Previously, when there is apex_set that is overriding another module,
the entry for the overridden module is removed from apexkeys.txt.
However, this is wrong because the existence of the apex_set module
doesn't necessary mean that the module is insatalled instead of the
overridden module. That is determined by PRODUCT_PACKAGES which Soong
has no knowledge of. Therefore, we don't delete the entry for the
overridden (actually possibly overridable) modules in the file.
Bug: 158729168
Test: m
Change-Id: I85d0c756f862323bae556bf657d66ec50038985f
apex_sets is a new module type that can be used to deliver pre-signed
APEXes, which previously could be done only via prebuilt_apex.
Soon gnow understands apex_sets module types and emits the signing info
of the modules to apexkeys.txt
Exempt-From-Owner-Approval: cherry-pic from AOSP
Bug: 158729168
Test: m
Merged-In: I9507375342ec053309660d94c931a79bf4f21218
(cherry picked from commit 8d6c51ebcc)
Change-Id: I9507375342ec053309660d94c931a79bf4f21218
The partition tag helps merge_target_files.py determine
which apexkeys.txt to select from the framework partial
target files and which to select from the vendor partial
target files. The partition tag is the pysical partition
name, for example, a system_ext module on a device where
system_ext is at system/system_ext has a system
partition tag.
Bug: 138942268
Change-Id: Ia07887b34f1aa77dae94ef23610dfef83c1a5849
Merged-In: Ia07887b34f1aa77dae94ef23610dfef83c1a5849
This change introduces a new module type named 'sdk'. It is a logical
group of prebuilt modules that together provide a context (e.g. APIs)
in which Mainline modules (such as APEXes) are built.
A prebuilt module (e.g. java_import) can join an sdk by adding it to the
sdk module as shown below:
sdk {
name: "mysdk#20",
java_libs: ["myjavalib_mysdk_20"],
}
java_import {
name: "myjavalib_mysdk_20",
srcs: ["myjavalib-v20.jar"],
sdk_member_name: "myjavalib",
}
sdk {
name: "mysdk#21",
java_libs: ["myjavalib_mysdk_21"],
}
java_import {
name: "myjavalib_mysdk_21",
srcs: ["myjavalib-v21.jar"],
sdk_member_name: "myjavalib",
}
java_library {
name: "myjavalib",
srcs: ["**/*/*.java"],
}
An APEX can specify the SDK(s) that it wants to build with via the new
'uses_sdks' property.
apex {
name: "myapex",
java_libs: ["libX", "libY"],
uses_sdks: ["mysdk#20"],
}
With this, libX, libY, and their transitive dependencies are all built
with the version 20 of myjavalib (the first java_import module) instead
of the other one (which is for version 21) and java_library having the
same name (which is for ToT).
Bug: 138182343
Test: m (sdk_test.go added)
Change-Id: I7e14c524a7d6a0d9f575fb20822080f39818c01e
apexkeys.txt now correctly lists prebuilt APEXes with keys specified as
PRESIGNED.
This change also fixes a bug that non-installable APEXes are listed in
the file.
Bug: 131130235
Test: m out/soong/apexkeys.txt and check that
com.android.apex.cts.shim.apex is listed there with PRESIGNED keys.
Merged-In: Ib6d391a82864714743a1cc59cd655bea917b5073
Change-Id: Ib6d391a82864714743a1cc59cd655bea917b5073
(cherry picked from commit a41f12a6fa)
Since apex_key is used in number of apex_test host_supported modules it
is no longer a device only module.
Test: add new device target and check that the build does not fail
Change-Id: I6402e3b622d22ee0ca0e6af71dfd71a690938e49
The public key associated with an APEX is always included in the APEX.
Obviously, the public keys are no longer installed to
/system/etc/security/apex
Bug: 128344735
Test: m
Change-Id: I1e1aef1d32597a447b57d49ab80bbfb921fa8178
public_key and private_key properties support :module syntax so that the
key pairs can be dynamically created during the build, which is useful
for one-time keys.
Bug: 128960614
Test: m (apex_test amended)
Change-Id: I249b1d29f247784193b0d733a7b6a20274ece105
apex_key, when with product_specific: true, is installed to
/product/etc/security/apex.
Bug: 128519063
Test: m (apex_test.go amended)
Change-Id: I39e8ac1c486c734dfe0555cd1874468d75e71f34
ed023eca73 introduced a new (better) way
of exporting make vars from singletone. apex_keys_text singletone is
switched to the new method.
Test: inspect out/soong/make_vars-<target>.mk
Check SOONG_SOONG_APEX_KEYS_FILE is set
Change-Id: Ia218852ba9ae40070cb6c99340d97e0c77d19841
apexkeys.txt is a text file having APEX-to-keys mappings. The file is
included in the target-files package where it is used when re-sign the
APEXes with release keys.
Each line of the file consists of 5 fields:
1) name: file name of the APEX
2) public_key: the public key for the apex_payload.img of the APEX
3) private_key: the private key used to sign the apex_payload.img
4) container_certificate: the certificate used to sign the APEX zip
container
5) container_private_key: the private key used to sign the APEX zip
container
Bug: 124406181
Test: m out/soong/apexkeys.txt and inspect the content
Test: TARGET_BUILD_APPS=com.android.tzdata m dist and make sure
out/dist/apexkeys.txt exists
Change-Id: I1daa13ec50956323b97e15e8df7f1fbe5ea21d63
Build rules for both flattened and non-flattend APEXes are created
regardless of TARGET_FLATTEN_APEX. The selection is made in AndroidMk.
This allows other module to reference an APEX via :module syntax
irrespective of TARGET_FLATTEN_APEX.
Bug: 123780484
Test: TARGET_FLATTEN_APEX=true m out/soong/.intermediates/art/build/apex/art-check-debug-apex-gen/gen/art-check-debug-apex-gen.dummy
with aosp/891696 applied
Change-Id: Ia49415ec3d18cfc5081461be76900c73ea803dca
Add an empty DepsMutator to ModuleBase so it doesn't have to be
implemented on every module that doesn't need it.
Test: all soong tests
Change-Id: I545a832a0dbf27386d3080377a75ea482cd9ce59
When PRODUCT_DEFAULT_DEV_CERTIFICATE is set to /vendor/foo/devkeys/test,
then the public/private key pairs for an apex_key is searched at
/vendor/foo/devkeys directory.
To be specific,
/system/timezone/Android.bp:
apex_key {
name: "timezone.key",
public_key: "com.android.tzdata.avbpubkey",
private_key: "com.android.tzdata.pem",
}
When PRODUCT_DEFAULT_DEV_CERTIFICATE isn't set, the keys are searched at
/system/timezone, which is the path where Android.bp is located.
With PRODUCT_DEFAULT_DEV_CERTIFICATE set to /vendor/foo/devkeys/test,
the keys are searched at /vendor/foo/devkeys.
Bug: 121224311
Test: m (apex_test updated)
Test: m with crosshatch (PRODUCT_DEFAULT_DEV_CERTIFICATE is set to
/vendor/google/...)
Test: m with cheets (PRODUCT_DEFAULT_DEV_CERTIFICATE is set, but there
is no apex key there. The product is with TARGET_FLATTEN_APEX := true)
Change-Id: I213bbb96c433d851f9cc982871459fd7fb4fe47d
Setting the property to false prevents the key from being installed.
Useful for testing keys.
Bug: 122042717
Test: add 'installable: false' to the apex_key
'com.android.apex.test_package.key'. mma under
/system/apex/apexd/apexd_testdata. The key is not found under
out/target/product/..../system/etc/security/apex
Change-Id: Ibf70e4e8ea5e73432d06b1c4050df531eaafc85e
A new module type 'apex_key' is defined to specify public and private
key pair for APEXs. An APEX can refer to the module via the property
'key'. When building the APEX, the private key from the key module is
used to sign it. In addition, the public key from the key module is
automatically installed to /system/etc/security/apex.
Bug: 115721587
Test: m apex.test; m
/apex/com.android.example.apex@1 exists
Change-Id: I82666db095bd7a09f6c1b9cbea2db57ebc076cbf