remove shared_uid cert check from sign_targt_file_apks
This check (and others) are now done by the separate script check_target_files_signatures; the one here is redundant.
This commit is contained in:
Doug Zongker
@@ -114,68 +114,6 @@ def CheckAllApksSigned(input_tf_zip, apk_key_map):
|
|||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
def SharedUserForApk(data):
|
|
||||||
tmp = tempfile.NamedTemporaryFile()
|
|
||||||
tmp.write(data)
|
|
||||||
tmp.flush()
|
|
||||||
|
|
||||||
p = common.Run(["aapt", "dump", "xmltree", tmp.name, "AndroidManifest.xml"],
|
|
||||||
stdout=subprocess.PIPE)
|
|
||||||
data, _ = p.communicate()
|
|
||||||
if p.returncode != 0:
|
|
||||||
raise ExternalError("failed to run aapt dump")
|
|
||||||
lines = data.split("\n")
|
|
||||||
for i in lines:
|
|
||||||
m = re.match(r'^\s*A: android:sharedUserId\([0-9a-fx]*\)="([^"]*)" .*$', i)
|
|
||||||
if m:
|
|
||||||
return m.group(1)
|
|
||||||
return None
|
|
||||||
|
|
||||||
|
|
||||||
def CheckSharedUserIdsConsistent(input_tf_zip, apk_key_map):
|
|
||||||
"""Check that all packages that request the same shared user id are
|
|
||||||
going to be signed with the same key."""
|
|
||||||
|
|
||||||
shared_user_apks = {}
|
|
||||||
maxlen = len("(unknown key)")
|
|
||||||
|
|
||||||
for info in input_tf_zip.infolist():
|
|
||||||
if info.filename.endswith(".apk"):
|
|
||||||
data = input_tf_zip.read(info.filename)
|
|
||||||
|
|
||||||
name = os.path.basename(info.filename)
|
|
||||||
shared_user = SharedUserForApk(data)
|
|
||||||
key = apk_key_map[name]
|
|
||||||
maxlen = max(maxlen, len(key))
|
|
||||||
|
|
||||||
if shared_user is not None:
|
|
||||||
shared_user_apks.setdefault(
|
|
||||||
shared_user, {}).setdefault(key, []).append(name)
|
|
||||||
|
|
||||||
errors = []
|
|
||||||
for k, v in shared_user_apks.iteritems():
|
|
||||||
# each shared user should have exactly one key used for all the
|
|
||||||
# apks that want that user.
|
|
||||||
if len(v) > 1:
|
|
||||||
errors.append((k, v))
|
|
||||||
|
|
||||||
if not errors: return
|
|
||||||
|
|
||||||
print "ERROR: shared user inconsistency. All apks wanting to use"
|
|
||||||
print " a given shared user must be signed with the same key."
|
|
||||||
print
|
|
||||||
errors.sort()
|
|
||||||
for user, keys in errors:
|
|
||||||
print 'shared user id "%s":' % (user,)
|
|
||||||
for key, apps in keys.iteritems():
|
|
||||||
print ' %-*s %s' % (maxlen, key or "(unknown key)", apps[0])
|
|
||||||
for a in apps[1:]:
|
|
||||||
print (' ' * (maxlen+5)) + a
|
|
||||||
print
|
|
||||||
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
|
|
||||||
def SignApk(data, keyname, pw):
|
def SignApk(data, keyname, pw):
|
||||||
unsigned = tempfile.NamedTemporaryFile()
|
unsigned = tempfile.NamedTemporaryFile()
|
||||||
unsigned.write(data)
|
unsigned.write(data)
|
||||||
@@ -350,7 +288,6 @@ def main(argv):
|
|||||||
|
|
||||||
apk_key_map = GetApkCerts(input_zip)
|
apk_key_map = GetApkCerts(input_zip)
|
||||||
CheckAllApksSigned(input_zip, apk_key_map)
|
CheckAllApksSigned(input_zip, apk_key_map)
|
||||||
CheckSharedUserIdsConsistent(input_zip, apk_key_map)
|
|
||||||
|
|
||||||
key_passwords = common.GetKeyPasswords(set(apk_key_map.values()))
|
key_passwords = common.GetKeyPasswords(set(apk_key_map.values()))
|
||||||
SignApks(input_zip, output_zip, apk_key_map, key_passwords)
|
SignApks(input_zip, output_zip, apk_key_map, key_passwords)
|
||||||
|
|||||||
Reference in New Issue
Block a user