Merge "Recovery now expects public keys in zipfile" am: bfc7d43c00 am: 9008b2c7df
am: 10c9282e07
Change-Id: I7954d85378ff4616c1127dfe2b3e82b0d69b4e5e
diff --git a/install.cpp b/install.cpp
index e379ef3..42d2641 100644
--- a/install.cpp
+++ b/install.cpp
@@ -695,18 +695,18 @@
}
bool verify_package(const unsigned char* package_data, size_t package_size) {
- static constexpr const char* PUBLIC_KEYS_FILE = "/res/keys";
- std::vector<Certificate> loadedKeys;
- if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
+ static constexpr const char* CERTIFICATE_ZIP_FILE = "/system/etc/security/otacerts.zip";
+ std::vector<Certificate> loaded_keys = LoadKeysFromZipfile(CERTIFICATE_ZIP_FILE);
+ if (loaded_keys.empty()) {
LOG(ERROR) << "Failed to load keys";
return false;
}
- LOG(INFO) << loadedKeys.size() << " key(s) loaded from " << PUBLIC_KEYS_FILE;
+ LOG(INFO) << loaded_keys.size() << " key(s) loaded from " << CERTIFICATE_ZIP_FILE;
// Verify package.
ui->Print("Verifying update package...\n");
auto t0 = std::chrono::system_clock::now();
- int err = verify_file(package_data, package_size, loadedKeys,
+ int err = verify_file(package_data, package_size, loaded_keys,
std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);