StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes I91bd3dce,I2e941fd9

Browse Source 
am: 9a5093e5f9

Change-Id: Ic708931f9ef0ed9a23c8e7146013a7b8dea9e647
This commit is contained in:
Tao Bao
2019-03-24 10:44:21 -07:00
committed by android-build-merger
parent 5355757f74 9a5093e5f9
commit 1ece90be3b
2 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tools/releasetools/common.py
View File

@@ -1008,7 +1008,8 @@ def GetMinSdkVersionInt(apk_name, codename_to_api_level_map):
def SignFile(input_name, output_name, key, password, min_api_level=None, def SignFile(input_name, output_name, key, password, min_api_level=None,
codename_to_api_level_map=None, whole_file=False): codename_to_api_level_map=None, whole_file=False,
extra_signapk_args=None):
"""Sign the input_name zip/jar/apk, producing output_name. Use the """Sign the input_name zip/jar/apk, producing output_name. Use the
given key and password (the latter may be None if the key does not given key and password (the latter may be None if the key does not
have a password. have a password.
@@ -1023,9 +1024,14 @@ def SignFile(input_name, output_name, key, password, min_api_level=None,
codename_to_api_level_map is needed to translate the codename which may be codename_to_api_level_map is needed to translate the codename which may be
encountered as the APK's minSdkVersion. encountered as the APK's minSdkVersion.
Caller may optionally specify extra args to be passed to SignApk, which
defaults to OPTIONS.extra_signapk_args if omitted.
""" """
if codename_to_api_level_map is None: if codename_to_api_level_map is None:
codename_to_api_level_map = {} codename_to_api_level_map = {}
if extra_signapk_args is None:
extra_signapk_args = OPTIONS.extra_signapk_args
java_library_path = os.path.join( java_library_path = os.path.join(
OPTIONS.search_path, OPTIONS.signapk_shared_library_path) OPTIONS.search_path, OPTIONS.signapk_shared_library_path)
@@ -1033,7 +1039,7 @@ def SignFile(input_name, output_name, key, password, min_api_level=None,
cmd = ([OPTIONS.java_path] + OPTIONS.java_args + cmd = ([OPTIONS.java_path] + OPTIONS.java_args +
["-Djava.library.path=" + java_library_path, ["-Djava.library.path=" + java_library_path,
"-jar", os.path.join(OPTIONS.search_path, OPTIONS.signapk_path)] + "-jar", os.path.join(OPTIONS.search_path, OPTIONS.signapk_path)] +
OPTIONS.extra_signapk_args) extra_signapk_args)
if whole_file: if whole_file:
cmd.append("-w") cmd.append("-w")

32
tools/releasetools/sign_target_files_apks.py
View File

@@ -400,7 +400,6 @@ def SignApex(apex_data, payload_key, container_key, container_pw,
APEX_PAYLOAD_IMAGE = 'apex_payload.img' APEX_PAYLOAD_IMAGE = 'apex_payload.img'
# Signing an APEX is a two step process.
# 1. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given payload_key. # 1. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given payload_key.
payload_dir = common.MakeTempDir(prefix='apex-payload-') payload_dir = common.MakeTempDir(prefix='apex-payload-')
with zipfile.ZipFile(apex_file) as apex_fd: with zipfile.ZipFile(apex_file) as apex_fd:
@@ -420,21 +419,28 @@ def SignApex(apex_data, payload_key, container_key, container_pw,
common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE) common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
common.ZipClose(apex_zip) common.ZipClose(apex_zip)
# 2. Sign the overall APEX container with container_key. # 2. Align the files at page boundary (same as in apexer).
aligned_apex = common.MakeTempFile(
prefix='apex-container-', suffix='.apex')
common.RunAndCheckOutput(
['zipalign', '-f', '4096', apex_file, aligned_apex])
# 3. Sign the APEX container with container_key.
signed_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex') signed_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex')
# Specify the 4K alignment when calling SignApk.
extra_signapk_args = OPTIONS.extra_signapk_args[:]
extra_signapk_args.extend(['-a', '4096'])
common.SignFile( common.SignFile(
apex_file, aligned_apex,
signed_apex, signed_apex,
container_key, container_key,
container_pw, container_pw,
codename_to_api_level_map=codename_to_api_level_map) codename_to_api_level_map=codename_to_api_level_map,
extra_signapk_args=extra_signapk_args)
signed_and_aligned_apex = common.MakeTempFile( return (signed_apex, payload_info['apex.key'])
prefix='apex-container-', suffix='.apex')
common.RunAndCheckOutput(
['zipalign', '-f', '4096', signed_apex, signed_and_aligned_apex])
return (signed_and_aligned_apex, payload_info['apex.key'])
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
@@ -600,7 +606,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
else: else:
common.ZipWriteStr(output_tf_zip, out_info, data) common.ZipWriteStr(output_tf_zip, out_info, data)
# Update APEX payload public keys. # Copy or update APEX payload public keys.
for info in input_tf_zip.infolist(): for info in input_tf_zip.infolist():
filename = info.filename filename = info.filename
if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or
@@ -609,8 +615,10 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
name = os.path.basename(filename) name = os.path.basename(filename)
# Skip PRESIGNED APEXes. # Copy the keys for PRESIGNED APEXes.
if name not in updated_apex_payload_keys: if name not in updated_apex_payload_keys:
data = input_tf_zip.read(filename)
common.ZipWriteStr(output_tf_zip, info, data)
continue continue
key_path = updated_apex_payload_keys[name] key_path = updated_apex_payload_keys[name]