sign_target_files_apks: Fix password encrypted keys handle
This patch restores the possibility of using password encrypted
keys for build signing.
Bug: 171221825
Test: 1. Generate password encrypted keys (write non empty passwords):
$ subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
$ mkdir ~/.android-certs
$ for x in releasekey platform shared media; do \
./development/tools/make_key ~/.android-certs/$x \
"$subject"; \
done
2. Create a file with passwords:
Example of passwd file:
[[[ 12345678 ]]] /home/user/.android-certs/releasekey
[[[ 12345678 ]]] /home/user/.android-certs/platform
[[[ 12345678 ]]] /home/user/.android-certs/shared
[[[ 12345678 ]]] /home/user/.android-certs/media
[[[ 12345678 ]]] /home/user/.android-certs/networkstack
3. Tell system where to find passwords:
$ export ANDROID_PW_FILE=/path/to/file/with/passwords
4. Generate a release image:
$ make dist
$ sign_target_files_apks \
-o --default_key_mappings ~/.android-certs \
out/dist/*-target_files-*.zip \
signed-target_files.zip
Signed-off-by: Oleh Cherpak <oleh.cherpak@globallogic.com>
Change-Id: I3e9d5318f69a2c3ac6eec64b36163b6544d49c90
This commit is contained in:
Oleh Cherpak
@@ -49,7 +49,10 @@ class ApexApkSigner(object):
|
|||||||
|
|
||||||
def __init__(self, apex_path, key_passwords, codename_to_api_level_map):
|
def __init__(self, apex_path, key_passwords, codename_to_api_level_map):
|
||||||
self.apex_path = apex_path
|
self.apex_path = apex_path
|
||||||
self.key_passwords = key_passwords
|
if not key_passwords:
|
||||||
|
self.key_passwords = dict()
|
||||||
|
else:
|
||||||
|
self.key_passwords = key_passwords
|
||||||
self.codename_to_api_level_map = codename_to_api_level_map
|
self.codename_to_api_level_map = codename_to_api_level_map
|
||||||
|
|
||||||
def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
|
def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
|
||||||
@@ -110,7 +113,7 @@ class ApexApkSigner(object):
|
|||||||
# signed apk file.
|
# signed apk file.
|
||||||
unsigned_apk = common.MakeTempFile()
|
unsigned_apk = common.MakeTempFile()
|
||||||
os.rename(apk_path, unsigned_apk)
|
os.rename(apk_path, unsigned_apk)
|
||||||
common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords,
|
common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords.get(key_name),
|
||||||
codename_to_api_level_map=self.codename_to_api_level_map)
|
codename_to_api_level_map=self.codename_to_api_level_map)
|
||||||
has_signed_apk = True
|
has_signed_apk = True
|
||||||
return payload_dir, has_signed_apk
|
return payload_dir, has_signed_apk
|
||||||
@@ -356,7 +359,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
|
|||||||
aligned_apex,
|
aligned_apex,
|
||||||
signed_apex,
|
signed_apex,
|
||||||
container_key,
|
container_key,
|
||||||
container_pw,
|
container_pw.get(container_key),
|
||||||
codename_to_api_level_map=codename_to_api_level_map,
|
codename_to_api_level_map=codename_to_api_level_map,
|
||||||
extra_signapk_args=extra_signapk_args)
|
extra_signapk_args=extra_signapk_args)
|
||||||
|
|
||||||
|
|||||||
@@ -515,7 +515,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
|
|||||||
data,
|
data,
|
||||||
payload_key,
|
payload_key,
|
||||||
container_key,
|
container_key,
|
||||||
key_passwords[container_key],
|
key_passwords,
|
||||||
apk_keys,
|
apk_keys,
|
||||||
codename_to_api_level_map,
|
codename_to_api_level_map,
|
||||||
no_hashtree=True,
|
no_hashtree=True,
|
||||||
|
|||||||
Reference in New Issue
Block a user