Signing CalyxOS builds
CalyxOS is built on a dedicated server and then signed separately. It can be signed on the same machine, but it has to be in a different directory.
- You need to have a build environment setup first, and a build of CalyxOS.
- Choose ‘user’ when running
- For signing, you want to build a ‘target-files-package’ using
- You’ll also want to build the tools needed for signing and key creation,
m otatools-package otatools-key-package
to a separate folder for signing.
if you need to create the keys used to sign the OS.
If you’re signing CalyxOS for the first time, you will need to create the necessary keys.
You should unzip the ‘otatools-keys.zip’ from the above step, preferably on an offline machine.
./vendor/calyx/scripts/mkkeys.shto generate the keys needed for all devices. Do not set a password as the signing scripts do not support that currently.
If you’re building for the Mi A2 /
jasmine_sprout, you should copy
kernel/xiaomi/jasmine_sprout/certs/ in the CalyxOS source code and then rebuild.
./vendor/calyx/scripts/mkcommonkeys.shto create some common keys used to sign apps. These will not be used by default, they are used to sign certain apps put into the OS such as Trichrome (Chromium) and F-Droid.
This assumes you’ve generated the keys as mentioned above.
In a folder, you should have ‘otatools.zip’, the ‘calyx_device-target-files.zip’, and ‘keys’. ‘keys’ can be a symlink.
Sign the build
This will sign the build, and create ota update zips and factory images.
Generate incremental OTAs
If you have an older build, you should symlink that to ‘archive’, and then you can generate an incremental OTA using:
Generate metadata for the update server