Fix the signing error in gsi_arm64 builds

After adding 'PREBUILT_IMAGES/pvmfw.img' into gsi_arm64,
the signing process fails:

common.ExternalError: Failed to run command
  '['avbtool', 'extract_public_key', '--key', 'PRESIGNED',
    '--output', '/tmp/avb-8z8y8_xn.avbpubkey']' (exit code 1):
  ~/codebase/android15-tests-dev/otatools/bin/avbtool:
    Error getting public key: b'Could not open file or uri for loading
    private key of public key from PRESIGNED: No such file or directory\n'

This is because that apex files are pre-signed in gsi_arm64
and the script currently tries to extract public key from the
non-existing 'PRESIGNED' file.

Fix this by obtaining the public key from 'apex_pubkey' of
'SYSTEM/apex/com.android.virt.apex'.

See https://source.android.com/docs/core/ota/apex#apex-format
for details.

Bug: 384813199
Test: m sign_target_files_apks
Test: sign_target_files_apks --allow_gsi_debug_sepolicy \
        --extra_apex_payload_key com.android.virt.apex= \
        -e com.android.virt.apex= \
        gsi_arm64-target_files-${build_id}.zip signed.zip
Test: `zipinfo signed.zip | grep pvmfw`, checks pvmfw.img is included.
Change-Id: I551e14fa6a0c63e3cef334b953f670cf9c465e10
Merged-In: I551e14fa6a0c63e3cef334b953f670cf9c465e10
(cherry picked from commit 36981b54f0ee3788457f7e9cc4d866e485cce0a8)
1 file changed
tree: d96677e9c4db7f8adb5fa94bddf856175c315854
  1. ci/
  2. common/
  3. core/
  4. packaging/
  5. target/
  6. teams/
  7. tests/
  8. tools/
  9. .gitignore
  10. Android.bp
  11. banchanHelp.sh
  12. buildspec.mk.default
  13. Changes.md
  14. CleanSpec.mk
  15. cogsetup.sh
  16. Deprecation.md
  17. envsetup.sh
  18. help.sh
  19. navbar.md
  20. OWNERS
  21. PREUPLOAD.cfg
  22. rbesetup.sh
  23. README.md
  24. shell_utils.sh
  25. tapasHelp.sh
  26. Usage.txt
README.md

Android Make Build System

This is the Makefile-based portion of the Android Build System.

For documentation on how to run a build, see Usage.txt

For a list of behavioral changes useful for Android.mk writers see Changes.md

For an outdated reference on Android.mk files, see build-system.html. Our Android.mk files look similar, but are entirely different from the Android.mk files used by the NDK build system. When searching for documentation elsewhere, ensure that it is for the platform build system -- most are not.

This Makefile-based system is in the process of being replaced with Soong, a new build system written in Go. During the transition, all of these makefiles are read by Kati, and generate a ninja file instead of being executed directly. That's combined with a ninja file read by Soong so that the build graph of the two systems can be combined and run as one.