Conversation

Replying to
It doesn't do anything close to the same thing. The release.sh script has nothing to do with building. It directly uses the official tools for generating signed releases to generate a release. Most of what the `make dist` target does is a complete waste of time.
1
Replying to and
The `make dist` target does NOT generate a signed, production release. It does a lot of useless stuff like packaging up the signing tools from the source tree and output and generating a strictly GPL compliance related userspace source tarball without anything non-mandatory.
1
Replying to and
For development, `make -j36` works well. For releases, `make -j36 target-files-package brillo_upload_payload` is the target. The target-files-package is the input format used by the post-build tools for generating releases. Generating signed releases isn't part of building.
1
Replying to and
Generating a signed target-files-package from the freshly built target-files-package is a post-build step. The signed target-files-package gets transformed into an image zip and a signed update package. The image zip and firmware are transformed into a factory images release.
1
Replying to and
The signed target-files-package need to be kept in archive for generating delta update packages. That's the same to generating a regular update, but with a source target-files-package passed as an extra argument. Updates are block-based so installs remain bit-for-bit identical.
1
Replying to
I was actually starting to look at how to use an PKCS11 card with openssl for signing using a yubikey. I also have a Trezor model T handy. Feel free to save me some work :). Thanks for all the detail. Much clearer now. The official android building docs are less than optimal.
1
Replying to
It's mandatory to have a single RSA or ECDSA signing key for verified boot because it's what devices implement. App signatures are part of the OS API and don't implement an m-of-n signing threshold. Signatures for update packages and payloads are the only part you could change.
2
Show replies