diff --git a/apex/apex.go b/apex/apex.go index 1f0618750..6ef8a87af 100644 --- a/apex/apex.go +++ b/apex/apex.go @@ -178,6 +178,10 @@ type apexBundleProperties struct { // used in tests. Test_only_force_compression *bool + // Put extra tags (signer=) to apexkeys.txt, so that release tools can sign this apex + // with the tool to sign payload contents. + Custom_sign_tool *string + // Canonical name of this APEX bundle. Used to determine the path to the // activated APEX on device (i.e. /apex/), and used for the // apex mutator variations. For override_apex modules, this is the name of the diff --git a/apex/apex_test.go b/apex/apex_test.go index b4da9b4f1..7ad129f9f 100644 --- a/apex/apex_test.go +++ b/apex/apex_test.go @@ -7685,6 +7685,28 @@ func TestApexKeysTxt(t *testing.T) { name: "myapex", key: "myapex.key", updatable: false, + custom_sign_tool: "sign_myapex", + } + + apex_key { + name: "myapex.key", + public_key: "testkey.avbpubkey", + private_key: "testkey.pem", + } + `) + + apexKeysText := ctx.SingletonForTests("apex_keys_text") + content := apexKeysText.MaybeDescription("apexkeys.txt").BuildParams.Args["content"] + ensureContains(t, content, `name="myapex.apex" public_key="vendor/foo/devkeys/testkey.avbpubkey" private_key="vendor/foo/devkeys/testkey.pem" container_certificate="vendor/foo/devkeys/test.x509.pem" container_private_key="vendor/foo/devkeys/test.pk8" partition="system_ext" sign_tool="sign_myapex"`) +} + +func TestApexKeysTxtOverrides(t *testing.T) { + ctx := testApex(t, ` + apex { + name: "myapex", + key: "myapex.key", + updatable: false, + custom_sign_tool: "sign_myapex", } apex_key { diff --git a/apex/key.go b/apex/key.go index e2695d7a0..259060f3b 100644 --- a/apex/key.go +++ b/apex/key.go @@ -123,13 +123,18 @@ func (s *apexKeysText) GenerateBuildActions(ctx android.SingletonContext) { containerCertificate string containerPrivateKey string partition string + signTool string } toString := func(e apexKeyEntry) string { - format := "name=%q public_key=%q private_key=%q container_certificate=%q container_private_key=%q partition=%q\n" + signTool := "" + if e.signTool != "" { + signTool = fmt.Sprintf(" sign_tool=%q", e.signTool) + } + format := "name=%q public_key=%q private_key=%q container_certificate=%q container_private_key=%q partition=%q%s\n" if e.presigned { - return fmt.Sprintf(format, e.name, "PRESIGNED", "PRESIGNED", "PRESIGNED", "PRESIGNED", e.partition) + return fmt.Sprintf(format, e.name, "PRESIGNED", "PRESIGNED", "PRESIGNED", "PRESIGNED", e.partition, signTool) } else { - return fmt.Sprintf(format, e.name, e.publicKey, e.privateKey, e.containerCertificate, e.containerPrivateKey, e.partition) + return fmt.Sprintf(format, e.name, e.publicKey, e.privateKey, e.containerCertificate, e.containerPrivateKey, e.partition, signTool) } } @@ -145,6 +150,7 @@ func (s *apexKeysText) GenerateBuildActions(ctx android.SingletonContext) { containerCertificate: pem.String(), containerPrivateKey: key.String(), partition: m.PartitionTag(ctx.DeviceConfig()), + signTool: proptools.String(m.properties.Custom_sign_tool), } } })