p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

sign_target_files_apks: Fix password encrypted keys handle 

This patch restores the possibility of using password encrypted
keys for build signing.

Bug: 171221825
Test: 1. Generate password encrypted keys (write non empty passwords):
        $ subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
        $ mkdir ~/.android-certs
        $ for x in releasekey platform shared media; do \
            ./development/tools/make_key ~/.android-certs/$x \
            "$subject"; \
          done
      2. Create a file with passwords:
        Example of passwd file:
            [[[ 12345678 ]]] /home/user/.android-certs/releasekey
            [[[ 12345678 ]]] /home/user/.android-certs/platform
            [[[ 12345678 ]]] /home/user/.android-certs/shared
            [[[ 12345678 ]]] /home/user/.android-certs/media
            [[[ 12345678 ]]] /home/user/.android-certs/networkstack
      3. Tell system where to find passwords:
        $ export ANDROID_PW_FILE=/path/to/file/with/passwords
      4. Generate a release image:
        $ make dist
        $ sign_target_files_apks \
        -o --default_key_mappings ~/.android-certs \
        out/dist/*-target_files-*.zip \
        signed-target_files.zip

Signed-off-by: Oleh Cherpak <oleh.cherpak@globallogic.com>
Change-Id: I3e9d5318f69a2c3ac6eec64b36163b6544d49c90
This commit is contained in:
Oleh Cherpak 2020-10-05 17:04:59 +03:00
parent 0071b0b56d
commit e555ab1848
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tools/releasetools/apex_utils.py
View File

@ -49,7 +49,10 @@ class ApexApkSigner(object):
def __init__(self, apex_path, key_passwords, codename_to_api_level_map):
self.apex_path = apex_path
self.key_passwords = key_passwords
if not key_passwords:
self.key_passwords = dict()
else:
self.key_passwords = key_passwords
self.codename_to_api_level_map = codename_to_api_level_map
def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
@ -110,7 +113,7 @@ class ApexApkSigner(object):
# signed apk file.
unsigned_apk = common.MakeTempFile()
os.rename(apk_path, unsigned_apk)
common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords,
common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords.get(key_name),
codename_to_api_level_map=self.codename_to_api_level_map)
has_signed_apk = True
return payload_dir, has_signed_apk
@ -356,7 +359,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
aligned_apex,
signed_apex,
container_key,
container_pw,
container_pw.get(container_key),
codename_to_api_level_map=codename_to_api_level_map,
extra_signapk_args=extra_signapk_args)

2
tools/releasetools/sign_target_files_apks.py
View File

@ -515,7 +515,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
data,
payload_key,
container_key,
key_passwords[container_key],
key_passwords,
apk_keys,
codename_to_api_level_map,
no_hashtree=True,