StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make unsigned apks explicit

Browse Source 
Allow user to explicitly specify that an apk is not to be
re-signed. Fail if we have any apks that for which no key is provided.
This commit is contained in:
Doug Zongker
2009-04-14 14:05:15 -07:00
parent 547c8cfa7d
commit 43874f8c86
2 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tools/releasetools/common.py
View File

@@ -135,6 +135,12 @@ def GetKeyPasswords(keylist):
key_passwords = {} key_passwords = {}
devnull = open("/dev/null", "w+b") devnull = open("/dev/null", "w+b")
for k in sorted(keylist): for k in sorted(keylist):
# An empty-string key is used to mean don't re-sign this package.
# Obviously we don't need a password for this non-key.
if not k:
key_passwords[k] = None
continue
p = subprocess.Popen(["openssl", "pkcs8", "-in", k+".pk8", p = subprocess.Popen(["openssl", "pkcs8", "-in", k+".pk8",
"-inform", "DER", "-nocrypt"], "-inform", "DER", "-nocrypt"],
stdin=devnull.fileno(), stdin=devnull.fileno(),

28
tools/releasetools/sign_target_files_apks
View File

@@ -111,25 +111,41 @@ def SignApk(data, keyname, pw):
def SignApks(input_tf_zip, output_tf_zip): def SignApks(input_tf_zip, output_tf_zip):
apk_key_map = GetApkCerts(input_tf_zip) apk_key_map = GetApkCerts(input_tf_zip)
key_passwords = common.GetKeyPasswords(set(apk_key_map.values()))
maxsize = max([len(os.path.basename(i.filename)) maxsize = max([len(os.path.basename(i.filename))
for i in input_tf_zip.infolist() for i in input_tf_zip.infolist()
if i.filename.endswith('.apk')]) if i.filename.endswith('.apk')])
# Check that all the APKs we want to sign have keys specified, and
# error out if they don't. Do this before prompting for key
# passwords in case we're going to fail anyway.
unknown_apks = []
for info in input_tf_zip.infolist():
if info.filename.endswith(".apk"):
name = os.path.basename(info.filename)
if name not in apk_key_map:
unknown_apks.append(name)
if unknown_apks:
print "ERROR: no key specified for:\n\n ",
print "\n ".join(unknown_apks)
print "\nUse '-e <apkname>=' to specify a key (which may be an"
print "empty string to not sign this apk)."
sys.exit(1)
key_passwords = common.GetKeyPasswords(set(apk_key_map.values()))
for info in input_tf_zip.infolist(): for info in input_tf_zip.infolist():
data = input_tf_zip.read(info.filename) data = input_tf_zip.read(info.filename)
out_info = copy.copy(info) out_info = copy.copy(info)
if info.filename.endswith(".apk"): if info.filename.endswith(".apk"):
name = os.path.basename(info.filename) name = os.path.basename(info.filename)
key = apk_key_map.get(name, None) key = apk_key_map[name]
if key is not None: if key:
print "signing: %-*s (%s)" % (maxsize, name, key) print " signing: %-*s (%s)" % (maxsize, name, key)
signed_data = SignApk(data, key, key_passwords[key]) signed_data = SignApk(data, key, key_passwords[key])
output_tf_zip.writestr(out_info, signed_data) output_tf_zip.writestr(out_info, signed_data)
else: else:
# an APK we're not supposed to sign. # an APK we're not supposed to sign.
print "skipping: %s" % (name,) print "NOT signing: %s" % (name,)
output_tf_zip.writestr(out_info, data) output_tf_zip.writestr(out_info, data)
elif info.filename in ("SYSTEM/build.prop", elif info.filename in ("SYSTEM/build.prop",
"RECOVERY/RAMDISK/default.prop"): "RECOVERY/RAMDISK/default.prop"):