A custom APEX signing tool with --signing_args
apex_utils.SignApex() has `signing_args` argument which is supposed to
be passed to avbtool to set `--signing_helper` or
`--signing_helper_with_files`.
A custom APEX signing tool which relies on avbtool's signing should pass
the same arguments when signing_args is set.
This change passes signing_args verbatim to the custom APEX signing tool
via --signing_args argument.
Bug: 216971834
Test: tbd
Change-Id: I8aaec9440c4536e11e1e4a1dd4ae5f4fe32d4f23
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index ee0feae..2a39f65 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -102,14 +102,14 @@
' %s', entry)
payload_dir, has_signed_content = self.ExtractApexPayloadAndSignContents(
- apk_entries, apk_keys, payload_key)
+ apk_entries, apk_keys, payload_key, signing_args)
if not has_signed_content:
logger.info('No contents has been signed in %s', self.apex_path)
return self.apex_path
return self.RepackApexPayload(payload_dir, payload_key, signing_args)
- def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key):
+ def ExtractApexPayloadAndSignContents(self, apk_entries, apk_keys, payload_key, signing_args):
"""Extracts the payload image and signs the containing apk files."""
if not os.path.exists(self.debugfs_path):
raise ApexSigningError(
@@ -143,7 +143,12 @@
if self.sign_tool:
logger.info('Signing payload contents in apex %s with %s', self.apex_path, self.sign_tool)
- cmd = [self.sign_tool, '--avbtool', self.avbtool, payload_key, payload_dir]
+ # Pass avbtool to the custom signing tool
+ cmd = [self.sign_tool, '--avbtool', self.avbtool]
+ # Pass signing_args verbatim which will be forwarded to avbtool (e.g. --signing_helper=...)
+ if signing_args:
+ cmd.extend(['--signing_args', '"{}"'.format(signing_args)])
+ cmd.extend([payload_key, payload_dir])
common.RunAndCheckOutput(cmd)
has_signed_content = True