update signing / delta examples
This commit is contained in:
parent
417dc08dcb
commit
6e719f3f52
@ -527,9 +527,9 @@ vendor/adevtool/bin/run ota-firmware vendor/adevtool/config/DEVICE.yml -f vendor
|
||||
|
||||
<pre>source script/envsetup.sh</pre>
|
||||
|
||||
<p>Select the desired build target (<code>redfin</code> is the Pixel 5):</p>
|
||||
<p>Select the desired build target (<code>raven</code> is the Pixel 6 Pro):</p>
|
||||
|
||||
<pre>choosecombo release redfin user</pre>
|
||||
<pre>choosecombo release raven user</pre>
|
||||
|
||||
<p>For a development build, you may want to replace <code>user</code> with
|
||||
<code>userdebug</code> in order to have better debugging support. Production builds
|
||||
@ -645,11 +645,11 @@ vendor/adevtool/bin/run ota-firmware vendor/adevtool/config/DEVICE.yml -f vendor
|
||||
<p>The encryption passphrase for all the keys generated for a device needs to
|
||||
match for compatibility with the GrapheneOS scripts.</p>
|
||||
|
||||
<p>To generate keys for redfin (you should use unique keys per device
|
||||
<p>To generate keys for raven (you should use unique keys per device
|
||||
variant):</p>
|
||||
|
||||
<pre>mkdir -p keys/redfin
|
||||
cd keys/redfin
|
||||
<pre>mkdir -p keys/raven
|
||||
cd keys/raven
|
||||
../../development/tools/make_key releasekey '/CN=GrapheneOS/'
|
||||
../../development/tools/make_key platform '/CN=GrapheneOS/'
|
||||
../../development/tools/make_key shared '/CN=GrapheneOS/'
|
||||
@ -664,7 +664,7 @@ cd ../..</pre>
|
||||
|
||||
<p>Generate a signify key for signing factory images:</p>
|
||||
|
||||
<pre>signify -G -n -p keys/redfin/factory.pub -s keys/redfin/factory.sec</pre>
|
||||
<pre>signify -G -n -p keys/raven/factory.pub -s keys/raven/factory.sec</pre>
|
||||
|
||||
<p>Remove the <code>-n</code> switch to set a passphrase. The <code>signify</code>
|
||||
tool doesn't provide a way to change the passphrase without generating a new key, so
|
||||
@ -679,7 +679,7 @@ cd ../..</pre>
|
||||
<p>You can (re-)encrypt your signing keys using the <code>encrypt_keys</code> script,
|
||||
which will prompt for the old passphrase (if any) and new passphrase:</p>
|
||||
|
||||
<pre>script/encrypt_keys.sh keys/redfin</pre>
|
||||
<pre>script/encrypt_keys.sh keys/raven</pre>
|
||||
|
||||
<p>The <code>script/decrypt_keys.sh</code> script can be used to remove encryption,
|
||||
which is not recommended. The script exists primarily for internal usage to decrypt
|
||||
@ -723,10 +723,10 @@ cd ../..</pre>
|
||||
|
||||
<p>Generate a signed release build with the release.sh script:</p>
|
||||
|
||||
<pre>script/release.sh redfin</pre>
|
||||
<pre>script/release.sh raven</pre>
|
||||
|
||||
<p>The factory images and update package will be in
|
||||
<code>out/release-redfin-$BUILD_NUMBER</code>. The update zip performs a full OS
|
||||
<code>out/release-raven-$BUILD_NUMBER</code>. The update zip performs a full OS
|
||||
installation so it can be used to update from any previous version. More efficient
|
||||
incremental updates are used for official over-the-air GrapheneOS updates and can be
|
||||
generated by keeping around past signed <code>target_files</code> zips and generating
|
||||
@ -769,34 +769,16 @@ cd ../..</pre>
|
||||
delta updates by passing the device, source version build number and target version
|
||||
build number. For example:</p>
|
||||
|
||||
<pre>script/generate_delta.sh redfin 2021102503 2021102613</pre>
|
||||
<pre>script/generate_delta.sh raven 2021102503 2021102613</pre>
|
||||
|
||||
<p>The script assumes that the releases are organized in the following directory
|
||||
structure:</p>
|
||||
|
||||
<pre>releases
|
||||
├── 2021102503
|
||||
│ └── release-redfin-2021102503
|
||||
│ ├── otatools
|
||||
│ ├── redfin-beta
|
||||
│ ├── redfin-factory-2021102503.zip
|
||||
│ ├── redfin-factory-2021102503.zip.sig
|
||||
│ ├── redfin-img-2021102503.zip
|
||||
│ ├── redfin-ota_update-2021102503.zip
|
||||
│ ├── redfin-stable
|
||||
│ ├── redfin-target_files-2021102503.zip
|
||||
│ └── redfin-testing
|
||||
└── 2021102613
|
||||
└── release-redfin-2021102613
|
||||
├── otatools
|
||||
├── redfin-beta
|
||||
├── redfin-factory-2021102613.zip
|
||||
├── redfin-factory-2021102613.zip.sig
|
||||
├── redfin-img-2021102613.zip
|
||||
├── redfin-ota_update-2021102613.zip
|
||||
├── redfin-stable
|
||||
├── redfin-target_files-2021102613.zip
|
||||
└── redfin-testing</pre>
|
||||
├── 2022050700
|
||||
│ └── release-raven-2022050700
|
||||
└── 2022050800
|
||||
└── release-raven-2022050800</pre>
|
||||
|
||||
<p>Incremental updates are uploaded alongside the update packages and update metadata
|
||||
on the static web server used as an update server. The update client will
|
||||
|
Loading…
x
Reference in New Issue
Block a user