From e1d02fb9ff2ab58f018bbe27f83dc0c86ea61b36 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Fri, 19 Oct 2018 15:52:17 -0700 Subject: Recovery now expects public keys in zipfile This is in line with the build system change which copies the recovery ota install keys to a zipfile. And now recovery will parses and loads the public keys from /res/otacerts.zip. The legacy load_keys functions will be removed in later cls. Bug: 116655889 Test: sideload an ota package Change-Id: I95e91736ca9964df06d74aa292d672e2f9e442e8 --- install.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/install.cpp b/install.cpp index e379ef307..42d264157 100644 --- a/install.cpp +++ b/install.cpp @@ -695,18 +695,18 @@ int install_package(const std::string& path, bool* wipe_cache, bool needs_mount, } bool verify_package(const unsigned char* package_data, size_t package_size) { - static constexpr const char* PUBLIC_KEYS_FILE = "/res/keys"; - std::vector loadedKeys; - if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) { + static constexpr const char* CERTIFICATE_ZIP_FILE = "/system/etc/security/otacerts.zip"; + std::vector loaded_keys = LoadKeysFromZipfile(CERTIFICATE_ZIP_FILE); + if (loaded_keys.empty()) { LOG(ERROR) << "Failed to load keys"; return false; } - LOG(INFO) << loadedKeys.size() << " key(s) loaded from " << PUBLIC_KEYS_FILE; + LOG(INFO) << loaded_keys.size() << " key(s) loaded from " << CERTIFICATE_ZIP_FILE; // Verify package. ui->Print("Verifying update package...\n"); auto t0 = std::chrono::system_clock::now(); - int err = verify_file(package_data, package_size, loadedKeys, + int err = verify_file(package_data, package_size, loaded_keys, std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1)); std::chrono::duration duration = std::chrono::system_clock::now() - t0; ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err); -- cgit v1.2.3