Revert "Sign APKs using SHA-256 instead of SHA-1 when possible."

This reverts commit de5bc04717 because it's breaking some builds. Turns out some APKs have multiple sdkVersion attributes returned by aapt. Change-Id: I013d6ef5eac473dd3900e0b9edf4c32cdc838bab
2016-01-25 17:17:09 +00:00
parent de5bc04717
commit 1429d5e14c
4 changed files with 8 additions and 155 deletions
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -127,34 +127,14 @@ def CheckAllApksSigned(input_tf_zip, apk_key_map):
    sys.exit(1)


-def SignApk(data, keyname, pw, platform_api_level, codename_to_api_level_map):
+def SignApk(data, keyname, pw):
  unsigned = tempfile.NamedTemporaryFile()
  unsigned.write(data)
  unsigned.flush()

  signed = tempfile.NamedTemporaryFile()

-  # For pre-N builds, don't upgrade to SHA-256 JAR signatures based on the APK's
-  # minSdkVersion to avoid increasing incremental OTA update sizes. If an APK
-  # didn't change, we don't want its signature to change due to the switch
-  # from SHA-1 to SHA-256.
-  # By default, APK signer chooses SHA-256 signatures if the APK's minSdkVersion
-  # is 18 or higher. For pre-N builds we disable this mechanism by pretending
-  # that the APK's minSdkVersion is 1.
-  # For N+ builds, we let APK signer rely on the APK's minSdkVersion to
-  # determine whether to use SHA-256.
-  min_api_level = None
-  if platform_api_level > 23:
-    # Let APK signer choose whether to use SHA-1 or SHA-256, based on the APK's
-    # minSdkVersion attribute
-    min_api_level = None
-  else:
-    # Force APK signer to use SHA-1
-    min_api_level = 1
-
-  common.SignFile(unsigned.name, signed.name, keyname, pw,
-      min_api_level=min_api_level,
-      codename_to_api_level_map=codename_to_api_level_map)
+  common.SignFile(unsigned.name, signed.name, keyname, pw)

  data = signed.read()
  unsigned.close()
@@ -164,8 +144,7 @@ def SignApk(data, keyname, pw, platform_api_level, codename_to_api_level_map):


 def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
-                       apk_key_map, key_passwords, platform_api_level,
-                       codename_to_api_level_map):
+                       apk_key_map, key_passwords):

  maxsize = max([len(os.path.basename(i.filename))
                 for i in input_tf_zip.infolist()
@@ -221,8 +200,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
      key = apk_key_map[name]
      if key not in common.SPECIAL_CERT_STRINGS:
        print "    signing: %-*s (%s)" % (maxsize, name, key)
-        signed_data = SignApk(data, key, key_passwords[key], platform_api_level,
-            codename_to_api_level_map)
+        signed_data = SignApk(data, key, key_passwords[key])
        common.ZipWriteStr(output_tf_zip, out_info, signed_data)
      else:
        # an APK we're not supposed to sign.
@@ -462,57 +440,6 @@ def BuildKeyMap(misc_info, key_mapping_options):
      OPTIONS.key_map[s] = d


-def GetApiLevelAndCodename(input_tf_zip):
-  data = input_tf_zip.read("SYSTEM/build.prop")
-  api_level = None
-  codename = None
-  for line in data.split("\n"):
-    line = line.strip()
-    original_line = line
-    if line and line[0] != '#' and "=" in line:
-      key, value = line.split("=", 1)
-      key = key.strip()
-      if key == "ro.build.version.sdk":
-        api_level = int(value.strip())
-      elif key == "ro.build.version.codename":
-        codename = value.strip()
-
-  if api_level is None:
-    raise ValueError("No ro.build.version.sdk in SYSTEM/build.prop")
-  if codename is None:
-    raise ValueError("No ro.build.version.codename in SYSTEM/build.prop")
-
-  return (api_level, codename)
-
-
-def GetCodenameToApiLevelMap(input_tf_zip):
-  data = input_tf_zip.read("SYSTEM/build.prop")
-  api_level = None
-  codenames = None
-  for line in data.split("\n"):
-    line = line.strip()
-    original_line = line
-    if line and line[0] != '#' and "=" in line:
-      key, value = line.split("=", 1)
-      key = key.strip()
-      if key == "ro.build.version.sdk":
-        api_level = int(value.strip())
-      elif key == "ro.build.version.all_codenames":
-        codenames = value.strip().split(",")
-
-  if api_level is None:
-    raise ValueError("No ro.build.version.sdk in SYSTEM/build.prop")
-  if codenames is None:
-    raise ValueError("No ro.build.version.all_codenames in SYSTEM/build.prop")
-
-  result = dict()
-  for codename in codenames:
-    codename = codename.strip()
-    if len(codename) > 0:
-      result[codename] = api_level
-  return result
-
-
 def main(argv):

  key_mapping_options = []
@@ -571,17 +498,8 @@ def main(argv):
  CheckAllApksSigned(input_zip, apk_key_map)

  key_passwords = common.GetKeyPasswords(set(apk_key_map.values()))
-  platform_api_level, platform_codename = GetApiLevelAndCodename(input_zip)
-  codename_to_api_level_map = GetCodenameToApiLevelMap(input_zip)
-  # Android N will be API Level 24, but isn't yet.
-  # TODO: Remove this workaround once Android N is officially API Level 24.
-  if platform_api_level == 23 and platform_codename == "N":
-    platform_api_level = 24
-
  ProcessTargetFiles(input_zip, output_zip, misc_info,
-                     apk_key_map, key_passwords,
-                     platform_api_level,
-                     codename_to_api_level_map)
+                     apk_key_map, key_passwords)

  common.ZipClose(input_zip)
  common.ZipClose(output_zip)