StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add flags to override all apex/apk keys

Browse Source 
Currently, if we want to override all apex/apk key, we must specify all apk/apex names exhaustively. This causes CLI arguments to be very long and sometimes exceeds OS's limit.

Test: run signing test locally on build 8862875 on git_master
Bug: 239991438
Change-Id: Idbd3b7eef9b2a27236f4ca7a27449fcdf0d2dd3f
This commit is contained in:
Kelvin Zhang
2022-08-01 15:58:51 -07:00
parent 1fabb2a942
commit e50bb51fa9
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tools/releasetools/sign_target_files_apks.py
View File

@@ -141,6 +141,12 @@ Usage: sign_target_files_apks [flags] input_target_files output_target_files
Allow the existence of the file 'userdebug_plat_sepolicy.cil' under Allow the existence of the file 'userdebug_plat_sepolicy.cil' under
(/system/system_ext|/system_ext)/etc/selinux. (/system/system_ext|/system_ext)/etc/selinux.
If not set, error out when the file exists. If not set, error out when the file exists.
--override_apk_keys <path>
Replace all APK keys with this private key
--override_apex_keys <path>
Replace all APEX keys with this private key
""" """
from __future__ import print_function from __future__ import print_function
@@ -197,6 +203,8 @@ OPTIONS.android_jar_path = None
OPTIONS.vendor_partitions = set() OPTIONS.vendor_partitions = set()
OPTIONS.vendor_otatools = None OPTIONS.vendor_otatools = None
OPTIONS.allow_gsi_debug_sepolicy = False OPTIONS.allow_gsi_debug_sepolicy = False
OPTIONS.override_apk_keys = None
OPTIONS.override_apex_keys = None
AVB_FOOTER_ARGS_BY_PARTITION = { AVB_FOOTER_ARGS_BY_PARTITION = {
@@ -245,6 +253,10 @@ def GetApexFilename(filename):
def GetApkCerts(certmap): def GetApkCerts(certmap):
if OPTIONS.override_apk_keys is not None:
for apk in certmap.keys():
certmap[apk] = OPTIONS.override_apk_keys
# apply the key remapping to the contents of the file # apply the key remapping to the contents of the file
for apk, cert in certmap.items(): for apk, cert in certmap.items():
certmap[apk] = OPTIONS.key_map.get(cert, cert) certmap[apk] = OPTIONS.key_map.get(cert, cert)
@@ -275,6 +287,15 @@ def GetApexKeys(keys_info, key_map):
Raises: Raises:
AssertionError: On invalid container / payload key overrides. AssertionError: On invalid container / payload key overrides.
""" """
if OPTIONS.override_apex_keys is not None:
for apex in keys_info.keys():
keys_info[apex] = (OPTIONS.override_apex_keys, keys_info[apex][1], keys_info[apex][2])
if OPTIONS.override_apk_keys is not None:
key = key_map.get(OPTIONS.override_apk_keys, OPTIONS.override_apk_keys)
for apex in keys_info.keys():
keys_info[apex] = (keys_info[apex][0], key, keys_info[apex][2])
# Apply all the --extra_apex_payload_key options to override the payload # Apply all the --extra_apex_payload_key options to override the payload
# signing keys in the given keys_info. # signing keys in the given keys_info.
for apex, key in OPTIONS.extra_apex_payload_keys.items(): for apex, key in OPTIONS.extra_apex_payload_keys.items():
@@ -1485,6 +1506,10 @@ def main(argv):
OPTIONS.vendor_partitions = set(a.split(",")) OPTIONS.vendor_partitions = set(a.split(","))
elif o == "--allow_gsi_debug_sepolicy": elif o == "--allow_gsi_debug_sepolicy":
OPTIONS.allow_gsi_debug_sepolicy = True OPTIONS.allow_gsi_debug_sepolicy = True
elif o == "--override_apk_keys":
OPTIONS.override_apk_keys = a
elif o == "--override_apex_keys":
OPTIONS.override_apex_keys = a
else: else:
return False return False
return True return True
@@ -1538,6 +1563,8 @@ def main(argv):
"vendor_partitions=", "vendor_partitions=",
"vendor_otatools=", "vendor_otatools=",
"allow_gsi_debug_sepolicy", "allow_gsi_debug_sepolicy",
"override_apk_keys=",
"override_apex_keys=",
], ],
extra_option_handler=option_handler) extra_option_handler=option_handler)