StrixOS/build_soong
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix apex to override certificate

Browse Source 
The rules for apex certificate:
1. <unspecified>: use <default app cerficicate>
2. name: use <default app cerficiate dir>/<name>(.x509.pem|.pk8)
3. :module: use specified by <module>

Certificates can be overridden by PRODUCT_CERTIFICATE_OVERRIDES.

Currently, 1) and 2) aren't overridden by PRODUCT_CERTIFICATE_OVERRIDES,
which should be.

Bug: n/a
Test: m (apex_test.go amended)
Change-Id: Icbdf4979613ef10127ecc02f3debd6a798460532
This commit is contained in:
Jooyung Han
2019-12-17 14:30:11 +09:00
parent 671f1ce75e
commit f121a657c9
2 changed files with 139 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
apex/apex_test.go
View File

@@ -1263,6 +1263,134 @@ func TestKeys(t *testing.T) {
}
}
func TestCertificate(t *testing.T) {
t.Run("if unspecified, it defaults to DefaultAppCertificate", func(t *testing.T) {
ctx, _ := testApex(t, `
apex {
name: "myapex",
key: "myapex.key",
}
apex_key {
name: "myapex.key",
public_key: "testkey.avbpubkey",
private_key: "testkey.pem",
}`)
rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Rule("signapk")
expected := "vendor/foo/devkeys/test.x509.pem vendor/foo/devkeys/test.pk8"
if actual := rule.Args["certificates"]; actual != expected {
t.Errorf("certificates should be %q, not %q", expected, actual)
}
})
t.Run("override when unspecified", func(t *testing.T) {
ctx, _ := testApex(t, `
apex {
name: "myapex_keytest",
key: "myapex.key",
file_contexts: ":myapex-file_contexts",
}
apex_key {
name: "myapex.key",
public_key: "testkey.avbpubkey",
private_key: "testkey.pem",
}
android_app_certificate {
name: "myapex.certificate.override",
certificate: "testkey.override",
}`)
rule := ctx.ModuleForTests("myapex_keytest", "android_common_myapex_keytest_image").Rule("signapk")
expected := "testkey.override.x509.pem testkey.override.pk8"
if actual := rule.Args["certificates"]; actual != expected {
t.Errorf("certificates should be %q, not %q", expected, actual)
}
})
t.Run("if specified as :module, it respects the prop", func(t *testing.T) {
ctx, _ := testApex(t, `
apex {
name: "myapex",
key: "myapex.key",
certificate: ":myapex.certificate",
}
apex_key {
name: "myapex.key",
public_key: "testkey.avbpubkey",
private_key: "testkey.pem",
}
android_app_certificate {
name: "myapex.certificate",
certificate: "testkey",
}`)
rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Rule("signapk")
expected := "testkey.x509.pem testkey.pk8"
if actual := rule.Args["certificates"]; actual != expected {
t.Errorf("certificates should be %q, not %q", expected, actual)
}
})
t.Run("override when specifiec as <:module>", func(t *testing.T) {
ctx, _ := testApex(t, `
apex {
name: "myapex_keytest",
key: "myapex.key",
file_contexts: ":myapex-file_contexts",
certificate: ":myapex.certificate",
}
apex_key {
name: "myapex.key",
public_key: "testkey.avbpubkey",
private_key: "testkey.pem",
}
android_app_certificate {
name: "myapex.certificate.override",
certificate: "testkey.override",
}`)
rule := ctx.ModuleForTests("myapex_keytest", "android_common_myapex_keytest_image").Rule("signapk")
expected := "testkey.override.x509.pem testkey.override.pk8"
if actual := rule.Args["certificates"]; actual != expected {
t.Errorf("certificates should be %q, not %q", expected, actual)
}
})
t.Run("if specified as name, finds it from DefaultDevKeyDir", func(t *testing.T) {
ctx, _ := testApex(t, `
apex {
name: "myapex",
key: "myapex.key",
certificate: "testkey",
}
apex_key {
name: "myapex.key",
public_key: "testkey.avbpubkey",
private_key: "testkey.pem",
}`)
rule := ctx.ModuleForTests("myapex", "android_common_myapex_image").Rule("signapk")
expected := "vendor/foo/devkeys/testkey.x509.pem vendor/foo/devkeys/testkey.pk8"
if actual := rule.Args["certificates"]; actual != expected {
t.Errorf("certificates should be %q, not %q", expected, actual)
}
})
t.Run("override when specified as <name>", func(t *testing.T) {
ctx, _ := testApex(t, `
apex {
name: "myapex_keytest",
key: "myapex.key",
file_contexts: ":myapex-file_contexts",
certificate: "testkey",
}
apex_key {
name: "myapex.key",
public_key: "testkey.avbpubkey",
private_key: "testkey.pem",
}
android_app_certificate {
name: "myapex.certificate.override",
certificate: "testkey.override",
}`)
rule := ctx.ModuleForTests("myapex_keytest", "android_common_myapex_keytest_image").Rule("signapk")
expected := "testkey.override.x509.pem testkey.override.pk8"
if actual := rule.Args["certificates"]; actual != expected {
t.Errorf("certificates should be %q, not %q", expected, actual)
}
})
}
func TestMacro(t *testing.T) {
ctx, _ := testApex(t, `
apex {

20
apex/builder.go
View File

@@ -495,15 +495,17 @@ func (a *apexBundle) buildFlattenedApex(ctx android.ModuleContext) {
}
func (a *apexBundle) setCertificateAndPrivateKey(ctx android.ModuleContext) {
cert := String(a.properties.Certificate)
if cert != "" && android.SrcIsModule(cert) == "" {
defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
a.container_certificate_file = defaultDir.Join(ctx, cert+".x509.pem")
a.container_private_key_file = defaultDir.Join(ctx, cert+".pk8")
} else if cert == "" {
pem, key := ctx.Config().DefaultAppCertificate(ctx)
a.container_certificate_file = pem
a.container_private_key_file = key
if a.container_certificate_file == nil {
cert := String(a.properties.Certificate)
if cert == "" {
pem, key := ctx.Config().DefaultAppCertificate(ctx)
a.container_certificate_file = pem
a.container_private_key_file = key
} else {
defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
a.container_certificate_file = defaultDir.Join(ctx, cert+".x509.pem")
a.container_private_key_file = defaultDir.Join(ctx, cert+".pk8")
}
}
}