diff options
author | William Roberts <wroberts@tresys.com> | 2013-10-30 09:50:52 -0700 |
---|---|---|
committer | William Roberts <wroberts@tresys.com> | 2013-10-30 11:48:22 -0700 |
commit | 9793a452e7cd98a388aa5a9809777d830aaa7fbe (patch) | |
tree | 15d182932f7cb74d45dd33c9ab7b61178c6c5f3a /README | |
parent | 5b38c47b7e53371f7c400cf9c0f312a1f147dce9 (diff) | |
download | android_external_sepolicy-9793a452e7cd98a388aa5a9809777d830aaa7fbe.tar.gz android_external_sepolicy-9793a452e7cd98a388aa5a9809777d830aaa7fbe.tar.bz2 android_external_sepolicy-9793a452e7cd98a388aa5a9809777d830aaa7fbe.zip |
readme: add info on generating pem files from apks
Often times OEMs and other integrators will need to create PEM
files from presigned APKs they are integrating. This patch will
update the README to include a technique for doing so.
Change-Id: Ica52269542409d2038cfe30cbd5f28ead2fba4de
Diffstat (limited to 'README')
-rw-r--r-- | README | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -118,5 +118,16 @@ mac_permissions.xml: via the familiar $VARIABLE syntax. This is often useful for setting a location to ones release keys. + Often times, one will need to integrate an application that was signed by a separate + organization and may need to extract the pem file for the insertkeys/keys.conf tools. + Extraction of the public key in the pem format is possible via openssl. First you need + to unzip the apk, once it is unzipped, cd into the META_INF directory and then execute + openssl pkcs7 -inform DER -in CERT.RSA -out CERT.pem -outform PEM -print_certs + On some occasions CERT.RSA has a different name, and you will need to adjust for that. + After extracting the pem, you can rename it, and configure keys.conf and + mac_permissions.xml to pick up the change. You MUST open the generated pem file in a text + editor and strip out anything outside the opening and closing scissor lines. Failure to do + so WILL cause a compile time issue thrown by insertkeys.py + NOTE: The pem files are base64 encoded and PackageManagerService, mac_permissions.xml and setool all use base16 encodings. |