1. Generate an encrypted key file
To sign the Android system, four types of key files need to be generated.
A) release key
B) media
C) sharing
D) platform
Let's take releasekey as an example to briefly introduce the generation process.
1) enter the /android_src/development/tools directory.
/development/tool $ ls
apk check etc 1 tool hosttestlib jdwpspy makedict mkstubs
axl find unused idegen line _ endings make _ key monkey runner zoneinfo
2) Use the make_key tool to generate the signature file.
Development/tool $ shmake _ keyreleasekey'/c = cn/st = jiangsu/l = Nanjing/o = company/ou = department/cn = yourname/emailaddress = your-mailaddress'
Enter the password of "releasekey" (blank means none; Password will be visible): mypassword <-Set your password.
Create platform.pk8 with the password [My Password].
Generate RSA private key, 2048-bit long modulus.
...............+++
........................................................+++
E is 3 (0x3)
Here, by the way, introduce the parameters of make_key. The first parameter is the name of the generated key, and the second parameter is information about your company.
The name of key is easy to understand, which is the four types of keys mentioned above. There are many parameters in company information, and their meanings are as follows:
c->; Country name (2-letter code)
ST->; State or province name (full name)
l-& gt; Name of place (for example, city)
o-& gt; Organization name (such as company)
Ou-> Name of organizational unit (for example, department)
CN-& gt; Common names (for example, your name or the host name of the server)
Email address-> Contact e-mail address
This generates a set of releasekey, and the other three types of keys are also generated in the same way.
The generated results are as follows:
/development/tool $ ls
makedict media . pk8 MK stubs platform . pk8 release key . pk8 shared . pk8
make _ key media . x509 . PEM platform . x509 . PEM release key . x509 . PEM shared . x509 . PEM
*.pk8 is the generated private key and * .x509.pem is the public key, which appear in pairs when generated.
2. Copy the pk8 and x509.pem files to the vendor /modul/security/product _ modul directory.
/Android _ src/vendor/Modul/security/product _ Modul $ CP../../../../development/tools/*.pk8。 /
/Android _ src/vendor/Modul/security/product _ Modul $ CP../../../../development/tools/*pem。 /
Although this article is not necessary, it is better to do so. Due to this project, products and product modules were replaced by MODM and MODM products.
3. Go back to the root directory android_src
/Android _ src/vendor/Modul/security/product _ Modul $ CD../../../../
Everyone must think that this step is redundant after reading it, and there is no need to mention it separately. But it turns out that it is necessary to mention this step, because the operation of the fifth step must be carried out in the root directory, otherwise it will make mistakes. I have suffered a lot at this point.
4. Compile the system
/Android _ src $ make-J4 product-product _ module-user distribution
Why is this different from the usual establishment? There are also two parameters, PRODUCT-product_modul-user and dist. After compilation, a zip file starting with product _ module-target _ files will be generated in the /android_src/dist/ directory. This is the file system that we need to sign.
Step 5 start signing
android_src$。 /build/tools/release tools/sign _ target _ files _ apks-d vendor/Modul/security/product _ Modul/out/dist/product _ Modul-target _ files . zip out/dist/signed _ target _ files . zip
Error: No key specified for:
CalendarWidget.apk
Contacts_yellowpage.apk
SnsAppMain.apk
fbandroid- 1.5.0.apk
AnalogClockWidget.apk
MessageWidget.apk
NewsWidget.apk
The above means to use the sign_target_files_apks tool to sign the product _ module-target _ files.zip file with the key under vendor/module/security/product _ module/,and put the signature result into out/dist/signed _ target _ files.zip. 。
Judging from the above signature results, the signature is not successful, because some apk programs have been signed or the corresponding keys cannot be found. This is not difficult for us. We can set the filter and not sign the above program. The method is as follows:
Use parameter "-e"
android_src$。 /build/tools/release tools/sign _ target _ files _ apks-d vendor/Modul/security/product _ Modul/ -e calendar widget . apk =-e Contacts _ yellow page . apk =-e snsapmain . apk =-e FB Android- 1 . 5 . 0 . apk =-e analogclockwidget . apk =-e message wid get . apk =-e news widget . apk = out/dist/product _ Modul-target _ files . zip out/dist/dist
Enter the password of the vendor/modul/security/product _ modul//media key>& lt- Enter the password.
Enter the password of the vendor/modul/security/product _ modul//platform key>& lt- enter the password.
Enter vendor/modul/security/product _ modul//releasekeykey > The password of. & lt- enter the password
Enter the password of the vendor/modul/security/product _ modul//shared key>& lt- Enter the password.
Overwriting RECOVERY/RAMDISK/default.prop:
Replace: ro.build.tags=test-keys
With:ro. build. tags = release key.
Unsigned: CalendarWidget.apk
Unsigned: Contacts_yellowpage.apk
Signature: Mms.apk
Signature: SoundRecorder.apk
Signature: AccountAndSyncSettings.apk
Signature: Camera.apk
.......................................................................
Rewrite SYSTEM/build.prop:
Replace: ro.build.tags=test-keys
With:ro. build. tags = release key.
Replace: ro.build.description= test-keys
Use: ro.build.description = release-keys
Replace with: ro.build.fingerprint= ...........................
with: ro.build.fingerprint= .............................
Signature: framework-res.apk
It's done.
This completes the signature work of android system.
6. Generate an image file
android_src$。 /build/tools/release tools/img _ from _ target _ file out/dist/signed-target-files . zip out/dist/signed-img . zip
Creating boot.img ...
Create recovery.img ...
Creating system.img ...
Creating userdata.img ...
clear ...
It's done.
Use img_from_target_files tool to generate signed-img.zip files, including boot.img, userdate.img, system.img files, etc.
7. Download the signed-img.zip file through fastboot.
Quick Start Update Signature -img.zip
You can download the signed system files to your mobile phone through fastboot.