OS: android 4.1
SOC: amlogic
CTS: 4.1-R1
cts-tf > run cts -c android.security.cts.PackageSignatureTest --m testPackageSignatures
junit.framework.AssertionFailedError: These packages should not be signed with a well known key: [com.android.soundrecorder, com.amlogic.HdmiSwitch, com.android.launcher, com.android.defcontainer, com.android.quicksearchbox, com.android.contacts, com.android.inputmethod.latin, com.android.phone, com.android.calculator2, com.android.htmlviewer, com.android.providers.calendar, com.android.bluetooth, com.android.inputdevices, com.android.wallpaper.holospiral, org.geometerplus.zlibrary.ui.android, com.android.calendar, com.android.browser, com.android.music, com.android.nfc, com.android.providers.downloads.ui, com.android.providers.userdictionary, com.android.sharedstoragebackup, com.android.vpndialogs, com.android.provision, com.android.providers.media, com.android.certinstaller, com.gsoft.appinstall, com.android.galaxy4, com.farcore.videoplayer, android, com.android.settings, com.android.providers.contacts, com.android.providers.applications, com.android.providers.drm, com.android.gallery3d, com.android.apps.tag, com.android.systemui, com.android.musicvis, com.android.exchange, com.adobe.flashplayer, com.android.wallpaper.livepicker, com.android.keychain, com.android.smspush, com.android.packageinstaller, com.android.wallpaper, com.android.providers.telephony, com.svox.pico, com.android.noisefield, com.android.email, com.android.deskclock, com.fb.FileBrower, com.android.backupconfirm, com.android.providers.settings, com.android.magicsmoke, com.android.providers.downloads, com.android.musicfx, com.android.phasebeam] at android.security.cts.PackageSignatureTest.testPackageSignatures(PackageSignatureTest.java:62)
『方法 1』- key重新產生即可:
爬文的結果,是說key要重新產生:
[src] ./build/target/product/security/目錄下有media、platform、shared、testkey這四把,其中x509.pem是public key, 而 pk8是 private key。
[src] ./development/tools/make_key 這個tool可產生上述的key:
./development/tools/make_key testkey '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
./development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
./development/tools/make_key shared '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
./development/tools/make_key media '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
上面的資料是 build/target/product/security/README
產生的時候,不要打密碼,compile會有問題, 可以輸入自已的資料
( google查到的資料都寫可以打密碼@@,打密碼又可以編譯目前還試不出來 )
其中:
/C表示“Country Code”,
/ST表示“State or Province”,
/L表示“City or Locality”,
/O表示“Organization”,
/OU表示“Organizational Unit”,
/CN表示“Name”,
/emailAddress表示"email adderss"
BTW:
- 重新 make otapackage (rebuild)就行了, 不用clean compile = =
然後把nand flash整個砍掉重練, 不然是無法燒錄的 = =
(浪費不少時間就是沒作這個步驟,八成是連recovrey.img都有簽章或加密阿,太笨了 ) - 打密碼會出現類似的訊息: (還不會解決)
Enter password for build/target/product/security/shared.pk8 (password will not be hidden): java.lang.NullPointerException at com.android.signapk.SignApk.decryptPrivateKey(SignApk.java:130) at com.android.signapk.SignApk.readPrivateKey(SignApk.java:154) - 如果要看到這個測項要pass,還得把 flashplayer.apk 拿掉
ref: 小猫的空间
====================================
『方法 2』- 這招才對:
- 依上面步驟自已生成key (可以設定密碼)
把 testkey、platform、shared、media這四把key放到某個目錄下 (key_directory) - 用 make -j4 PRODUCT-product_name-user dist 來編譯, 這裡的key是使用預設路徑 ./build/target/product/security/ 裡面的
(./out下會產生dist目錄) - 用releasekey來取代testkey: (這裡的key是自已生成的)
簽章,./build/tools/releasetools/sign_target_files_apks -d key_directory out/dist/product_name-target_files.zip out/dist/signed_target_files.zip
其中product_name-target_files.zip是上一步驟編譯出來的
中間可能會出現:
ERROR: no key specified for: abc123.apk def456.apk
可能是開發者用自已的key簽過了或找不到對應的key來簽,可以加入參數『-e *.apk =』來避開:
./build/tools/releasetools/sign_target_files_apks -d key_directory -e ab123.apk= -e def456.apk= out/dist/product_modul-target_files.zip out/dist/signed_target_files.zip
如此簽章的步驟就完成了 - 打包成image:
./build/tools/releasetools/img_from_target_files out/dist/signed-target-files.zip out/dist/signed-img.zip 使用 img_from_target_files 工具生成 signed-img.zip 文件。
其中 signed-img.zip 文件包含了 boot.img、userdate.img、system.img、userdate.img - 用fastboot來更新image
./out/dist/fastboot update signed-img.zip
通过fastboot就可以把簽章過的文件下載到板子上了。
(不過amlogic不能用fastboot,所以沒成功過)
可以用:
./build/tools/releasetools/ota_from_target_files -n -k build/target/product/security/testkey signed-target-files.zip out_directory/outfile.zip
如此,在 outfile.zip 找到system/apps/build.prop,裡頭的fingerprint應該是要releasekey才是對的
====================================
其它相關 - 1:
在Android.mk裡頭定義 LOCAL_CERTIFICATE 用哪把key來簽章
ex:
./frameworks/ex/carousel/test/Android.mk:27:LOCAL_CERTIFICATE := platform
./frameworks/ex/variablespeed/tests/Android.mk:18:LOCAL_CERTIFICATE := shared
如果沒定義的話會使用預設的key:
./build/core/config.mk
# The default key if not set as LOCAL_CERTIFICATE
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
endif
./build/core/product_config.mk:
PRODUCT_DEFAULT_DEV_CERTIFICATE := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_DEV_CERTIFICATE))
其它相關 - 2:
其它相關 - 1:
在Android.mk裡頭定義 LOCAL_CERTIFICATE 用哪把key來簽章
ex:
./frameworks/ex/carousel/test/Android.mk:27:LOCAL_CERTIFICATE := platform
./frameworks/ex/variablespeed/tests/Android.mk:18:LOCAL_CERTIFICATE := shared
如果沒定義的話會使用預設的key:
./build/core/config.mk
# The default key if not set as LOCAL_CERTIFICATE
ifdef PRODUCT_DEFAULT_DEV_CERTIFICATE
DEFAULT_SYSTEM_DEV_CERTIFICATE := $(PRODUCT_DEFAULT_DEV_CERTIFICATE)
else
DEFAULT_SYSTEM_DEV_CERTIFICATE := build/target/product/security/testkey
endif
./build/core/product_config.mk:
PRODUCT_DEFAULT_DEV_CERTIFICATE := \
$(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEFAULT_DEV_CERTIFICATE))
其它相關 - 2:
- 每次compile後, out/target/product/product_name/recovery/root/res/keys 值都會改變
- product_name-ota-eng-xxx.zip裡的 META-INF/CERT.RSA (亂碼)可以看到用make_key輸入的資訊
( 可以很明顯emailAdderss的資訊,ex: android@android.com ) - CERT.RSA、CSRT.SF、MANIFEST.MF 就是簽章驗証用的
请教一下大大兩個問題
回覆刪除Q1.我再测CTS时,也遇到testPackageSignatures fail
我用您说的方法二-->
make -j4 PRODUCT-product_name-user dist
结果会产胜错误如下
Traceback (most recent call last):
File "./build/tools/releasetools/img_from_target_files", line 222, in
main(sys.argv[1:])
File "./build/tools/releasetools/img_from_target_files", line 207, in main
AddSystem(output_zip)
File "./build/tools/releasetools/img_from_target_files", line 158, in AddSystem
common.CheckSize(data, "system.img", OPTIONS.info_dict)
File "/LINUX/android/build/tools/releasetools/common.py", line 440, in CheckSize
if not fs_type or not limit: return
UnboundLocalError: local variable 'fs_type' referenced before assignment
不知道大大在make時有没有遇到遇过这样的问题?
Q2.雖然make時有錯誤,但在out/dist有產生product_name-target_files.zip,我用方法2的第三步驟來簽章,會出現以下錯誤
Traceback (most recent call last):
File "./build/tools/releasetools/sign_target_files_apks", line 349, in
main(sys.argv[1:])
File "./build/tools/releasetools/sign_target_files_apks", line 328, in main
misc_info = common.LoadInfoDict(input_zip)
TypeError: LoadInfoDict() takes exactly 2 arguments (1 given)
不知道大大在簽章時有没有遇到遇过这样的问题?
嗨,你好
刪除你可以上網找img_from_target_files這個檔案來跟手上的比較,
有不一樣的話,可以先用網路版的試試看。
我有碰到類似的問題,但不是在這個部份,
手頭的BSP版本在tool裡的檔案有些被chip廠修改過了,
換過後就沒問題了
建議第一個問題解決了再來進行下一步 :D