ota: Validate any installed data's signature against our own Try to prevent incompatible-signature system quirkiness Change-Id: I73402d963a1b57ad0ee3c68ced4f2d7f074f927f

commit: aff5e54c4ef5fec7e67e830f83ee64424005d07c [log] [tgz]
author: Ricardo Cerqueira <cyanogenmod@cerqueira.org> Fri May 09 22:24:12 2014 +0100
committer: Brint E. Kriebel <bekit@cyngn.com> Thu Jul 10 17:03:51 2014 +0000
tree: f6e08b62d90c37b2739bd46774d1c132a5919566
parent: 1df415bba20199de48e36fbe04f03c8fb9140b0e [diff]
diff --git a/prebuilt/common/bin/otasigcheck.sh b/prebuilt/common/bin/otasigcheck.sh
new file mode 100644
index 0000000..49def3c
--- /dev/null
+++ b/prebuilt/common/bin/otasigcheck.sh

@@ -0,0 +1,18 @@
+#!/sbin/sh
+
+# Validate that the incoming OTA is compatible with an already-installed
+# system
+
+if [ -f /data/system/packages.xml -a -f /tmp/releasekey ]; then
+  relCert=$(grep -A3 'package name="com.android.providers.calendar"' /data/system/packages.xml  | grep "cert index" | head -n 1 | sed -e 's|.*"\([[:digit:]]\)".*|\1|g')
+
+  grep "cert index=\"$relCert\"" /data/system/packages.xml | grep -q `cat /tmp/releasekey`
+  if [ $? -ne 0 ]; then
+     echo "You have an installed system that isn't signed with this build's key, aborting..."
+     # Edify doesn't abort on non-zero executions, so let's trash the key and use sha1sum instead
+     echo "INVALID" > /tmp/releasekey
+     exit 1
+  fi
+fi
+
+exit 0
commit	aff5e54c4ef5fec7e67e830f83ee64424005d07c	[log] [tgz]
author	Ricardo Cerqueira <cyanogenmod@cerqueira.org>	Fri May 09 22:24:12 2014 +0100
committer	Brint E. Kriebel <bekit@cyngn.com>	Thu Jul 10 17:03:51 2014 +0000
tree	f6e08b62d90c37b2739bd46774d1c132a5919566
parent	1df415bba20199de48e36fbe04f03c8fb9140b0e [diff]