Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / f6a53aa5f24878ad9098409ed3d3f41bb5c63fb5^! / . / tools / releasetools / check_target_files_signatures
commitf6a53aa5f24878ad9098409ed3d3f41bb5c63fb5[log] [tgz]
authorDoug Zongker <dougz@android.com>Tue Dec 15 15:06:55 2009 -0800
committerDoug Zongker <dougz@android.com>Tue Dec 15 15:06:55 2009 -0800
tree26993d68c40ee81a4a727631bb5bc23cb744e35a
parentbfa7a8fbda9317dee6266fe1e67399ba6d84c7a1 [diff] [blame]
add "EXTERNAL" as special value of LOCAL_CERTIFICATE

Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a
prebuilt or otherwise) as needing the default test key within the
system, but one that should be signed after the target_files is
produced but before sign_target_files_apks does the rest of the
signing.  (We use this to ship apps on the system that are signed by
third parties, like Facebook.)

diff --git a/tools/releasetools/check_target_files_signatures b/tools/releasetools/check_target_files_signatures
index b91f3d4..17aebdc 100755
--- a/tools/releasetools/check_target_files_signatures
+++ b/tools/releasetools/check_target_files_signatures

@@ -248,6 +248,7 @@
     d = common.UnzipTemp(filename, '*.apk')
     try:
       self.apks = {}
+      self.apks_by_basename = {}
       for dirpath, dirnames, filenames in os.walk(d):
         for fn in filenames:
           if fn.endswith(".apk"):
@@ -255,12 +256,17 @@
             displayname = fullname[len(d)+1:]
             apk = APK(fullname, displayname)
             self.apks[apk.package] = apk
+            self.apks_by_basename[os.path.basename(apk.filename)] = apk
 
             self.max_pkg_len = max(self.max_pkg_len, len(apk.package))
             self.max_fn_len = max(self.max_fn_len, len(apk.filename))
     finally:
       shutil.rmtree(d)
 
+    z = zipfile.ZipFile(open(filename, "rb"))
+    self.certmap = common.ReadApkCerts(z)
+    z.close()
+
   def CheckSharedUids(self):
     """Look for any instances where packages signed with different
     certs request the same sharedUserId."""
@@ -292,6 +298,20 @@
                                       apk.package, apk.filename)
       print
 
+  def CheckExternalSignatures(self):
+    for apk_filename, certname in self.certmap.iteritems():
+      if certname == "EXTERNAL":
+        # Apps marked EXTERNAL should be signed with the test key
+        # during development, then manually re-signed after
+        # predexopting.  Consider it an error if this app is now
+        # signed with any key that is present in our tree.
+        apk = self.apks_by_basename[apk_filename]
+        name = ALL_CERTS.Get(apk.cert)
+        if not name.startswith("unknown "):
+          Push(apk.filename)
+          AddProblem("hasn't been signed with EXTERNAL cert")
+          Pop()
+
   def PrintCerts(self):
     """Display a table of packages grouped by cert."""
     by_cert = {}
@@ -402,6 +422,7 @@
     Banner("target files")
     target_files.PrintCerts()
   target_files.CheckSharedUids()
+  target_files.CheckExternalSignatures()
   if compare_files:
     if OPTIONS.text:
       Banner("comparison files")