Commit Graph

14 Commits

Author SHA1 Message Date
Jiyong Park ded02fab27 Merge "Prebuilt APEXes are recoreded in apexkeys.txt" into qt-dev
am: a25a2779c6

Change-Id: Ia6f97ecf118b6a74f68ddc6c69ece35ee8fe934d
2019-04-23 21:42:24 -07:00
Jiyong Park a41f12a6fa Prebuilt APEXes are recoreded in apexkeys.txt
apexkeys.txt now correctly lists prebuilt APEXes with keys specified as
PRESIGNED.

This change also fixes a bug that non-installable APEXes are listed in
the file.

Bug: 131130235
Test: m out/soong/apexkeys.txt and check that
com.android.apex.cts.shim.apex is listed there with PRESIGNED keys.

Change-Id: Ib6d391a82864714743a1cc59cd655bea917b5073
2019-04-23 18:03:16 +09:00
dimitry f807167023 Make apex_key HostAndDeviceDefault
Since apex_key is used in number of apex_test host_supported modules it
is no longer a device only module.

Test: add new device target and check that the build does not fail
Change-Id: I6402e3b622d22ee0ca0e6af71dfd71a690938e49
2019-04-12 09:26:00 +00:00
Jiyong Park 42cca6c951 Always bundle the public key for APEX
The public key associated with an APEX is always included in the APEX.

Obviously, the public keys are no longer installed to
/system/etc/security/apex

Bug: 128344735
Test: m
Change-Id: I1e1aef1d32597a447b57d49ab80bbfb921fa8178
2019-04-01 19:24:31 +09:00
Jaewoong Jung 939ebd5f33 Add prebuilt_apex.
Bug: 127789981
Test: apex_test.go + com.android.tzdata.apex
Change-Id: I09bb0a4b2acf310c55c789569da3c9d755638232
2019-03-28 15:56:22 -07:00
Jiyong Park 6788256d09 :module syntax support properties in apex_key
public_key and private_key properties support :module syntax so that the
key pairs can be dynamically created during the build, which is useful
for one-time keys.

Bug: 128960614
Test: m (apex_test amended)

Change-Id: I249b1d29f247784193b0d733a7b6a20274ece105
2019-03-22 11:41:09 +09:00
Jiyong Park d1e293d11e product_specific support for apex_key
apex_key, when with product_specific: true, is installed to
/product/etc/security/apex.

Bug: 128519063
Test: m (apex_test.go amended)
Change-Id: I39e8ac1c486c734dfe0555cd1874468d75e71f34
2019-03-15 02:15:39 +09:00
Jiyong Park 37eb8bbb3a Export make vars using MakeVars method
ed023eca73 introduced a new (better) way
of exporting make vars from singletone. apex_keys_text singletone is
switched to the new method.

Test: inspect out/soong/make_vars-<target>.mk
Check SOONG_SOONG_APEX_KEYS_FILE is set

Change-Id: Ia218852ba9ae40070cb6c99340d97e0c77d19841
2019-02-20 22:26:21 +09:00
Jiyong Park 0ca3ce867c build apexkeys.txt
apexkeys.txt is a text file having APEX-to-keys mappings. The file is
included in the target-files package where it is used when re-sign the
APEXes with release keys.

Each line of the file consists of 5 fields:
1) name: file name of the APEX
2) public_key: the public key for the apex_payload.img of the APEX
3) private_key: the private key used to sign the apex_payload.img
4) container_certificate: the certificate used to sign the APEX zip
container
5) container_private_key: the private key used to sign the APEX zip
container

Bug: 124406181
Test: m out/soong/apexkeys.txt and inspect the content
Test: TARGET_BUILD_APPS=com.android.tzdata m dist and make sure
out/dist/apexkeys.txt exists
Change-Id: I1daa13ec50956323b97e15e8df7f1fbe5ea21d63
2019-02-19 14:13:36 +09:00
Jiyong Park 23c52b0eb8 :module syntax is supported for APEX even when TARGET_FLATTEN_APEX
Build rules for both flattened and non-flattend APEXes are created
regardless of TARGET_FLATTEN_APEX. The selection is made in AndroidMk.
This allows other module to reference an APEX via :module syntax
irrespective of TARGET_FLATTEN_APEX.

Bug: 123780484
Test: TARGET_FLATTEN_APEX=true m out/soong/.intermediates/art/build/apex/art-check-debug-apex-gen/gen/art-check-debug-apex-gen.dummy
with aosp/891696 applied
Change-Id: Ia49415ec3d18cfc5081461be76900c73ea803dca
2019-02-06 09:24:39 +09:00
Colin Cross 5f692ec219 Remove empty DepsMutator methods
Add an empty DepsMutator to ModuleBase so it doesn't have to be
implemented on every module that doesn't need it.

Test: all soong tests
Change-Id: I545a832a0dbf27386d3080377a75ea482cd9ce59
2019-02-01 17:17:58 -08:00
Jiyong Park 9335a26cbd APEXes can be signed with devkeys
When PRODUCT_DEFAULT_DEV_CERTIFICATE is set to /vendor/foo/devkeys/test,
then the public/private key pairs for an apex_key is searched at
/vendor/foo/devkeys directory.

To be specific,

/system/timezone/Android.bp:
apex_key {
    name: "timezone.key",
    public_key: "com.android.tzdata.avbpubkey",
    private_key: "com.android.tzdata.pem",
}

When PRODUCT_DEFAULT_DEV_CERTIFICATE isn't set, the keys are searched at
/system/timezone, which is the path where Android.bp is located.

With PRODUCT_DEFAULT_DEV_CERTIFICATE set to /vendor/foo/devkeys/test,
the keys are searched at /vendor/foo/devkeys.

Bug: 121224311
Test: m (apex_test updated)
Test: m with crosshatch (PRODUCT_DEFAULT_DEV_CERTIFICATE is set to
/vendor/google/...)
Test: m with cheets (PRODUCT_DEFAULT_DEV_CERTIFICATE is set, but there
is no apex key there. The product is with TARGET_FLATTEN_APEX := true)

Change-Id: I213bbb96c433d851f9cc982871459fd7fb4fe47d
2019-01-11 13:35:56 +09:00
Jiyong Park 50d99206d5 Add installable property to apex_key
Setting the property to false prevents the key from being installed.
Useful for testing keys.

Bug: 122042717
Test: add 'installable: false' to the apex_key
'com.android.apex.test_package.key'. mma under
/system/apex/apexd/apexd_testdata. The key is not found under
out/target/product/..../system/etc/security/apex

Change-Id: Ibf70e4e8ea5e73432d06b1c4050df531eaafc85e
2019-01-04 03:23:12 +09:00
Jiyong Park ff1458f670 APEX can be signed with different keys
A new module type 'apex_key' is defined to specify public and private
key pair for APEXs. An APEX can refer to the module via the property
'key'. When building the APEX, the private key from the key module is
used to sign it. In addition, the public key from the key module is
automatically installed to /system/etc/security/apex.

Bug: 115721587
Test: m apex.test; m
/apex/com.android.example.apex@1 exists

Change-Id: I82666db095bd7a09f6c1b9cbea2db57ebc076cbf
2018-10-16 09:53:11 +09:00