All you need is an android buildsystem (I would recommend you to use lineageos)
- Export your infos (replace examples with your infos)
subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/[email protected]'
C: Country shortform
ST: Country longform
L: Location (I used federal state)
O, OU, CN: Your Name
emailAddress: Your email
For example:
subject='/C=DE/ST=Germany/L=Berlin/O=Max Mustermann/OU=Max Mustermann/CN=Max Mustermann/[email protected]'
- Generate the keys
mkdir ~/.android-certs
for x in releasekey platform shared media networkstack testkey cyngn-priv-app bluetooth sdk_sandbox verifiedboot; do \
./development/tools/make_key ~/.android-certs/$x "$subject"; \
done
Note:
- cyngn-priv-app is only needed if building 14.1 and older.
- bluetooth, sdk_sandbox and verifiedboot are needed since Android 13.
- DO NOT set a password for the keys. If you do, you won't be able to use them for building!
- Create a vendor repo called vendor_extra
mkdir vendor/extra
- Move your keys to the vendor repo
mv ~/.android-certs vendor/extra/keys
- Create a makefile called product.mk and add the following line
echo "PRODUCT_DEFAULT_DEV_CERTIFICATE := vendor/extra/keys/releasekey" > vendor/extra/product.mk
Note: NEVER PUBLISH THIS VENDOR REPO, AS IT CONTAINS YOUR OWN SIGNATURE KEYS! IF YOU PUBLISH THEM, IT WILL HAVE THE SAME SECURITY RISKS AS BUILDING WITH TEST-KEYS!
- Most roms (for example LineageOS) automatically includes vendor/extra/product.mk. If your rom doesn't, add
-include vendor/extra/product.mkto your devicetree. - When everything worked fine, your builds should be signed with dev-keys.