diff options
author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-08-23 03:57:19 +0200 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-10-02 12:32:31 +0200 |
commit | a6a593b487b1dce093fd4ca170a1921916efe7fd (patch) | |
tree | 12f4a9fef84da62b9cf60657e1d393994b449d9d | |
parent | dddd18f69c9bc3250613a96694ee983988e7295c (diff) | |
download | vendor_replicant-a6a593b487b1dce093fd4ca170a1921916efe7fd.tar.gz vendor_replicant-a6a593b487b1dce093fd4ca170a1921916efe7fd.tar.bz2 vendor_replicant-a6a593b487b1dce093fd4ca170a1921916efe7fd.zip |
Recovery: delete otasigcheck.sh
The calls to otasigcheck.sh have already been removed in the build
repository with the following commit:
57b200aeb4af062d2c7714de34fafe9b5d6e201c
57b200aeb Recovery: Remove check for matching application signatures with their data
So it is not needed anymore. Removing otasigcheck.sh also makes sure that
it's not possible to call it anymore.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
-rw-r--r-- | config/common.mk | 4 | ||||
-rw-r--r-- | prebuilt/common/bin/otasigcheck.sh | 91 |
2 files changed, 0 insertions, 95 deletions
diff --git a/config/common.mk b/config/common.mk index 158c35cd..908841f5 100644 --- a/config/common.mk +++ b/config/common.mk @@ -51,10 +51,6 @@ PRODUCT_COPY_FILES += \ PRODUCT_COPY_FILES += \ vendor/replicant/config/permissions/backup.xml:system/etc/sysconfig/backup.xml -# Signature compatibility validation -PRODUCT_COPY_FILES += \ - vendor/replicant/prebuilt/common/bin/otasigcheck.sh:install/bin/otasigcheck.sh - # init.d support PRODUCT_COPY_FILES += \ vendor/replicant/prebuilt/common/etc/init.d/00banner:system/etc/init.d/00banner \ diff --git a/prebuilt/common/bin/otasigcheck.sh b/prebuilt/common/bin/otasigcheck.sh deleted file mode 100644 index aba53b01..00000000 --- a/prebuilt/common/bin/otasigcheck.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/sbin/sh - -# Validate that the incoming OTA is compatible with an already-installed -# system - -grep -q "Command:.*\"--wipe\_data\"" /tmp/recovery.log -if [ $? -eq 0 ]; then - echo "Data will be wiped after install; skipping signature check..." - exit 0 -fi - -grep -q "Command:.*\"--headless\"" /tmp/recovery.log -if [ $? -eq 0 ]; then - echo "Headless mode install; skipping signature check..." - exit 0 -fi - -if [ -f "/data/system/packages.xml" -a -f "/tmp/releasekey" ]; then - relkey=$(cat "/tmp/releasekey") - OLDIFS="$IFS" - IFS="" - while read line; do - if [ "${#line}" -gt 4094 ]; then - continue - fi - params=${line# *<package *} - if [ "$line" != "$params" ]; then - kvp=${params%% *} - params=${params#* } - while [ "$kvp" != "$params" ]; do - key=${kvp%%=*} - val=${kvp#*=} - vlen=$(( ${#val} - 2 )) - val=${val:1:$vlen} - if [ "$key" = "name" ]; then - package="$val" - fi - kvp=${params%% *} - params=${params#* } - done - continue - fi - params=${line# *<cert *} - if [ "$line" != "$params" ]; then - keyidx="" - keyval="" - kvp=${params%% *} - params=${params#* } - while [ "$kvp" != "$params" ]; do - key=${kvp%%=*} - val=${kvp#*=} - vlen=$(( ${#val} - 2 )) - val=${val:1:$vlen} - if [ "$key" = "index" ]; then - keyidx="$val" - fi - if [ "$key" = "key" ]; then - keyval="$val" - fi - kvp=${params%% *} - params=${params#* } - done - if [ -n "$keyidx" ]; then - if [ "$package" = "com.android.htmlviewer" ]; then - cert_idx="$keyidx" - fi - fi - if [ -n "$keyval" ]; then - eval "key_$keyidx=$keyval" - fi - continue - fi - done < "/data/system/packages.xml" - IFS="$OLDIFS" - - # Tools missing? Err on the side of caution and exit cleanly - if [ -z "$cert_idx" ]; then - echo "Package cert index not found; skipping signature check..." - exit 0 - fi - - varname="key_$cert_idx" - eval "pkgkey=\$$varname" - - if [ "$pkgkey" != "$relkey" ]; then - echo "You have an installed system that isn't signed with this build's key, aborting..." - exit 124 - fi -fi - -exit 0 |