Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / e555ab18481114f61a603fbe6274b311758af14a^! / . / tools / releasetools / apex_utils.py
commite555ab18481114f61a603fbe6274b311758af14a[log] [tgz]
authorOleh Cherpak <oleh.cherpak@globallogic.com>Mon Oct 05 17:04:59 2020 +0300
committerOleh Cherpak <oleh.cherpak@globallogic.com>Tue Oct 20 18:29:35 2020 +0000
tree86c84a4db310d9c68e264ea72bf8ef0216513eb8
parent0071b0b56d7c630f4cd823e0b55c1f0e08b96010 [diff] [blame]
sign_target_files_apks: Fix password encrypted keys handle

This patch restores the possibility of using password encrypted
keys for build signing.

Bug: 171221825
Test: 1. Generate password encrypted keys (write non empty passwords):
        $ subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
        $ mkdir ~/.android-certs
        $ for x in releasekey platform shared media; do \
            ./development/tools/make_key ~/.android-certs/$x \
            "$subject"; \
          done
      2. Create a file with passwords:
        Example of passwd file:
            [[[ 12345678 ]]] /home/user/.android-certs/releasekey
            [[[ 12345678 ]]] /home/user/.android-certs/platform
            [[[ 12345678 ]]] /home/user/.android-certs/shared
            [[[ 12345678 ]]] /home/user/.android-certs/media
            [[[ 12345678 ]]] /home/user/.android-certs/networkstack
      3. Tell system where to find passwords:
        $ export ANDROID_PW_FILE=/path/to/file/with/passwords
      4. Generate a release image:
        $ make dist
        $ sign_target_files_apks \
        -o --default_key_mappings ~/.android-certs \
        out/dist/*-target_files-*.zip \
        signed-target_files.zip

Signed-off-by: Oleh Cherpak <oleh.cherpak@globallogic.com>
Change-Id: I3e9d5318f69a2c3ac6eec64b36163b6544d49c90

diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index 1c61938..2f26f23 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py

@@ -49,7 +49,10 @@
 
   def __init__(self, apex_path, key_passwords, codename_to_api_level_map):
     self.apex_path = apex_path
-    self.key_passwords = key_passwords
+    if not key_passwords:
+      self.key_passwords = dict()
+    else:
+      self.key_passwords = key_passwords
     self.codename_to_api_level_map = codename_to_api_level_map
 
   def ProcessApexFile(self, apk_keys, payload_key, signing_args=None):
@@ -110,7 +113,7 @@
       # signed apk file.
       unsigned_apk = common.MakeTempFile()
       os.rename(apk_path, unsigned_apk)
-      common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords,
+      common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords.get(key_name),
                       codename_to_api_level_map=self.codename_to_api_level_map)
       has_signed_apk = True
     return payload_dir, has_signed_apk
@@ -356,7 +359,7 @@
       aligned_apex,
       signed_apex,
       container_key,
-      container_pw,
+      container_pw.get(container_key),
       codename_to_api_level_map=codename_to_api_level_map,
       extra_signapk_args=extra_signapk_args)