From 4cfdf7de260ce376d0f451b9a07f598aa5470581 Mon Sep 17 00:00:00 2001 From: Jaewoong Jung Date: Tue, 20 Apr 2021 16:21:24 -0700 Subject: [PATCH] Make apex.key and certificate overridable. Test: apex_test.go Fixes: 185477325 Change-Id: I8992ac5606fa92f53f07e6870a034f2d3352e618 --- apex/apex.go | 52 +++++++++++++++++++++++------------------------ apex/apex_test.go | 17 ++++++++++++++++ apex/builder.go | 2 +- 3 files changed, 44 insertions(+), 27 deletions(-) diff --git a/apex/apex.go b/apex/apex.go index f5e6fa944..39a498bdc 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -116,16 +116,6 @@ type apexBundleProperties struct { // List of filesystem images that are embedded inside this APEX bundle. Filesystems []string - // Name of the apex_key module that provides the private key to sign this APEX bundle. - Key *string - - // Specifies the certificate and the private key to sign the zip container of this APEX. If - // this is "foo", foo.x509.pem and foo.pk8 under PRODUCT_DEFAULT_DEV_CERTIFICATE are used - // as the certificate and the private key, respectively. If this is ":module", then the - // certificate and the private key are provided from the android_app_certificate module - // named "module". - Certificate *string - // The minimum SDK version that this APEX must support at minimum. This is usually set to // the SDK version that the APEX was first introduced. Min_sdk_version *string @@ -305,6 +295,16 @@ type overridableProperties struct { // A txt file containing list of files that are allowed to be included in this APEX. Allowed_files *string `android:"path"` + + // Name of the apex_key module that provides the private key to sign this APEX bundle. + Key *string + + // Specifies the certificate and the private key to sign the zip container of this APEX. If + // this is "foo", foo.x509.pem and foo.pk8 under PRODUCT_DEFAULT_DEV_CERTIFICATE are used + // as the certificate and the private key, respectively. If this is ":module", then the + // certificate and the private key are provided from the android_app_certificate module + // named "module". + Certificate *string } type apexBundle struct { @@ -767,20 +767,6 @@ func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) { } } - // Dependencies for signing - if String(a.properties.Key) == "" { - ctx.PropertyErrorf("key", "missing") - return - } - ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key)) - - cert := android.SrcIsModule(a.getCertString(ctx)) - if cert != "" { - ctx.AddDependency(ctx.Module(), certificateTag, cert) - // empty cert is not an error. Cert and private keys will be directly found under - // PRODUCT_DEFAULT_DEV_CERTIFICATE - } - // Marks that this APEX (in fact all the modules in it) has to be built with the given SDKs. // This field currently isn't used. // TODO(jiyong): consider dropping this feature @@ -804,6 +790,20 @@ func (a *apexBundle) OverridablePropertiesDepsMutator(ctx android.BottomUpMutato commonVariation := ctx.Config().AndroidCommonTarget.Variations() ctx.AddFarVariationDependencies(commonVariation, androidAppTag, a.overridableProperties.Apps...) ctx.AddFarVariationDependencies(commonVariation, rroTag, a.overridableProperties.Rros...) + + // Dependencies for signing + if String(a.overridableProperties.Key) == "" { + ctx.PropertyErrorf("key", "missing") + return + } + ctx.AddDependency(ctx.Module(), keyTag, String(a.overridableProperties.Key)) + + cert := android.SrcIsModule(a.getCertString(ctx)) + if cert != "" { + ctx.AddDependency(ctx.Module(), certificateTag, cert) + // empty cert is not an error. Cert and private keys will be directly found under + // PRODUCT_DEFAULT_DEV_CERTIFICATE + } } type ApexBundleInfo struct { @@ -1299,7 +1299,7 @@ func (a *apexBundle) getCertString(ctx android.BaseModuleContext) string { if overridden { return ":" + certificate } - return String(a.properties.Certificate) + return String(a.overridableProperties.Certificate) } // See the installable property @@ -1956,7 +1956,7 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) { return false }) if a.privateKeyFile == nil { - ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.properties.Key)) + ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.overridableProperties.Key)) return } diff --git a/apex/apex_test.go b/apex/apex_test.go index 977a9544c..a7ae6f02b 100644 --- a/apex/apex_test.go +++ b/apex/apex_test.go @@ -5599,6 +5599,8 @@ func TestOverrideApex(t *testing.T) { overrides: ["unknownapex"], logging_parent: "com.foo.bar", package_name: "test.overridden.package", + key: "mynewapex.key", + certificate: ":myapex.certificate", } apex_key { @@ -5607,6 +5609,17 @@ func TestOverrideApex(t *testing.T) { private_key: "testkey.pem", } + apex_key { + name: "mynewapex.key", + public_key: "testkey2.avbpubkey", + private_key: "testkey2.pem", + } + + android_app_certificate { + name: "myapex.certificate", + certificate: "testkey", + } + android_app { name: "app", srcs: ["foo/bar/MyClass.java"], @@ -5651,6 +5664,10 @@ func TestOverrideApex(t *testing.T) { optFlags := apexRule.Args["opt_flags"] ensureContains(t, optFlags, "--override_apk_package_name test.overridden.package") + ensureContains(t, optFlags, "--pubkey testkey2.avbpubkey") + + signApkRule := module.Rule("signapk") + ensureEquals(t, signApkRule.Args["certificates"], "testkey.x509.pem testkey.pk8") data := android.AndroidMkDataForTest(t, ctx, apexBundle) var builder strings.Builder diff --git a/apex/builder.go b/apex/builder.go index e59dc96e3..41f1cc791 100644 --- a/apex/builder.go +++ b/apex/builder.go @@ -872,7 +872,7 @@ func (a *apexBundle) getCertificateAndPrivateKey(ctx android.PathContext) (pem, return a.containerCertificateFile, a.containerPrivateKeyFile } - cert := String(a.properties.Certificate) + cert := String(a.overridableProperties.Certificate) if cert == "" { return ctx.Config().DefaultAppCertificate(ctx) }