From e555ab18481114f61a603fbe6274b311758af14a Mon Sep 17 00:00:00 2001 From: Oleh Cherpak Date: Mon, 5 Oct 2020 17:04:59 +0300 Subject: [PATCH] sign_target_files_apks: Fix password encrypted keys handle MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch restores the possibility of using password encrypted keys for build signing. Bug: 171221825 Test: 1. Generate password encrypted keys (write non empty passwords): $ subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com' $ mkdir ~/.android-certs $ for x in releasekey platform shared media; do \ ./development/tools/make_key ~/.android-certs/$x \ "$subject"; \ done       2. Create a file with passwords: Example of passwd file: [[[ 12345678 ]]] /home/user/.android-certs/releasekey [[[ 12345678 ]]] /home/user/.android-certs/platform [[[ 12345678 ]]] /home/user/.android-certs/shared [[[ 12345678 ]]] /home/user/.android-certs/media [[[ 12345678 ]]] /home/user/.android-certs/networkstack 3. Tell system where to find passwords: $ export ANDROID_PW_FILE=/path/to/file/with/passwords 4. Generate a release image: $ make dist $ sign_target_files_apks \ -o --default_key_mappings ~/.android-certs \ out/dist/*-target_files-*.zip \ signed-target_files.zip Signed-off-by: Oleh Cherpak Change-Id: I3e9d5318f69a2c3ac6eec64b36163b6544d49c90 --- tools/releasetools/apex_utils.py | 9 ++++++--- tools/releasetools/sign_target_files_apks.py | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py index 1c61938048..2f26f23f53 100644 --- a/tools/releasetools/apex_utils.py +++ b/tools/releasetools/apex_utils.py @@ -49,7 +49,10 @@ class ApexApkSigner(object): def __init__(self, apex_path, key_passwords, codename_to_api_level_map): self.apex_path = apex_path - self.key_passwords = key_passwords + if not key_passwords: + self.key_passwords = dict() + else: + self.key_passwords = key_passwords self.codename_to_api_level_map = codename_to_api_level_map def ProcessApexFile(self, apk_keys, payload_key, signing_args=None): @@ -110,7 +113,7 @@ class ApexApkSigner(object): # signed apk file. unsigned_apk = common.MakeTempFile() os.rename(apk_path, unsigned_apk) - common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords, + common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords.get(key_name), codename_to_api_level_map=self.codename_to_api_level_map) has_signed_apk = True return payload_dir, has_signed_apk @@ -356,7 +359,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, aligned_apex, signed_apex, container_key, - container_pw, + container_pw.get(container_key), codename_to_api_level_map=codename_to_api_level_map, extra_signapk_args=extra_signapk_args) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 47360c9464..5ba46aa847 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -515,7 +515,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, data, payload_key, container_key, - key_passwords[container_key], + key_passwords, apk_keys, codename_to_api_level_map, no_hashtree=True,