AOSP构建:用默认的测试密钥替换我自己的密钥 [英] AOSP building: replace my own keys with default test-keys
问题描述
我正在构建AOSP,我想用自己的密钥对构建进行签名。 此处。
I am building AOSP and I want to sign the build with my own key. There is some official doc about this process here.
但是我不知道我是否可以简单地扭转所有这些过程,而是去做以下事情:
But I wonder if I can simply turn around all of that process and instead do this things:
- 删除位于
build / target / product / security - 的默认android测试密钥输入我的密钥(使用官方生成相同名称的文件夹中此处)中的说明。 (假设所有共享,媒体等都使用一个密钥)。
- Delete default android test-keys which are located at
build/target/product/security - put my keys (which are generated using official instructions at here) in that folder with same names. (Assume one key for all of shared,media,...)
但是这种方法不起作用。刻录图像后,系统应用程序(SystemUI,设置等)将停止并连续显示ANR对话框。我知道如果系统签名与这些应用程序的签名不匹配会发生这种情况...但是为什么?
But this approach does not work. After burning the image, system apps (SystemUI, settings,..) will stop and continuously show the ANR dialog. I know this happens if system signature does not match with these apps's signature... but why?
另一个问题:正在使用与 shared相同的密钥.pk8 , media.pk8 , testkey.pk8 ,...引起任何问题?
Another question: Is using same key as shared.pk8 , media.pk8, testkey.pk8 , ... causes any problem?
谢谢
推荐答案
首先,确保构建已重新签名的应用程序。您可能需要进行清洁才能消除以前的工件。
First, make sure the build has re-signed the apps. You may have to do a make clean to get rid of the previous artifacts.
还要检查<$ c捆绑的系统应用程序的$ c> Android.mk 文件(例如 packages / apps 或放置在任何位置的文件)。在哪里看到此行:
Also check the Android.mk files for your bundled system apps (like in packages/apps or wherever you may have put them). Where you see this line:
LOCAL_CERTIFICATE := PRESIGNED
替换为:
LOCAL_CERTIFICATE := platform
这将使构建版本将使用要检查的密钥对系统应用重新签名。
This will let the build re-sign your system apps with the key they'll be checked against.
虽然对共享, media , testkey , platform 可以正常工作(从某种意义上说,您的系统应该启动并运行),它消除了与应用程序的隔离层用这些键构建的。特别是,通常使用 testkey 签名的非系统应用程序现在将使用与 platform 相同的密钥签名。 。这将使他们能够访问系统应用程序数据和代码,并赋予他们更高的特权(例如不必要求用户确认使用摄像机或访问其文件)。我不建议这样做。
While using the same key for shared, media, testkey, platform will work (in the sense that your system should boot and function), it removes a layer of isolation from apps built with those keys. In particular, non-system apps that are normally signed with the testkey will now be signed with the same key as platform. This will give them access to system app data and code and also give them heightened privileges (like not having to ask the user for confirmation to use the camera or access their files). I don't think that's recommended.
这篇关于AOSP构建:用默认的测试密钥替换我自己的密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
