使用命令生成update.zip以及添加升级包检验签名功能

一般普通ota升级都是直接调用RecoverySystem.installPackage，让系统进入recovery，然后在recovery升级Android系统，但是存在一个缺点。如果他人使用非系统签名的update.zip升级包。也会使系统进入recovery模式。然后升级失败。死在recovery模式。所以每次升级之前要校验签名使用相同。
使用api接口是

RecoverySystem.verifyPackage

demo源码

public class MainActivity extends Activity {
    final public int CODE= 0x717;
    public static int n =1;
    private TextView txt;
    private Button Btn;
    private Button Btn2;
    private ProgressDialog pd;
    private boolean pptv = false;
    private Context context;
    private static final String TAG = "pptv";
    private static final String otaOsFile = "/storage/sdcard0/otasys.zip";
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {

        Log.e("DDY", "======================:");

    }
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        setTitle("我是MainActivity");
        Btn = (Button)findViewById(R.id.btn);
        Btn2 = (Button)findViewById(R.id.btn2);
        Btn2.setOnClickListener(new OnClickListener()
                {
                    @Override
                    public void onClick(View arg0) {
                        // TODO Auto-generated method stub
                        try{
                            RecoverySystem.verifyPackage(new File(otaOsFile), new ProgressListener() { 
                                @Override 
                                public void onProgress(int progress) {
                                Log.i(TAG, "progress = " + progress);
                                }
                            }, null);
                         RecoverySystem.installPackage(getApplicationContext(), new File(otaOsFile));
                        }catch (Exception  e) {
                            e.printStackTrace();
                        }
                        Log.e(TAG, "======================:");
                    }
                });

如何使用命令生成ota 升级包，大家一般都是使用make otapackage 自动生成ota包，使用签名是

java -Xmx2048m -jar out/host/linux-x86/framework/signapk.jar -w build/target/product/security/testkey.x509.pem build/target/product/security/testkey.pk8 /tmp/tmp0LVdX3 out/target/product/rk3288/rk3288-ota-eng.stonecom.zip

最近自己要测试非系统签名的升级包能否通过ecoverySystem.verifyPackage校验，自己使用的签名是shared key。

./build/tools/releasetools/ota_from_target_files -k build/target/product/security/shared  out/target/product/rk3288/obj/PACKAGING/target_files_intermediates/rk3288-target_files-eng.stonecom.zip  update.zip

运行之后报错

I/pptv    (31438): progress = 0
W/AudioTrack( 1760): AUDIO_OUTPUT_FLAG_FAST denied by client
D/AudioHardwareTiny(  172): start_output_stream
D/alsa_route(  172): route_info->sound_card 0, route_info->devices 0
D/alsa_route(  172): route_set_controls() set route 0
W/System.err(31438): java.security.SignatureException: signature doesn't match any trusted key
W/System.err(31438):    at android.os.RecoverySystem.verifyPackage(RecoverySystem.java:243)
W/System.err(31438):    at com.example.systemupdate.MainActivity$1.onClick(MainActivity.java:52)
W/System.err(31438):    at android.view.View.performClick(View.java:4809)
W/System.err(31438):    at android.view.View$PerformClick.run(View.java:20006)
W/System.err(31438):    at android.os.Handler.handleCallback(Handler.java:739)
W/System.err(31438):    at android.os.Handler.dispatchMessage(Handler.java:95)
W/System.err(31438):    at android.os.Looper.loop(Looper.java:135)
W/System.err(31438):    at android.app.ActivityThread.main(ActivityThread.java:5280)
W/System.err(31438):    at java.lang.reflect.Method.invoke(Native Method)
W/System.err(31438):    at java.lang.reflect.Method.invoke(Method.java:372)
W/System.err(31438):    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:963)
W/System.err(31438):    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:758)
E/pptv    (31438): ======================: