuilt/common/bin/otasigcheck.sh
deleted file mode 100644
index aba53b01..00000000
--- a/prebuilt/common/bin/otasigcheck.sh
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/sh
-
-# Validate that the incoming OTA is compatible with an already-installed
-# system
-
-grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log
-if [ $? -eq 0 ]; then
- echo "Data will be wiped after install; skipping signature check..."
- exit 0
-fi
-
-grep -q "Command:.*\"--headless\"" /tmp/recovery.log
-if [ $? -eq 0 ]; then
- echo "Headless mode install; skipping signature check..."
- exit 0
-fi
-
-if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then
- relkey=$(cat "/tmp/releasekey")
- OLDIFS="$IFS"
- IFS=""
- while read line; do
- if [ "${#line}" -gt 4094 ]; then
- continue
- fi
- params=${line# *<package *}
- if [ "$line" != "$params" ]; then
- kvp=${params%% *}
- params=${params#* }
- while [ "$kvp" != "$params" ]; do
- key=${kvp%%=*}
- val=${kvp#*=}
- vlen=$(( ${#val} - 2 ))
- val=${val:1:$vlen}
- if [ "$key" = "name" ]; then
- package="$val"
- fi
- kvp=${params%% *}
- params=${params#* }
- done
- continue
- fi
- params=${line# *<cert *}
- if [ "$line" != "$params" ]; then
- keyidx=""
- keyval=""
- kvp=${params%% *}
- params=${params#* }
- while [ "$kvp" != "$params" ]; do
- key=${kvp%%=*}
- val=${kvp#*=}
- vlen=$(( ${#val} - 2 ))
- val=${val:1:$vlen}
- if [ "$key" = "index" ]; then
- keyidx="$val"
- fi
- if [ "$key" = "key" ]; then
- keyval="$val"
- fi
- kvp=${params%% *}
- params=${params#* }
- done
- if [ -n "$keyidx" ]; then
- if [ "$package" = "com.android.htmlviewer" ]; then
- cert_idx="$keyidx"
- fi
- fi
- if [ -n "$keyval" ]; then
- eval "key_$keyidx=$keyval"
- fi
- continue
- fi
- done < "/data/system/packages.xml"
- IFS="$OLDIFS"
-
- # Tools missing? Err on the side of caution and exit cleanly
- if [ -z "$cert_idx" ]; then
- echo "Package cert index not found; skipping signature check..."
- exit 0
- fi
-
- varname="key_$cert_idx"
- eval "pkgkey=\$$varname"
-
- if [ "$pkgkey" != "$relkey" ]; then
- echo "You have an installed system that isn't signed with this build's key, aborting..."
- exit 124
- fi
-fi
-
-exit 0
--
2.28.0
More information about the Replicant
mailing list