From d540be251ed96b5bacc25d3ff909ddec959c2bb4 Mon Sep 17 00:00:00 2001 From: inthewaves Date: Tue, 6 Oct 2020 16:18:10 -0700 Subject: [PATCH] move Vanadium key generation to before cert digest step --- static/build.html | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/static/build.html b/static/build.html index 996d9590..f915f45e 100644 --- a/static/build.html +++ b/static/build.html @@ -759,6 +759,14 @@ git checkout $CORRECT_BRANCH_OR_TAG value):

gclient sync -D --with_branch_heads -r $VERSION --jobs 32
+ +

Generate a signing key for Vanadium if this is the initial build:

+ + 
keytool -genkey -v -keystore vanadium.keystore -storetype pkcs12 -alias vanadium -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -validity 10000 -dname "cn=GrapheneOS"
+ +

You will be prompted to enter a password which will be requested by the + generate_release.sh script for signing releases. You should back up + the generated keystore with your other keys.

Apply the GrapheneOS patches on top of the tagged release:

@@ -783,15 +791,6 @@ git am --whitespace=nowarn ../patches/*.patch 
ninja -C out/Default/ trichrome_webview_64_32_apk trichrome_chrome_64_32_bundle trichrome_library_64_32_apk
-

Generate a signing key for Vanadium if this is the initial build:

- - 
cd ..
-keytool -genkey -v -keystore vanadium.keystore -storetype pkcs12 -alias vanadium -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -validity 10000 -dname "cn=GrapheneOS"
-cd src
- -

You will be prompted to enter a password which will be requested by the script for - signing releases. You should back up the generated keystore with your other keys.

-

Generate TrichromeChrome.apk from the bundle and sign the apks:

../generate_release.sh