Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / 6d9e3da5f9399f9041c2356080c36b5cb8576166^! / . / tools
commit6d9e3da5f9399f9041c2356080c36b5cb8576166[log] [tgz]
authorTao Bao <tbao@google.com>Tue Mar 26 12:59:25 2019 -0700
committerTao Bao <tbao@google.com>Tue Mar 26 13:05:46 2019 -0700
tree70e759dbb51d7ab34bce605fb6caa932bd3fab2a
parent072795054a4284924067c5e7e9fa1ca56cb9598a [diff]
releasetools: Remove the sanity check on APEX payload key names.

Unlike container keys/certs, we'll always carry full names for APEX
payload signing keys.

Test: Run sign_target_files_apks.py on a target_files.zip with
      mismatching payload signing keys (e.g. shim apexes).
Test: `python -m unittest test_sign_target_files_apks`
Change-Id: Ifa329478f43b4f5ae665821564dbc14af7841330

diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 16c1840..d3e9ea1 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py

@@ -1081,7 +1081,6 @@
       continue
 
     name = matches.group('NAME')
-    payload_public_key = matches.group("PAYLOAD_PUBLIC_KEY")
     payload_private_key = matches.group("PAYLOAD_PRIVATE_KEY")
 
     def CompareKeys(pubkey, pubkey_suffix, privkey, privkey_suffix):
@@ -1091,13 +1090,9 @@
               privkey.endswith(privkey_suffix) and
               pubkey[:-pubkey_suffix_len] == privkey[:-privkey_suffix_len])
 
-    PAYLOAD_PUBLIC_KEY_SUFFIX = '.avbpubkey'
-    PAYLOAD_PRIVATE_KEY_SUFFIX = '.pem'
-    if not CompareKeys(
-        payload_public_key, PAYLOAD_PUBLIC_KEY_SUFFIX,
-        payload_private_key, PAYLOAD_PRIVATE_KEY_SUFFIX):
-      raise ValueError("Failed to parse payload keys: \n{}".format(line))
-
+    # Sanity check on the container key names, as we'll carry them without the
+    # extensions. This doesn't apply to payload keys though, which we will use
+    # full names only.
     container_cert = matches.group("CONTAINER_CERT")
     container_private_key = matches.group("CONTAINER_PRIVATE_KEY")
     if not CompareKeys(

diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index 6082baf..6a4df1a 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py

@@ -401,14 +401,14 @@
             'build/target/product/security/testkey'),
         }, keys_info)
 
-  def test_ReadApexKeysInfo_mismatchingKeys(self):
+  def test_ReadApexKeysInfo_mismatchingContainerKeys(self):
     # Mismatching payload public / private keys.
     apex_keys = self.APEX_KEYS_TXT + (
         'name="apex.apexd_test_different_app2.apex" '
         'public_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.avbpubkey" '
-        'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_3.pem" '
+        'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
         'container_certificate="build/target/product/security/testkey.x509.pem" '
-        'container_private_key="build/target/product/security/testkey.pk8"')
+        'container_private_key="build/target/product/security/testkey2.pk8"')
     target_files = common.MakeTempFile(suffix='.zip')
     with zipfile.ZipFile(target_files, 'w') as target_files_zip:
       target_files_zip.writestr('META/apexkeys.txt', apex_keys)
@@ -416,7 +416,7 @@
     with zipfile.ZipFile(target_files) as target_files_zip:
       self.assertRaises(ValueError, ReadApexKeysInfo, target_files_zip)
 
-  def test_ReadApexKeysInfo_missingPrivateKey(self):
+  def test_ReadApexKeysInfo_missingPayloadPrivateKey(self):
     # Invalid lines will be skipped.
     apex_keys = self.APEX_KEYS_TXT + (
         'name="apex.apexd_test_different_app2.apex" '
@@ -438,3 +438,26 @@
             'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
             'build/target/product/security/testkey'),
         }, keys_info)
+
+  def test_ReadApexKeysInfo_missingPayloadPublicKey(self):
+    # Invalid lines will be skipped.
+    apex_keys = self.APEX_KEYS_TXT + (
+        'name="apex.apexd_test_different_app2.apex" '
+        'private_key="system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem" '
+        'container_certificate="build/target/product/security/testkey.x509.pem" '
+        'container_private_key="build/target/product/security/testkey.pk8"')
+    target_files = common.MakeTempFile(suffix='.zip')
+    with zipfile.ZipFile(target_files, 'w') as target_files_zip:
+      target_files_zip.writestr('META/apexkeys.txt', apex_keys)
+
+    with zipfile.ZipFile(target_files) as target_files_zip:
+      keys_info = ReadApexKeysInfo(target_files_zip)
+
+    self.assertEqual({
+        'apex.apexd_test.apex': (
+            'system/apex/apexd/apexd_testdata/com.android.apex.test_package.pem',
+            'build/target/product/security/testkey'),
+        'apex.apexd_test_different_app.apex': (
+            'system/apex/apexd/apexd_testdata/com.android.apex.test_package_2.pem',
+            'build/target/product/security/testkey'),
+        }, keys_info)