Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / cea6ad1fb022a6c2cc43d2666720807d5f4720c4^! / . / tools / releasetools / apex_utils.py
commitcea6ad1fb022a6c2cc43d2666720807d5f4720c4[log] [tgz]
authorTianjie Xu <xunchang@google.com>Thu Jan 30 17:12:05 2020 -0800
committerTianjie Xu <xunchang@google.com>Fri Jan 31 01:37:36 2020 +0000
tree69566ea7157b5a6331e04a28ccee30296bd08609
parentd0511cfbbbdff60e77d59218be162bf471d8976f [diff] [blame]
Pass signing_args to apexer to repack apex

In the build signing environment, we don't necessary have access to the
physical private key. And we work around it by passing an extra
signing_helper to the avbtool instead of a private key. Since we need
to perform signing to add the hashtree footer when rebuilding the apex
image. We should propogate the signing_helper to apexer and eventually
to avbtool.

Bug: 148627666
Test: unit tests pass. Smoke test by pass a public key to apexer and
hardcode the private key in signing helper script.
Change-Id: I56d57485493a5ba2cbe4c49e493ee9604f68088b

diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index cf10386..4ca0917 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py

@@ -50,7 +50,8 @@
     self.key_passwords = key_passwords
     self.codename_to_api_level_map = codename_to_api_level_map
 
-  def ProcessApexFile(self, apk_keys, payload_key, payload_public_key):
+  def ProcessApexFile(self, apk_keys, payload_key, payload_public_key,
+                      signing_args=None):
     """Scans and signs the apk files and repack the apex
 
     Args:
@@ -88,7 +89,8 @@
       logger.info('No apk file has been signed in %s', self.apex_path)
       return self.apex_path
 
-    return self.RepackApexPayload(payload_dir, payload_key, payload_public_key)
+    return self.RepackApexPayload(payload_dir, payload_key, payload_public_key,
+                                  signing_args)
 
   def ExtractApexPayloadAndSignApks(self, apk_entries, apk_keys):
     """Extracts the payload image and signs the containing apk files."""
@@ -116,7 +118,8 @@
       has_signed_apk = True
     return payload_dir, has_signed_apk
 
-  def RepackApexPayload(self, payload_dir, payload_key, payload_public_key):
+  def RepackApexPayload(self, payload_dir, payload_key, payload_public_key,
+                        signing_args=None):
     """Rebuilds the apex file with the updated payload directory."""
     apex_dir = common.MakeTempDir()
     # Extract the apex file and reuse its meta files as repack parameters.
@@ -153,20 +156,19 @@
                   '--do_not_check_keyname', '--apexer_tool_path',
                   os.getenv('PATH')]
     for key, val in arguments_dict.items():
-      repack_cmd.append('--' + key)
-      repack_cmd.append(val)
+      repack_cmd.extend(['--' + key, val])
+    if signing_args:
+      repack_cmd.extend(['--signing_args', signing_args])
     # optional arguments for apex repacking
     manifest_json = os.path.join(apex_dir, 'apex_manifest.json')
     if os.path.exists(manifest_json):
-      repack_cmd.append('--manifest_json')
-      repack_cmd.append(manifest_json)
+      repack_cmd.extend(['--manifest_json', manifest_json])
     assets_dir = os.path.join(apex_dir, 'assets')
     if os.path.isdir(assets_dir):
-      repack_cmd.append('--assets_dir')
-      repack_cmd.append(assets_dir)
-
-    repack_cmd.append(payload_dir)
-    repack_cmd.append(repacked_apex)
+      repack_cmd.extend(['--assets_dir', assets_dir])
+    repack_cmd.extend([payload_dir, repacked_apex])
+    if OPTIONS.verbose:
+      repack_cmd.append('-v')
     common.RunAndCheckOutput(repack_cmd)
 
     return repacked_apex
@@ -316,7 +318,7 @@
   apk_signer = ApexApkSigner(apex_file, container_pw,
                              codename_to_api_level_map)
   apex_file = apk_signer.ProcessApexFile(apk_keys, payload_key,
-                                         payload_public_key)
+                                         payload_public_key, signing_args)
 
   # 2a. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given
   # payload_key.