forked from 306bobby-android/crDroid-build-signed-script
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathcreate-signed-env.sh
More file actions
executable file
·93 lines (75 loc) · 4.86 KB
/
create-signed-env.sh
File metadata and controls
executable file
·93 lines (75 loc) · 4.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
# Default values
DEFAULT_COUNTRY="US"
DEFAULT_STATE="California"
DEFAULT_LOCALITY="Mountain View"
DEFAULT_ORGANIZATION="crDroid"
DEFAULT_ORG_UNIT="crDroid"
DEFAULT_COMMON_NAME="crDroid"
DEFAULT_EMAIL="contact@crdroid.net"
# Prompt the user for each part of the subject line with defaults
read -p "Enter country code [${DEFAULT_COUNTRY}] (C): " country
country=${country:-$DEFAULT_COUNTRY}
read -p "Enter state or province name [${DEFAULT_STATE}] (ST): " state
state=${state:-$DEFAULT_STATE}
read -p "Enter locality [${DEFAULT_LOCALITY}] (L): " locality
locality=${locality:-$DEFAULT_LOCALITY}
read -p "Enter organization name [${DEFAULT_ORGANIZATION}] (O): " organization
organization=${organization:-$DEFAULT_ORGANIZATION}
read -p "Enter organizational unit [${DEFAULT_ORG_UNIT}] (OU): " organizational_unit
organizational_unit=${organizational_unit:-$DEFAULT_ORG_UNIT}
read -p "Enter common name [${DEFAULT_COMMON_NAME}] (CN): " common_name
common_name=${common_name:-$DEFAULT_COMMON_NAME}
read -p "Enter email address [${DEFAULT_EMAIL}] (emailAddress): " email
email=${email:-$DEFAULT_EMAIL}
# Construct the subject line
subject="/C=${country}/ST=${state}/L=${locality}/O=${organization}/OU=${organizational_unit}/CN=${common_name}/emailAddress=${email}"
# Print the subject line
echo ""
echo "Using Subject Line:"
echo "$subject"
echo ""
# Prompt the user to verify if the subject line is correct
read -p "Is the subject line correct? [Y/n]: " confirmation
confirmation=${confirmation:-Y}
# Check the user's response
if [[ $confirmation != "y" && $confirmation != "Y" ]]; then
echo "Exiting without changes."
exit 1
fi
clear
# Create Key
echo "Press ENTER TWICE to skip password (around 100 enter hits total). Cannot use a password for inline signing!"
mkdir -p ~/.android-certs
for cert in bluetooth cyngn-app media networkstack nfc platform releasekey sdk_sandbox shared testcert testkey verity; do \
./development/tools/make_key ~/.android-certs/$cert "$subject"; \
done
# Create APEX keys
cp ./development/tools/make_key ~/.android-certs/
sed -i 's|2048|4096|g' ~/.android-certs/make_key
for apex in com.android.adbd com.android.adservices com.android.adservices.api com.android.appsearch com.android.appsearch.apk com.android.art com.android.bluetooth com.android.bt com.android.btservices com.android.cellbroadcast com.android.compos com.android.configinfrastructure com.android.connectivity.resources com.android.conscrypt com.android.crashrecovery com.android.devicelock com.android.extservices com.android.graphics.pdf com.android.hardware.authsecret com.android.hardware.biometrics.face.virtual com.android.hardware.biometrics.fingerprint.virtual com.android.hardware.boot com.android.hardware.cas com.android.hardware.contexthub com.android.hardware.dumpstate com.android.hardware.gatekeeper.nonsecure com.android.hardware.neuralnetworks com.android.hardware.power com.android.hardware.rebootescrow com.android.hardware.thermal com.android.hardware.threadnetwork com.android.hardware.uwb com.android.hardware.vibrator com.android.hardware.wifi com.android.healthfitness com.android.hotspot2.osulogin com.android.i18n com.android.ipsec com.android.media com.android.media.swcodec com.android.mediaprovider com.android.nearby.halfsheet com.android.networkstack.tethering com.android.neuralnetworks com.android.nfcservices com.android.ondevicepersonalization com.android.os.statsd com.android.permission com.android.profiling com.android.resolv com.android.rkpd com.android.runtime com.android.safetycenter.resources com.android.scheduling com.android.sdkext com.android.support.apexer com.android.telephony com.android.telephonycore com.android.telephonymodules com.android.tethering com.android.tzdata com.android.uprobestats com.android.uwb com.android.uwb.resources com.android.virt com.android.vndk.current com.android.vndk.current.on_vendor com.android.wifi com.android.wifi.dialog com.android.wifi.resources com.google.pixel.camera.hal com.google.pixel.vibrator.hal com.qorvo.uwb; do \
~/.android-certs/make_key ~/.android-certs/$apex "$subject"; \
openssl pkcs8 -in ~/.android-certs/$apex.pk8 -inform DER -nocrypt -out ~/.android-certs/$apex.pem; \
done
## Create vendor for keys
rm ~/.android-certs/make_key
rm -rf vendor/lineage-priv
mkdir -p vendor/lineage-priv
mv ~/.android-certs vendor/lineage-priv/keys
echo "PRODUCT_DEFAULT_DEV_CERTIFICATE := vendor/lineage-priv/keys/releasekey" > vendor/lineage-priv/keys/keys.mk
cat <<EOF > vendor/lineage-priv/keys/BUILD.bazel
filegroup(
name = "android_certificate_directory",
srcs = glob([
"*.pk8",
"*.pem",
]),
visibility = ["//visibility:public"],
)
EOF
echo ""
echo "✓ Done! Now build as usual."
echo "✓ If builds aren't being signed, add '-include vendor/lineage-priv/keys/keys.mk' to your device mk file"
echo ""
echo "⚠ IMPORTANT: Make copies of your vendor/lineage-priv folder as it contains your keys!"
sleep 3