StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

releasetools: Fix alignment issue when signing APEXes.

Browse Source 
Previously it was following a wrong order by doing `zipalign` after
calling SignApk, which effectively compromised the signature. This CL
corrects the logic, and follows the same flow as in build system:
 - Pack APEX file;
 - `zipalign -f 4096`;
 - Call SignApk to sign the container with `-a 4096` flag.

Bug: 129148142
Test: Run sign_target_files_apks.py on taimen target_files.zip. Boot the
      image after signing.
Change-Id: I91bd3dce4f45c1891c5e122212a699f4808618fa
This commit is contained in:
Tao Bao
2019-03-22 23:16:58 -07:00
parent 5d816d89eb
commit 0e06cb0a8b
2 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tools/releasetools/common.py
View File

@@ -1008,7 +1008,8 @@ def GetMinSdkVersionInt(apk_name, codename_to_api_level_map):
def SignFile(input_name, output_name, key, password, min_api_level=None,
codename_to_api_level_map=None, whole_file=False):
codename_to_api_level_map=None, whole_file=False,
extra_signapk_args=None):
"""Sign the input_name zip/jar/apk, producing output_name. Use the
given key and password (the latter may be None if the key does not
have a password.
@@ -1023,9 +1024,14 @@ def SignFile(input_name, output_name, key, password, min_api_level=None,
codename_to_api_level_map is needed to translate the codename which may be
encountered as the APK's minSdkVersion.
Caller may optionally specify extra args to be passed to SignApk, which
defaults to OPTIONS.extra_signapk_args if omitted.
"""
if codename_to_api_level_map is None:
codename_to_api_level_map = {}
if extra_signapk_args is None:
extra_signapk_args = OPTIONS.extra_signapk_args
java_library_path = os.path.join(
OPTIONS.search_path, OPTIONS.signapk_shared_library_path)
@@ -1033,7 +1039,7 @@ def SignFile(input_name, output_name, key, password, min_api_level=None,
cmd = ([OPTIONS.java_path] + OPTIONS.java_args +
["-Djava.library.path=" + java_library_path,
"-jar", os.path.join(OPTIONS.search_path, OPTIONS.signapk_path)] +
OPTIONS.extra_signapk_args)
extra_signapk_args)
if whole_file:
cmd.append("-w")