APEXs are signed with apk signer

The entire APEX (which is a zip file) is signed with the apk signer. Certificate can be specified via the 'certificate' property just like ordinary apps. Note: multiple additional certificates are not supported. Bug: 115721587 Test: m apex.test Test: jarsigner -verify -verbose -certs .../apex.test.apex shows the certificate info Change-Id: Ia4c898d3427779a3809fdc683b85d7661ca65137
2018-10-30 21:20:05 +09:00
parent a758cda418
commit c00cbd9e7b
4 changed files with 66 additions and 24 deletions
--- a/java/androidmk.go
+++ b/java/androidmk.go
@@ -239,7 +239,7 @@ func (app *AndroidApp) AndroidMk() android.AndroidMkData {
 					fmt.Fprintln(w, "LOCAL_PRIVILEGED_MODULE := true")
 				}

-				fmt.Fprintln(w, "LOCAL_CERTIFICATE :=", app.certificate.pem.String())
+				fmt.Fprintln(w, "LOCAL_CERTIFICATE :=", app.certificate.Pem.String())
 				if len(app.appProperties.Overrides) > 0 {
 					fmt.Fprintln(w, "LOCAL_OVERRIDES_PACKAGES := "+strings.Join(app.appProperties.Overrides, " "))
 				}
--- a/java/app.go
+++ b/java/app.go
@@ -76,7 +76,7 @@ type AndroidApp struct {
 	Library
 	aapt

-	certificate certificate
+	certificate Certificate

 	appProperties appProperties

@@ -99,8 +99,8 @@ func (a *AndroidApp) ExportedManifest() android.Path {

 var _ AndroidLibraryDependency = (*AndroidApp)(nil)

-type certificate struct {
-	pem, key android.Path
+type Certificate struct {
+	Pem, Key android.Path
 }

 func (a *AndroidApp) DepsMutator(ctx android.BottomUpMutatorContext) {
@@ -237,7 +237,7 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {
 		dexJarFile = nil
 	}

-	var certificates []certificate
+	var certificates []Certificate

 	var jniJarFile android.WritablePath
 	jniLibs, certificateDeps := a.collectAppDeps(ctx)
@@ -262,16 +262,16 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {
 		certificateDeps = certificateDeps[1:]
 	} else if cert != "" {
 		defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
-		a.certificate = certificate{
+		a.certificate = Certificate{
 			defaultDir.Join(ctx, cert+".x509.pem"),
 			defaultDir.Join(ctx, cert+".pk8"),
 		}
 	} else {
 		pem, key := ctx.Config().DefaultAppCertificate(ctx)
-		a.certificate = certificate{pem, key}
+		a.certificate = Certificate{pem, key}
 	}

-	certificates = append([]certificate{a.certificate}, certificateDeps...)
+	certificates = append([]Certificate{a.certificate}, certificateDeps...)

 	packageFile := android.PathForModuleOut(ctx, "package.apk")
 	CreateAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates)
@@ -287,9 +287,9 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {
 	}
 }

-func (a *AndroidApp) collectAppDeps(ctx android.ModuleContext) ([]jniLib, []certificate) {
+func (a *AndroidApp) collectAppDeps(ctx android.ModuleContext) ([]jniLib, []Certificate) {
 	var jniLibs []jniLib
-	var certificates []certificate
+	var certificates []Certificate

 	ctx.VisitDirectDeps(func(module android.Module) {
 		otherName := ctx.OtherModuleName(module)
@@ -313,7 +313,7 @@ func (a *AndroidApp) collectAppDeps(ctx android.ModuleContext) ([]jniLib, []cert
 			}
 		} else if tag == certificateTag {
 			if dep, ok := module.(*AndroidAppCertificate); ok {
-				certificates = append(certificates, dep.certificate)
+				certificates = append(certificates, dep.Certificate)
 			} else {
 				ctx.ModuleErrorf("certificate dependency %q must be an android_app_certificate module", otherName)
 			}
@@ -446,7 +446,7 @@ func AndroidTestHelperAppFactory() android.Module {
 type AndroidAppCertificate struct {
 	android.ModuleBase
 	properties  AndroidAppCertificateProperties
-	certificate certificate
+	Certificate Certificate
 }

 type AndroidAppCertificateProperties struct {
@@ -466,7 +466,7 @@ func (c *AndroidAppCertificate) DepsMutator(ctx android.BottomUpMutatorContext)

 func (c *AndroidAppCertificate) GenerateAndroidBuildActions(ctx android.ModuleContext) {
 	cert := String(c.properties.Certificate)
-	c.certificate = certificate{
+	c.Certificate = Certificate{
 		android.PathForModuleSrc(ctx, cert+".x509.pem"),
 		android.PathForModuleSrc(ctx, cert+".pk8"),
 	}
--- a/java/app_builder.go
+++ b/java/app_builder.go
@@ -29,7 +29,7 @@ import (
 )

 var (
-	signapk = pctx.AndroidStaticRule("signapk",
+	Signapk = pctx.AndroidStaticRule("signapk",
 		blueprint.RuleParams{
 			Command: `${config.JavaCmd} -Djava.library.path=$$(dirname $signapkJniLibrary) ` +
 				`-jar $signapkCmd $certificates $in $out`,
@@ -63,7 +63,7 @@ var combineApk = pctx.AndroidStaticRule("combineApk",
 	})

 func CreateAppPackage(ctx android.ModuleContext, outputFile android.WritablePath,
-	resJarFile, jniJarFile, dexJarFile android.Path, certificates []certificate) {
+	resJarFile, jniJarFile, dexJarFile android.Path, certificates []Certificate) {

 	unsignedApk := android.PathForModuleOut(ctx, "unsigned.apk")

@@ -84,11 +84,11 @@ func CreateAppPackage(ctx android.ModuleContext, outputFile android.WritablePath

 	var certificateArgs []string
 	for _, c := range certificates {
-		certificateArgs = append(certificateArgs, c.pem.String(), c.key.String())
+		certificateArgs = append(certificateArgs, c.Pem.String(), c.Key.String())
 	}

 	ctx.Build(pctx, android.BuildParams{
-		Rule:        signapk,
+		Rule:        Signapk,
 		Description: "signapk",
 		Output:      outputFile,
 		Input:       unsignedApk,