From 6068e8dd525dbb6f1441d8e433865d22262bb17e Mon Sep 17 00:00:00 2001 From: Nikita Ioffe Date: Tue, 12 Jan 2021 00:03:02 +0000 Subject: [PATCH] Refactor apex signing logic in preparation for compressed apexes Logic for signing compressed apex will be added in the follow-up cl. Test: python -m unittest test_sign_apex Bug: 172912232 Change-Id: I8dc1d334c17e11f9eed8fe0a575b6dfcf337ab5d --- tools/releasetools/apex_utils.py | 58 +++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 5 deletions(-) diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py index 6808f1530..c8a0dcc4d 100644 --- a/tools/releasetools/apex_utils.py +++ b/tools/releasetools/apex_utils.py @@ -300,13 +300,13 @@ def ParseApexPayloadInfo(avbtool, payload_path): return payload_info -def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, - apk_keys, codename_to_api_level_map, - no_hashtree, signing_args=None): - """Signs the current APEX with the given payload/container keys. +def SignUncompressedApex(avbtool, apex_data, payload_key, container_key, + container_pw, apk_keys, codename_to_api_level_map, + no_hashtree, signing_args=None): + """Signs the current uncompressed APEX with the given payload/container keys. Args: - apex_data: Raw APEX data. + apex_data: Raw uncompressed APEX data. payload_key: The path to payload signing key (w/ extension). container_key: The path to container signing key (w/o extension). container_pw: The matching password of the container_key, or None. @@ -380,3 +380,51 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, extra_signapk_args=extra_signapk_args) return signed_apex + + +def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, + apk_keys, codename_to_api_level_map, + no_hashtree, signing_args=None): + """Signs the current APEX with the given payload/container keys. + + Args: + apex_file: Path to apex file path. + payload_key: The path to payload signing key (w/ extension). + container_key: The path to container signing key (w/o extension). + container_pw: The matching password of the container_key, or None. + apk_keys: A dict that holds the signing keys for apk files. + codename_to_api_level_map: A dict that maps from codename to API level. + no_hashtree: Don't include hashtree in the signed APEX. + signing_args: Additional args to be passed to the payload signer. + + Returns: + The path to the signed APEX file. + """ + apex_file = common.MakeTempFile(prefix='apex-container-', suffix='.apex') + with open(apex_file, 'wb') as output_fp: + output_fp.write(apex_data) + + debugfs_path = os.path.join(OPTIONS.search_path, "bin", "debugfs_static") + cmd = ['deapexer', '--debugfs_path', debugfs_path, + 'info', '--print-type', apex_file] + + try: + apex_type = common.RunAndCheckOutput(cmd).strip() + if apex_type == 'UNCOMPRESSED': + return SignUncompressedApex( + avbtool, + apex_data, + payload_key=payload_key, + container_key=container_key, + container_pw=None, + codename_to_api_level_map=codename_to_api_level_map, + no_hashtree=no_hashtree, + apk_keys=apk_keys, + signing_args=signing_args) + else: + # TODO(b/172912232): support signing compressed apex + raise ApexInfoError('Unsupported apex type {}'.format(apex_type)) + + except common.ExternalError as e: + raise ApexInfoError( + 'Failed to get type for {}:\n{}'.format(apex_file))