| Signs all the APK files in a target-files zipfile, producing a new |
| target-files zip. |
| |
| Usage: sign_target_files_apks [flags] input_target_files output_target_files |
| |
| -e (--extra_apks) <name,name,...=key> |
| Add extra APK/APEX name/key pairs as though they appeared in apkcerts.txt |
| or apexkeys.txt (so mappings specified by -k and -d are applied). Keys |
| specified in -e override any value for that app contained in the |
| apkcerts.txt file, or the container key for an APEX. Option may be |
| repeated to give multiple extra packages. |
| |
| --extra_apex_payload_key <name=key> |
| Add a mapping for APEX package name to payload signing key, which will |
| override the default payload signing key in apexkeys.txt. Note that the |
| container key should be overridden via the `--extra_apks` flag above. |
| Option may be repeated for multiple APEXes. |
| |
| --skip_apks_with_path_prefix <prefix> |
| Skip signing an APK if it has the matching prefix in its path. The prefix |
| should be matching the entry name, which has partition names in upper |
| case, e.g. "VENDOR/app/", or "SYSTEM_OTHER/preloads/". Option may be |
| repeated to give multiple prefixes. |
| |
| -k (--key_mapping) <src_key=dest_key> |
| Add a mapping from the key name as specified in apkcerts.txt (the |
| src_key) to the real key you wish to sign the package with |
| (dest_key). Option may be repeated to give multiple key |
| mappings. |
| |
| -d (--default_key_mappings) <dir> |
| Set up the following key mappings: |
| |
| $devkey/devkey ==> $dir/releasekey |
| $devkey/testkey ==> $dir/releasekey |
| $devkey/media ==> $dir/media |
| $devkey/shared ==> $dir/shared |
| $devkey/platform ==> $dir/platform |
| |
| where $devkey is the directory part of the value of |
| default_system_dev_certificate from the input target-files's |
| META/misc_info.txt. (Defaulting to "build/make/target/product/security" |
| if the value is not present in misc_info. |
| |
| -d and -k options are added to the set of mappings in the order |
| in which they appear on the command line. |
| |
| -o (--replace_ota_keys) |
| Replace the certificate (public key) used by OTA package verification |
| with the ones specified in the input target_files zip (in the |
| META/otakeys.txt file). Key remapping (-k and -d) is performed on the |
| keys. For A/B devices, the payload verification key will be replaced |
| as well. If there're multiple OTA keys, only the first one will be used |
| for payload verification. |
| |
| -t (--tag_changes) <+tag>,<-tag>,... |
| Comma-separated list of changes to make to the set of tags (in |
| the last component of the build fingerprint). Prefix each with |
| '+' or '-' to indicate whether that tag should be added or |
| removed. Changes are processed in the order they appear. |
| Default value is "-test-keys,-dev-keys,+release-keys". |
| |
| --replace_verity_private_key <key> |
| Replace the private key used for verity signing. It expects a filename |
| WITHOUT the extension (e.g. verity_key). |
| |
| --replace_verity_public_key <key> |
| Replace the certificate (public key) used for verity verification. The |
| key file replaces the one at BOOT/RAMDISK/verity_key (or ROOT/verity_key |
| for devices using system_root_image). It expects the key filename WITH |
| the extension (e.g. verity_key.pub). |
| |
| --replace_verity_keyid <path_to_X509_PEM_cert_file> |
| Replace the veritykeyid in BOOT/cmdline of input_target_file_zip |
| with keyid of the cert pointed by <path_to_X509_PEM_cert_file>. |
| |
| --remove_avb_public_keys <key1>,<key2>,... |
| Remove AVB public keys from the first-stage ramdisk. The key file to |
| remove is located at either of the following dirs: |
| - BOOT/RAMDISK/avb/ or |
| - BOOT/RAMDISK/first_stage_ramdisk/avb/ |
| The second dir will be used for lookup if BOARD_USES_RECOVERY_AS_BOOT is |
| set to true. |
| |
| --avb_{boot,init_boot,recovery,system,system_other,vendor,dtbo,vbmeta, |
| vbmeta_system,vbmeta_vendor}_algorithm <algorithm> |
| --avb_{boot,init_boot,recovery,system,system_other,vendor,dtbo,vbmeta, |
| vbmeta_system,vbmeta_vendor}_key <key> |
| Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign |
| the specified image. Otherwise it uses the existing values in info dict. |
| |
| --avb_{apex,init_boot,boot,recovery,system,system_other,vendor,dtbo,vbmeta, |
| vbmeta_system,vbmeta_vendor}_extra_args <args> |
| Specify any additional args that are needed to AVB-sign the image |
| (e.g. "--signing_helper /path/to/helper"). The args will be appended to |
| the existing ones in info dict. |
| |
| --avb_extra_custom_image_key <partition=key> |
| --avb_extra_custom_image_algorithm <partition=algorithm> |
| Use the specified algorithm (e.g. SHA256_RSA4096) and the key to AVB-sign |
| the specified custom images mounted on the partition. Otherwise it uses |
| the existing values in info dict. |
| |
| --avb_extra_custom_image_extra_args <partition=extra_args> |
| Specify any additional args that are needed to AVB-sign the custom images |
| mounted on the partition (e.g. "--signing_helper /path/to/helper"). The |
| args will be appended to the existing ones in info dict. |
| |
| --gki_signing_algorithm <algorithm> |
| --gki_signing_key <key> |
| Use the specified algorithm (e.g. SHA256_RSA4096) and the key to generate |
| 'boot signature' in a v4 boot.img. Otherwise it uses the existing values |
| in info dict. |
| |
| --gki_signing_extra_args <args> |
| Specify any additional args that are needed to generate 'boot signature' |
| (e.g. --prop foo:bar). The args will be appended to the existing ones |
| in info dict. |
| |
| --android_jar_path <path> |
| Path to the android.jar to repack the apex file. |
| |
| --allow_gsi_debug_sepolicy |
| Allow the existence of the file 'userdebug_plat_sepolicy.cil' under |
| (/system/system_ext|/system_ext)/etc/selinux. |
| If not set, error out when the file exists. |
| Global options |
| |
| -p (--path) <dir> |
| Prepend <dir>/bin to the list of places to search for binaries run by this |
| script, and expect to find jars in <dir>/framework. |
| |
| -s (--device_specific) <file> |
| Path to the Python module containing device-specific releasetools code. |
| |
| -x (--extra) <key=value> |
| Add a key/value pair to the 'extras' dict, which device-specific extension |
| code may look at. |
| |
| -v (--verbose) |
| Show command lines being executed. |
| |
| -h (--help) |
| Display this usage message and exit. |
| |
| --logfile <file> |
| Put verbose logs to specified file (regardless of --verbose option.) |
| |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
2024-01-10 Python Flask Config配置文件、类配置 及 安全
2024-01-10 生活常识-食疗食养
2024-01-10 生活常识-物品辩真假
2024-01-10 生活常识-身体穴位
2024-01-10 生活常识-食物治病
2024-01-10 生活常识-居家小妙招
2024-01-10 生活常识-食物作用