Commit Graph

17 Commits

Author SHA1 Message Date
Jiyong Park ac5e79f900 Don't remove entries for overriddable modules
Previously, when there is apex_set that is overriding another module,
the entry for the overridden module is removed from apexkeys.txt.
However, this is wrong because the existence of the apex_set module
doesn't necessary mean that the module is insatalled instead of the
overridden module. That is determined by PRODUCT_PACKAGES which Soong
has no knowledge of. Therefore, we don't delete the entry for the
overridden (actually possibly overridable) modules in the file.

Bug: 158729168
Test: m
Change-Id: I85d0c756f862323bae556bf657d66ec50038985f
2020-06-18 23:05:31 +09:00
Jiyong Park 8d6286befe apex_sets is added to apexkeys.txt
apex_sets is a new module type that can be used to deliver pre-signed
APEXes, which previously could be done only via prebuilt_apex.

Soon gnow understands apex_sets module types and emits the signing info
of the modules to apexkeys.txt

Exempt-From-Owner-Approval: cherry-pic from AOSP

Bug: 158729168
Test: m
Merged-In: I9507375342ec053309660d94c931a79bf4f21218
(cherry picked from commit 8d6c51ebcc)
Change-Id: I9507375342ec053309660d94c931a79bf4f21218
2020-06-17 13:17:11 +09:00
Bill Peckham 1c610cfed1 Include partition tag in apexkeys.txt.
The partition tag helps merge_target_files.py determine
which apexkeys.txt to select from the framework partial
target files and which to select from the vendor partial
target files. The partition tag is the pysical partition
name, for example, a system_ext module on a device where
system_ext is at system/system_ext has a system
partition tag.

Bug: 138942268
Change-Id: Ia07887b34f1aa77dae94ef23610dfef83c1a5849
Merged-In: Ia07887b34f1aa77dae94ef23610dfef83c1a5849
2020-04-02 17:15:47 +00:00
Jiyong Park d1063c1586 Introduce module type 'sdk'
This change introduces a new module type named 'sdk'. It is a logical
group of prebuilt modules that together provide a context (e.g. APIs)
in which Mainline modules (such as APEXes) are built.

A prebuilt module (e.g. java_import) can join an sdk by adding it to the
sdk module as shown below:

sdk {
    name: "mysdk#20",
    java_libs: ["myjavalib_mysdk_20"],
}

java_import {
    name: "myjavalib_mysdk_20",
    srcs: ["myjavalib-v20.jar"],
    sdk_member_name: "myjavalib",
}

sdk {
    name: "mysdk#21",
    java_libs: ["myjavalib_mysdk_21"],
}

java_import {
    name: "myjavalib_mysdk_21",
    srcs: ["myjavalib-v21.jar"],
    sdk_member_name: "myjavalib",
}

java_library {
    name: "myjavalib",
    srcs: ["**/*/*.java"],
}

An APEX can specify the SDK(s) that it wants to build with via the new
'uses_sdks' property.

apex {
    name: "myapex",
    java_libs: ["libX", "libY"],
    uses_sdks: ["mysdk#20"],
}

With this, libX, libY, and their transitive dependencies are all built
with the version 20 of myjavalib (the first java_import module) instead
of the other one (which is for version 21) and java_library having the
same name (which is for ToT).

Bug: 138182343
Test: m (sdk_test.go added)
Change-Id: I7e14c524a7d6a0d9f575fb20822080f39818c01e
2019-09-22 08:21:27 +09:00
Jiyong Park 4d27704da0 Prebuilt APEXes are recoreded in apexkeys.txt
apexkeys.txt now correctly lists prebuilt APEXes with keys specified as
PRESIGNED.

This change also fixes a bug that non-installable APEXes are listed in
the file.

Bug: 131130235
Test: m out/soong/apexkeys.txt and check that
com.android.apex.cts.shim.apex is listed there with PRESIGNED keys.

Merged-In: Ib6d391a82864714743a1cc59cd655bea917b5073
Change-Id: Ib6d391a82864714743a1cc59cd655bea917b5073
(cherry picked from commit a41f12a6fa)
2019-04-29 09:21:23 +09:00
dimitry f807167023 Make apex_key HostAndDeviceDefault
Since apex_key is used in number of apex_test host_supported modules it
is no longer a device only module.

Test: add new device target and check that the build does not fail
Change-Id: I6402e3b622d22ee0ca0e6af71dfd71a690938e49
2019-04-12 09:26:00 +00:00
Jiyong Park 42cca6c951 Always bundle the public key for APEX
The public key associated with an APEX is always included in the APEX.

Obviously, the public keys are no longer installed to
/system/etc/security/apex

Bug: 128344735
Test: m
Change-Id: I1e1aef1d32597a447b57d49ab80bbfb921fa8178
2019-04-01 19:24:31 +09:00
Jaewoong Jung 939ebd5f33 Add prebuilt_apex.
Bug: 127789981
Test: apex_test.go + com.android.tzdata.apex
Change-Id: I09bb0a4b2acf310c55c789569da3c9d755638232
2019-03-28 15:56:22 -07:00
Jiyong Park 6788256d09 :module syntax support properties in apex_key
public_key and private_key properties support :module syntax so that the
key pairs can be dynamically created during the build, which is useful
for one-time keys.

Bug: 128960614
Test: m (apex_test amended)

Change-Id: I249b1d29f247784193b0d733a7b6a20274ece105
2019-03-22 11:41:09 +09:00
Jiyong Park d1e293d11e product_specific support for apex_key
apex_key, when with product_specific: true, is installed to
/product/etc/security/apex.

Bug: 128519063
Test: m (apex_test.go amended)
Change-Id: I39e8ac1c486c734dfe0555cd1874468d75e71f34
2019-03-15 02:15:39 +09:00
Jiyong Park 37eb8bbb3a Export make vars using MakeVars method
ed023eca73 introduced a new (better) way
of exporting make vars from singletone. apex_keys_text singletone is
switched to the new method.

Test: inspect out/soong/make_vars-<target>.mk
Check SOONG_SOONG_APEX_KEYS_FILE is set

Change-Id: Ia218852ba9ae40070cb6c99340d97e0c77d19841
2019-02-20 22:26:21 +09:00
Jiyong Park 0ca3ce867c build apexkeys.txt
apexkeys.txt is a text file having APEX-to-keys mappings. The file is
included in the target-files package where it is used when re-sign the
APEXes with release keys.

Each line of the file consists of 5 fields:
1) name: file name of the APEX
2) public_key: the public key for the apex_payload.img of the APEX
3) private_key: the private key used to sign the apex_payload.img
4) container_certificate: the certificate used to sign the APEX zip
container
5) container_private_key: the private key used to sign the APEX zip
container

Bug: 124406181
Test: m out/soong/apexkeys.txt and inspect the content
Test: TARGET_BUILD_APPS=com.android.tzdata m dist and make sure
out/dist/apexkeys.txt exists
Change-Id: I1daa13ec50956323b97e15e8df7f1fbe5ea21d63
2019-02-19 14:13:36 +09:00
Jiyong Park 23c52b0eb8 :module syntax is supported for APEX even when TARGET_FLATTEN_APEX
Build rules for both flattened and non-flattend APEXes are created
regardless of TARGET_FLATTEN_APEX. The selection is made in AndroidMk.
This allows other module to reference an APEX via :module syntax
irrespective of TARGET_FLATTEN_APEX.

Bug: 123780484
Test: TARGET_FLATTEN_APEX=true m out/soong/.intermediates/art/build/apex/art-check-debug-apex-gen/gen/art-check-debug-apex-gen.dummy
with aosp/891696 applied
Change-Id: Ia49415ec3d18cfc5081461be76900c73ea803dca
2019-02-06 09:24:39 +09:00
Colin Cross 5f692ec219 Remove empty DepsMutator methods
Add an empty DepsMutator to ModuleBase so it doesn't have to be
implemented on every module that doesn't need it.

Test: all soong tests
Change-Id: I545a832a0dbf27386d3080377a75ea482cd9ce59
2019-02-01 17:17:58 -08:00
Jiyong Park 9335a26cbd APEXes can be signed with devkeys
When PRODUCT_DEFAULT_DEV_CERTIFICATE is set to /vendor/foo/devkeys/test,
then the public/private key pairs for an apex_key is searched at
/vendor/foo/devkeys directory.

To be specific,

/system/timezone/Android.bp:
apex_key {
    name: "timezone.key",
    public_key: "com.android.tzdata.avbpubkey",
    private_key: "com.android.tzdata.pem",
}

When PRODUCT_DEFAULT_DEV_CERTIFICATE isn't set, the keys are searched at
/system/timezone, which is the path where Android.bp is located.

With PRODUCT_DEFAULT_DEV_CERTIFICATE set to /vendor/foo/devkeys/test,
the keys are searched at /vendor/foo/devkeys.

Bug: 121224311
Test: m (apex_test updated)
Test: m with crosshatch (PRODUCT_DEFAULT_DEV_CERTIFICATE is set to
/vendor/google/...)
Test: m with cheets (PRODUCT_DEFAULT_DEV_CERTIFICATE is set, but there
is no apex key there. The product is with TARGET_FLATTEN_APEX := true)

Change-Id: I213bbb96c433d851f9cc982871459fd7fb4fe47d
2019-01-11 13:35:56 +09:00
Jiyong Park 50d99206d5 Add installable property to apex_key
Setting the property to false prevents the key from being installed.
Useful for testing keys.

Bug: 122042717
Test: add 'installable: false' to the apex_key
'com.android.apex.test_package.key'. mma under
/system/apex/apexd/apexd_testdata. The key is not found under
out/target/product/..../system/etc/security/apex

Change-Id: Ibf70e4e8ea5e73432d06b1c4050df531eaafc85e
2019-01-04 03:23:12 +09:00
Jiyong Park ff1458f670 APEX can be signed with different keys
A new module type 'apex_key' is defined to specify public and private
key pair for APEXs. An APEX can refer to the module via the property
'key'. When building the APEX, the private key from the key module is
used to sign it. In addition, the public key from the key module is
automatically installed to /system/etc/security/apex.

Bug: 115721587
Test: m apex.test; m
/apex/com.android.example.apex@1 exists

Change-Id: I82666db095bd7a09f6c1b9cbea2db57ebc076cbf
2018-10-16 09:53:11 +09:00