Android 14 QPR2's update_engine uses /system/etc/security/cacerts
Closed this issue · 0 comments
chenxiaolong commented
Android 14 QPR2 includes https://android.googlesource.com/platform/system/update_engine/+/03c7be5f6096f19784af13d275f4f13f88fd4dd0%5E%21/, which makes update_engine
use the standard system CA certificate trust store.
I'm planning to drop our current support for self-signed certificates. There's no longer a way to add a custom CA certificate just for update_engine
and Custota should not modify /system/etc/security/cacerts
since that will impact the entire system.
Users who need self-signed certificates can flash their own Magisk module that explicitly adds their certificate to /system/etc/security/cacerts
. I'll add a new subcommand to custota-tool for generating such a module.