apex.custom_sign_tool property
A new property indicates a CLI tool to sign the APEX contents. The value
is stored in apexkeys.txt so that releasetool (sign_target_files_apks)
can use it to invoke the tool to re-sign the apex contents.
Bug: 193504286
Test: m out/soong/apexkeys.txt
com.android.virt.apex line has sign_tool value
Change-Id: Ifd472049b75b5b87c1ed320f5e1190ff65ed54f2
diff --git a/apex/apex.go b/apex/apex.go
index 1f06187..6ef8a87 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -178,6 +178,10 @@
// used in tests.
Test_only_force_compression *bool
+ // Put extra tags (signer=<value>) to apexkeys.txt, so that release tools can sign this apex
+ // with the tool to sign payload contents.
+ Custom_sign_tool *string
+
// Canonical name of this APEX bundle. Used to determine the path to the
// activated APEX on device (i.e. /apex/<apexVariationName>), and used for the
// apex mutator variations. For override_apex modules, this is the name of the
diff --git a/apex/apex_test.go b/apex/apex_test.go
index 78a6bb8..8aaa31a 100644
--- a/apex/apex_test.go
+++ b/apex/apex_test.go
@@ -7683,6 +7683,28 @@
name: "myapex",
key: "myapex.key",
updatable: false,
+ custom_sign_tool: "sign_myapex",
+ }
+
+ apex_key {
+ name: "myapex.key",
+ public_key: "testkey.avbpubkey",
+ private_key: "testkey.pem",
+ }
+ `)
+
+ apexKeysText := ctx.SingletonForTests("apex_keys_text")
+ content := apexKeysText.MaybeDescription("apexkeys.txt").BuildParams.Args["content"]
+ ensureContains(t, content, `name="myapex.apex" public_key="vendor/foo/devkeys/testkey.avbpubkey" private_key="vendor/foo/devkeys/testkey.pem" container_certificate="vendor/foo/devkeys/test.x509.pem" container_private_key="vendor/foo/devkeys/test.pk8" partition="system_ext" sign_tool="sign_myapex"`)
+}
+
+func TestApexKeysTxtOverrides(t *testing.T) {
+ ctx := testApex(t, `
+ apex {
+ name: "myapex",
+ key: "myapex.key",
+ updatable: false,
+ custom_sign_tool: "sign_myapex",
}
apex_key {
diff --git a/apex/key.go b/apex/key.go
index e2695d7..259060f 100644
--- a/apex/key.go
+++ b/apex/key.go
@@ -123,13 +123,18 @@
containerCertificate string
containerPrivateKey string
partition string
+ signTool string
}
toString := func(e apexKeyEntry) string {
- format := "name=%q public_key=%q private_key=%q container_certificate=%q container_private_key=%q partition=%q\n"
+ signTool := ""
+ if e.signTool != "" {
+ signTool = fmt.Sprintf(" sign_tool=%q", e.signTool)
+ }
+ format := "name=%q public_key=%q private_key=%q container_certificate=%q container_private_key=%q partition=%q%s\n"
if e.presigned {
- return fmt.Sprintf(format, e.name, "PRESIGNED", "PRESIGNED", "PRESIGNED", "PRESIGNED", e.partition)
+ return fmt.Sprintf(format, e.name, "PRESIGNED", "PRESIGNED", "PRESIGNED", "PRESIGNED", e.partition, signTool)
} else {
- return fmt.Sprintf(format, e.name, e.publicKey, e.privateKey, e.containerCertificate, e.containerPrivateKey, e.partition)
+ return fmt.Sprintf(format, e.name, e.publicKey, e.privateKey, e.containerCertificate, e.containerPrivateKey, e.partition, signTool)
}
}
@@ -145,6 +150,7 @@
containerCertificate: pem.String(),
containerPrivateKey: key.String(),
partition: m.PartitionTag(ctx.DeviceConfig()),
+ signTool: proptools.String(m.properties.Custom_sign_tool),
}
}
})