[Replicant] [manifest] [PATCH v4] Add replicant-data

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Thu Oct 8 15:19:40 UTC 2020


This repository has all the Replicant releases certificates which are
needed to generate the keys-migration.sh script which will be added at
vendor/replicant/prebuilt/common/bin/keys-migration.sh.

As the prebuilt directory name imply it will have to be manually generated.
To do that a python script is being worked on.

The key-migration.sh script is needed because during the Replicant build,
keys and certificates are generated by vendor/replicant/sign-build.sh.
They are then used to sign system applications. If the application
signatures changes, the applications loose access to their data.

On Replicant 6 this results in the launcher always crashing, making the
device unusable after having installing a new image with different
signatures for system applications.

To fix that, the key-migration.sh script will be able to replace the old
certificates public keys with the new ones in /data/system/packages.xml.

As we already have several certificates sets due to developers changes
and to the fact that I didn't realize that I needed not to delete the
vendor/replicant-security directory, it's better to automatize the
key-migration.sh script creation.

In addition it enables to abstract away key management to make the cost
of deleting vendor/replicant-security irrelevant, and also enables
to create custom scripts for downgrade and to make it easier for users and
developers to run their own builds.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org>
---
 default.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/default.xml b/default.xml
index 843d796..b182014 100644
--- a/default.xml
+++ b/default.xml
@@ -294,6 +294,7 @@
   <project path="system/security" name="LineageOS-mirror/android_system_security.git" groups="pdk" />
   <project path="system/vold" name="LineageOS-mirror/android_system_vold.git" groups="pdk" />
   <project path="vendor/replicant" name="replicant/vendor_replicant.git" remote="replicant" />
+  <project path="vendor/replicant-data" name="replicant/vendor_replicant-data.git" remote="replicant" revision="master" />
   <project path="vendor/replicant-scripts" name="replicant/vendor_replicant-scripts.git" remote="replicant" />
   <project path="vendor/cmsdk" name="replicant/vendor_cmsdk.git" remote="replicant" />
 
-- 
2.28.0



More information about the Replicant mailing list