Recovery now expects public keys in zipfile

This is in line with the build system change which copies the recovery ota install keys to a zipfile. And now recovery will parses and loads the public keys from /res/otacerts.zip. The legacy load_keys functions will be removed in later cls. Bug: 116655889 Test: sideload an ota package Change-Id: I95e91736ca9964df06d74aa292d672e2f9e442e8
2018-10-19 15:52:17 -07:00
parent 24ead5672b
commit e1d02fb9ff
1 changed files with 5 additions and 5 deletions
--- a/install.cpp
+++ b/install.cpp
@@ -695,18 +695,18 @@ int install_package(const std::string& path, bool* wipe_cache, bool needs_mount,
 }

 bool verify_package(const unsigned char* package_data, size_t package_size) {
-  static constexpr const char* PUBLIC_KEYS_FILE = "/res/keys";
-  std::vector<Certificate> loadedKeys;
-  if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
+  static constexpr const char* CERTIFICATE_ZIP_FILE = "/system/etc/security/otacerts.zip";
+  std::vector<Certificate> loaded_keys = LoadKeysFromZipfile(CERTIFICATE_ZIP_FILE);
+  if (loaded_keys.empty()) {
    LOG(ERROR) << "Failed to load keys";
    return false;
  }
-  LOG(INFO) << loadedKeys.size() << " key(s) loaded from " << PUBLIC_KEYS_FILE;
+  LOG(INFO) << loaded_keys.size() << " key(s) loaded from " << CERTIFICATE_ZIP_FILE;

  // Verify package.
  ui->Print("Verifying update package...\n");
  auto t0 = std::chrono::system_clock::now();
-  int err = verify_file(package_data, package_size, loadedKeys,
+  int err = verify_file(package_data, package_size, loaded_keys,
                        std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
  std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
  ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);