问题
I am building AOSP and I want to sign the build with my own key. There is some official doc about this process here.
But I wonder if I can simply turn around all of that process and instead do this things:
- Delete default android test-keys which are located at
build/target/product/security - put my keys (which are generated using official instructions at here) in that folder with same names. (Assume one key for all of shared,media,...)
But this approach does not work. After burning the image, system apps (SystemUI, settings,..) will stop and continuously show the ANR dialog. I know this happens if system signature does not match with these apps's signature... but why?
Another question: Is using same key as shared.pk8 , media.pk8, testkey.pk8 , ... causes any problem?
Thanks
回答1:
First, make sure the build has re-signed the apps. You may have to do a make clean to get rid of the previous artifacts.
Also check the Android.mk files for your bundled system apps (like in packages/apps or wherever you may have put them). Where you see this line:
LOCAL_CERTIFICATE := PRESIGNED
replace it with this instead:
LOCAL_CERTIFICATE := platform
This will let the build re-sign your system apps with the key they'll be checked against.
While using the same key for shared, media, testkey, platform will work (in the sense that your system should boot and function), it removes a layer of isolation from apps built with those keys. In particular, non-system apps that are normally signed with the testkey will now be signed with the same key as platform. This will give them access to system app data and code and also give them heightened privileges (like not having to ask the user for confirmation to use the camera or access their files). I don't think that's recommended.
回答2:
One suggestion:
If you don't want to keep your private keys in source control together with the aosp code, you can define a path to them in your device mk:
PRODUCT_DEFAULT_DEV_CERTIFICATE := /home/my_user/release_keys_folder/releasekey
PRODUCT_VERITY_SIGNING_KEY := /home/my_user/release_keys_folder/verity
来源:https://stackoverflow.com/questions/57959598/aosp-building-replace-my-own-keys-with-default-test-keys