diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 08c87481d..e758debd1 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -145,7 +145,7 @@ def UnzipTemp(filename):
 
   tmp = tempfile.mkdtemp(prefix="targetfiles-")
   OPTIONS.tempfiles.append(tmp)
-  p = Run(["unzip", "-q", filename, "-d", tmp], stdout=subprocess.PIPE)
+  p = Run(["unzip", "-o", "-q", filename, "-d", tmp], stdout=subprocess.PIPE)
   p.communicate()
   if p.returncode != 0:
     raise ExternalError("failed to unzip input target-files \"%s\"" %
diff --git a/tools/releasetools/sign_target_files_apks b/tools/releasetools/sign_target_files_apks
index 5153398e1..961e643c9 100755
--- a/tools/releasetools/sign_target_files_apks
+++ b/tools/releasetools/sign_target_files_apks
@@ -268,8 +268,13 @@ def ReplaceOtaKeys(input_tf_zip, output_tf_zip):
     k = m.group(1)
     mapped_keys.append(OPTIONS.key_map.get(k, k) + ".x509.pem")
 
-  print "using:\n   ", "\n   ".join(mapped_keys)
-  print "for OTA package verification"
+  if mapped_keys:
+    print "using:\n   ", "\n   ".join(mapped_keys)
+    print "for OTA package verification"
+  else:
+    mapped_keys.append(
+        OPTIONS.key_map["build/target/product/security/testkey"] + ".x509.pem")
+    print "META/otakeys.txt has no keys; using", mapped_keys[0]
 
   # recovery uses a version of the key that has been slightly
   # predigested (by DumpPublicKey.java) and put in res/keys.