From a29087ad85ce6a86f66c21485556dc9365121061 Mon Sep 17 00:00:00 2001 From: David Warren Date: Thu, 4 Jun 2009 14:59:40 -0700 Subject: [PATCH] New page, release_keys.jd, requested by bug 1884389. Small fix (broken link) to display_drivers.jd. Audio.jd has new right-side in-page TOC. telephony.jd fixes a bug. --- pdk/docs/guide/audio.jd | 14 ++++-- pdk/docs/guide/display_drivers.jd | 2 +- pdk/docs/guide/pdk_toc.cs | 3 +- pdk/docs/guide/release_keys.jd | 78 +++++++++++++++++++++++++++++++ pdk/docs/guide/telephony.jd | 10 ++++ 5 files changed, 101 insertions(+), 6 deletions(-) create mode 100755 pdk/docs/guide/release_keys.jd diff --git a/pdk/docs/guide/audio.jd b/pdk/docs/guide/audio.jd index fddb293e5..ae97e2191 100755 --- a/pdk/docs/guide/audio.jd +++ b/pdk/docs/guide/audio.jd @@ -2,11 +2,17 @@ page.title=Audio pdk.version=1.0 @jd:body +
+ +

Introduction

diff --git a/pdk/docs/guide/display_drivers.jd b/pdk/docs/guide/display_drivers.jd index 0f0bba5e2..94d5467fc 100755 --- a/pdk/docs/guide/display_drivers.jd +++ b/pdk/docs/guide/display_drivers.jd @@ -338,4 +338,4 @@ MODULE_LICENSE("GPL");
  • Arrow keys: When an arrow key is pressed, the desired icon doesn't get highlighted. For example, if you browse through icons in the Applications menu, you might notice that icons aren't highlighted as expected when you use the arrow key to navigate between options.

    • Both problems are caused by an incorrect implementation of the frame buffer's page flipping. Key events are captured, but the graphical interface appears to drop every other frame.

    -

    Android relies on a double buffer to smoothly render page flips (please see Functionality for details).

    +

    Android relies on a double buffer to smoothly render page flips (please see Functionality for details).

    diff --git a/pdk/docs/guide/pdk_toc.cs b/pdk/docs/guide/pdk_toc.cs index 1ab43b651..3b79cef32 100644 --- a/pdk/docs/guide/pdk_toc.cs +++ b/pdk/docs/guide/pdk_toc.cs @@ -13,7 +13,8 @@ function nothing() {}
  • Building New Device
  • Build Cookbook
  • Bring up
    • - +
  • Release Keys and Signing Builds
    • +

  • Customization

    diff --git a/pdk/docs/guide/release_keys.jd b/pdk/docs/guide/release_keys.jd new file mode 100755 index 000000000..aa3a44b45 --- /dev/null +++ b/pdk/docs/guide/release_keys.jd @@ -0,0 +1,78 @@ +page.title=Creating Release Keys and Signing Builds +pdk.version=1.0 +@jd:body + + +

    Introduction

    +

    Android requires that each application be signed with the developer's digital keys to enforce signature permissions and application request to use shared user ID or target process. For more information on the general Android security principles and signing requirements, see the Android Security and Permissions section in the Android Developer Guide). The core Android platform uses four keys to maintain security of core platform components:

    + +

    These keys are used to sign applications separately for release images and are not used by the Android build system. The build system signs packages with the testkeys provided in build/target/product/security/. Because the testkeys are part of the standard Android open source distribution, they should never be used for production devices. Instead, device manufacturers should generate their own private keys for shipping release builds.

    + +

    Generating keys

    +

    A device manufacturer's keys for each product should be stored under vendor/<vendor_name>/security/<product_name>, where <vendor_name> and <product_name> represent the manufacturer and product names. To simplify key creation, copy the script below to this directory in a file called mkkey.sh. To customize your keys, change the line that starts with AUTH to reflect the correct information for your company:

    +
    +#!/bin/sh
+AUTH='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+if [ "$1" == "" ]; then
+        echo "Create a test certificate key."
+        echo "Usage: $0 NAME"
+        echo "Will generate NAME.pk8 and NAME.x509.pem"
+        echo "  $AUTH"
+        exit
+fi
+
+openssl genrsa -3 -out $1.pem 2048
+
+openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 \
+    -subj "$AUTH"
+
+echo "Please enter the password for this key:"
+openssl pkcs8 -in $1.pem -topk8 -outform DER -out $1.pk8 -passout stdin
+
    +

    mkkey.sh is a helper script to generate the platform's keys. NOTE: the password you type will be visible in your terminal window. Note the passwords you use as you will need them to sign release builds.

    +

    To generate the required 4 platform keys, run mkkey.sh four times specifying the key name and password for each:

    +
    +sh mkkey.sh platform # enter password
+sh mkkey.sh media # enter password
+sh mkkey.sh shared # enter password
+sh mkkey.sh release # enter password
+
    +

    You should now have new keys for your product.

    + +

    Signing a build for release

    +

    Signing a build for a release is a two-step process.

    +
      +
    1. Sign all the individual parts of the build.
      2. +
    2. Put the parts back together into image files.
      3. +
    +

    Signing applications

    +

    Use build/tools/releasetools/sign_target_files_apks to sign a target_files package. The target_files package isn't built by default, you need to make sure to specify the "dist" target when you call make. For example:

    +
    +make -j4 PRODUCT-<product_name>-user dist
+
    +

    The command above creates a a file under out/dist called <product_name>-target_files.zip. This is the file you need to pass to the sign_target_files_apks script.

    +

    You would typically run the script like this:

    +
    +./build/tools/releasetools/sign_target_files_apks -d vendor/<vendor_name>/security/<product_name> <product_name>-target_files.zip signed-target-files.zip
+
    +

    If you have prebuilt and pre-signed apk's in your build that you don't want re-signed, you must explicitly ignore them by adding -e Foo.apk= to the command line for each apk you wish to ignore.

    +

    sign_target_files_apks also has many other options that could be useful for signing release builds. Run it with -h as the only option to see the full help.

    +

    Creating image files

    +

    Once you have signed-target-files.zip, create the images so you can put it onto a device with the command below:

    +
    +build/tools/releasetools/img_from_target_files signed-target-files.zip signed-img.zip
+
    +

    signed-img.zip contains all the .img files. You can use fastboot update signed-img.zip to use fastboot to get them on the device.

    diff --git a/pdk/docs/guide/telephony.jd b/pdk/docs/guide/telephony.jd index 38b8c3b67..647a33be5 100755 --- a/pdk/docs/guide/telephony.jd +++ b/pdk/docs/guide/telephony.jd @@ -45,7 +45,17 @@ Solid elements represent Android blocks and dashed elements represent partner-sp
  • RIL daemon calls RIL_register on the Android telephony stack, providing a reference to the Vendor RIL functions

    • See the RIL Daemon source code at //device/commands/rild/rild.c for details.

    +

    System Properties

    +

    The following RIL-related system properties are set by the RIL library:

    +

    +

    The following RIL_related system properties are available to the RIL library:

    +

    RIL Interaction