diff options
| author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-08-23 03:57:19 +0200 |
|---|---|---|
| committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-10-09 18:47:46 +0200 |
| commit | 47ee59d0d8f4833e3074cd265a1cba3da54ce22e (patch) | |
| tree | 48d2729ac0f968ba41411c7e5f7dc0ac8e54d24d | |
| parent | d1b6b455ebb8a5c7adbb0303bae3319aa88a668d (diff) | |
| download | vendor_replicant-47ee59d0d8f4833e3074cd265a1cba3da54ce22e.tar.gz vendor_replicant-47ee59d0d8f4833e3074cd265a1cba3da54ce22e.tar.bz2 vendor_replicant-47ee59d0d8f4833e3074cd265a1cba3da54ce22e.zip | |
Recovery: delete otasigcheck.sh
The calls to otasigcheck.sh have already been removed in the build
repository with the following commit:
57b200aeb4af062d2c7714de34fafe9b5d6e201c
57b200aeb Recovery: Remove check for matching application signatures with their data
So it is not needed anymore. Removing otasigcheck.sh also makes sure that
it's not possible to call it anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
| -rw-r--r-- | config/common.mk | 4 | ||||
| -rw-r--r-- | prebuilt/common/bin/otasigcheck.sh | 91 |
2 files changed, 0 insertions, 95 deletions
diff --git a/config/common.mk b/config/common.mk index 8c037cd4..a3847459 100644 --- a/config/common.mk +++ b/config/common.mk @@ -51,10 +51,6 @@ PRODUCT_COPY_FILES += \ PRODUCT_COPY_FILES += \ vendor/replicant/config/permissions/backup.xml:system/etc/sysconfig/backup.xml -# Signature compatibility validation -PRODUCT_COPY_FILES += \ - vendor/replicant/prebuilt/common/bin/otasigcheck.sh:install/bin/otasigcheck.sh - # init.d support PRODUCT_COPY_FILES += \ vendor/replicant/prebuilt/common/etc/init.d/00banner:system/etc/init.d/00banner \ diff --git a/prebuilt/common/bin/otasigcheck.sh b/prebuilt/common/bin/otasigcheck.sh deleted file mode 100644 index aba53b01..00000000 --- a/prebuilt/common/bin/otasigcheck.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/sbin/sh - -# Validate that the incoming OTA is compatible with an already-installed -# system - -grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log -if [ $? -eq 0 ]; then - echo "Data will be wiped after install; skipping signature check..." - exit 0 -fi - -grep -q "Command:.*\"--headless\"" /tmp/recovery.log -if [ $? -eq 0 ]; then - echo "Headless mode install; skipping signature check..." - exit 0 -fi - -if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then - relkey=$(cat "/tmp/releasekey") - OLDIFS="$IFS" - IFS="" - while read line; do - if [ "${#line}" -gt 4094 ]; then - continue - fi - params=${line# *<package *} - if [ "$line" != "$params" ]; then - kvp=${params%% *} - params=${params#* } - while [ "$kvp" != "$params" ]; do - key=${kvp%%=*} - val=${kvp#*=} - vlen=$(( ${#val} - 2 )) - val=${val:1:$vlen} - if [ "$key" = "name" ]; then - package="$val" - fi - kvp=${params%% *} - params=${params#* } - done - continue - fi - params=${line# *<cert *} - if [ "$line" != "$params" ]; then - keyidx="" - keyval="" - kvp=${params%% *} - params=${params#* } - while [ "$kvp" != "$params" ]; do - key=${kvp%%=*} - val=${kvp#*=} - vlen=$(( ${#val} - 2 )) - val=${val:1:$vlen} - if [ "$key" = "index" ]; then - keyidx="$val" - fi - if [ "$key" = "key" ]; then - keyval="$val" - fi - kvp=${params%% *} - params=${params#* } - done - if [ -n "$keyidx" ]; then - if [ "$package" = "com.android.htmlviewer" ]; then - cert_idx="$keyidx" - fi - fi - if [ -n "$keyval" ]; then - eval "key_$keyidx=$keyval" - fi - continue - fi - done < "/data/system/packages.xml" - IFS="$OLDIFS" - - # Tools missing? Err on the side of caution and exit cleanly - if [ -z "$cert_idx" ]; then - echo "Package cert index not found; skipping signature check..." - exit 0 - fi - - varname="key_$cert_idx" - eval "pkgkey=\$$varname" - - if [ "$pkgkey" != "$relkey" ]; then - echo "You have an installed system that isn't signed with this build's key, aborting..." - exit 124 - fi -fi - -exit 0 |