Merge "Make apex.key and certificate overridable." am: 6a328ff8ac am: 78939b2bc6

Original change: https://android-review.googlesource.com/c/platform/build/soong/+/1682218

Change-Id: I936a8e29719a14195e380c59911b231936854119
This commit is contained in:
Jaewoong Jung 2021-04-22 15:53:42 +00:00 committed by Automerger Merge Worker
commit e3f8cfe47e
3 changed files with 44 additions and 27 deletions

View File

@ -110,16 +110,6 @@ type apexBundleProperties struct {
// List of filesystem images that are embedded inside this APEX bundle.
Filesystems []string
// Name of the apex_key module that provides the private key to sign this APEX bundle.
Key *string
// Specifies the certificate and the private key to sign the zip container of this APEX. If
// this is "foo", foo.x509.pem and foo.pk8 under PRODUCT_DEFAULT_DEV_CERTIFICATE are used
// as the certificate and the private key, respectively. If this is ":module", then the
// certificate and the private key are provided from the android_app_certificate module
// named "module".
Certificate *string
// The minimum SDK version that this APEX must support at minimum. This is usually set to
// the SDK version that the APEX was first introduced.
Min_sdk_version *string
@ -299,6 +289,16 @@ type overridableProperties struct {
// A txt file containing list of files that are allowed to be included in this APEX.
Allowed_files *string `android:"path"`
// Name of the apex_key module that provides the private key to sign this APEX bundle.
Key *string
// Specifies the certificate and the private key to sign the zip container of this APEX. If
// this is "foo", foo.x509.pem and foo.pk8 under PRODUCT_DEFAULT_DEV_CERTIFICATE are used
// as the certificate and the private key, respectively. If this is ":module", then the
// certificate and the private key are provided from the android_app_certificate module
// named "module".
Certificate *string
}
type apexBundle struct {
@ -760,20 +760,6 @@ func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) {
}
}
// Dependencies for signing
if String(a.properties.Key) == "" {
ctx.PropertyErrorf("key", "missing")
return
}
ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
cert := android.SrcIsModule(a.getCertString(ctx))
if cert != "" {
ctx.AddDependency(ctx.Module(), certificateTag, cert)
// empty cert is not an error. Cert and private keys will be directly found under
// PRODUCT_DEFAULT_DEV_CERTIFICATE
}
// Marks that this APEX (in fact all the modules in it) has to be built with the given SDKs.
// This field currently isn't used.
// TODO(jiyong): consider dropping this feature
@ -797,6 +783,20 @@ func (a *apexBundle) OverridablePropertiesDepsMutator(ctx android.BottomUpMutato
commonVariation := ctx.Config().AndroidCommonTarget.Variations()
ctx.AddFarVariationDependencies(commonVariation, androidAppTag, a.overridableProperties.Apps...)
ctx.AddFarVariationDependencies(commonVariation, rroTag, a.overridableProperties.Rros...)
// Dependencies for signing
if String(a.overridableProperties.Key) == "" {
ctx.PropertyErrorf("key", "missing")
return
}
ctx.AddDependency(ctx.Module(), keyTag, String(a.overridableProperties.Key))
cert := android.SrcIsModule(a.getCertString(ctx))
if cert != "" {
ctx.AddDependency(ctx.Module(), certificateTag, cert)
// empty cert is not an error. Cert and private keys will be directly found under
// PRODUCT_DEFAULT_DEV_CERTIFICATE
}
}
type ApexBundleInfo struct {
@ -1292,7 +1292,7 @@ func (a *apexBundle) getCertString(ctx android.BaseModuleContext) string {
if overridden {
return ":" + certificate
}
return String(a.properties.Certificate)
return String(a.overridableProperties.Certificate)
}
// See the installable property
@ -1949,7 +1949,7 @@ func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
return false
})
if a.privateKeyFile == nil {
ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.properties.Key))
ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.overridableProperties.Key))
return
}

View File

@ -5599,6 +5599,8 @@ func TestOverrideApex(t *testing.T) {
overrides: ["unknownapex"],
logging_parent: "com.foo.bar",
package_name: "test.overridden.package",
key: "mynewapex.key",
certificate: ":myapex.certificate",
}
apex_key {
@ -5607,6 +5609,17 @@ func TestOverrideApex(t *testing.T) {
private_key: "testkey.pem",
}
apex_key {
name: "mynewapex.key",
public_key: "testkey2.avbpubkey",
private_key: "testkey2.pem",
}
android_app_certificate {
name: "myapex.certificate",
certificate: "testkey",
}
android_app {
name: "app",
srcs: ["foo/bar/MyClass.java"],
@ -5651,6 +5664,10 @@ func TestOverrideApex(t *testing.T) {
optFlags := apexRule.Args["opt_flags"]
ensureContains(t, optFlags, "--override_apk_package_name test.overridden.package")
ensureContains(t, optFlags, "--pubkey testkey2.avbpubkey")
signApkRule := module.Rule("signapk")
ensureEquals(t, signApkRule.Args["certificates"], "testkey.x509.pem testkey.pk8")
data := android.AndroidMkDataForTest(t, ctx, apexBundle)
var builder strings.Builder

View File

@ -871,7 +871,7 @@ func (a *apexBundle) getCertificateAndPrivateKey(ctx android.PathContext) (pem,
return a.containerCertificateFile, a.containerPrivateKeyFile
}
cert := String(a.properties.Certificate)
cert := String(a.overridableProperties.Certificate)
if cert == "" {
return ctx.Config().DefaultAppCertificate(ctx)
}