Android: Software Update
OTA Updates
Android devices in the field can receive and install over-the-air (OTA) updates to :
- the system
- application software
- time zone rules
A/B (Seamless) system updates
Modern Android devices have two copies of each partition (A and B) and can apply an update to the currently unused partition while the system is running but idle. Therefore, A/B system updates is as seamless updates.
Partition selection (slots)
A/B system updates use two sets of partitions referred to as slots (normally slot A and slot B).
Each slot has a bootable attribute that states whether the slot contains a correct system from which the device can boot.
The active slot is the one the bootloader will boot form on the next boot.
Signing Builds for Release
Android OS images use cryptographic signatures in two places:
- Each .apk file inside the image must be signed. A new version of an app must be signed with the same key as the old version.
- OTA update packages must be signed with one of the keys expected by the system
Different apps must be signed with the same key to share data.
All .apk files will be signed using the test-keys when the an Android OS image is built.
Therefore, any publicly released or deployed Android OS image must be signed with a special set of release-keys.
To generate your own unique set of release-keys, run:
subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
mkdir ~/.android-certs
for x in releasekey platform shared media; do \
./development/tools/make_key ~/.android-certs/$x "$subject"; \
done
To generate a release image,
- Signing apps
make dist
./build/tools/releasetools/sign_target_files_apks \
-o \ # explained in the next section
-d ~/.android-certs out/dist/*-target_files-*.zip \
signed-target_files.zip
./build/tools/releasetools/ota_from_target_files \
-k ~/.android-certs/releasekey \
signed-target_files.zip \
signed-ota_update.zip
留言