Make apex.key and certificate overridable.
Test: apex_test.go
Fixes: 185477325
Change-Id: I8992ac5606fa92f53f07e6870a034f2d3352e618
diff --git a/apex/apex.go b/apex/apex.go
index f5e6fa9..39a498b 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -116,16 +116,6 @@
// List of filesystem images that are embedded inside this APEX bundle.
Filesystems []string
- // Name of the apex_key module that provides the private key to sign this APEX bundle.
- Key *string
-
- // Specifies the certificate and the private key to sign the zip container of this APEX. If
- // this is "foo", foo.x509.pem and foo.pk8 under PRODUCT_DEFAULT_DEV_CERTIFICATE are used
- // as the certificate and the private key, respectively. If this is ":module", then the
- // certificate and the private key are provided from the android_app_certificate module
- // named "module".
- Certificate *string
-
// The minimum SDK version that this APEX must support at minimum. This is usually set to
// the SDK version that the APEX was first introduced.
Min_sdk_version *string
@@ -305,6 +295,16 @@
// A txt file containing list of files that are allowed to be included in this APEX.
Allowed_files *string `android:"path"`
+
+ // Name of the apex_key module that provides the private key to sign this APEX bundle.
+ Key *string
+
+ // Specifies the certificate and the private key to sign the zip container of this APEX. If
+ // this is "foo", foo.x509.pem and foo.pk8 under PRODUCT_DEFAULT_DEV_CERTIFICATE are used
+ // as the certificate and the private key, respectively. If this is ":module", then the
+ // certificate and the private key are provided from the android_app_certificate module
+ // named "module".
+ Certificate *string
}
type apexBundle struct {
@@ -767,20 +767,6 @@
}
}
- // Dependencies for signing
- if String(a.properties.Key) == "" {
- ctx.PropertyErrorf("key", "missing")
- return
- }
- ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
-
- cert := android.SrcIsModule(a.getCertString(ctx))
- if cert != "" {
- ctx.AddDependency(ctx.Module(), certificateTag, cert)
- // empty cert is not an error. Cert and private keys will be directly found under
- // PRODUCT_DEFAULT_DEV_CERTIFICATE
- }
-
// Marks that this APEX (in fact all the modules in it) has to be built with the given SDKs.
// This field currently isn't used.
// TODO(jiyong): consider dropping this feature
@@ -804,6 +790,20 @@
commonVariation := ctx.Config().AndroidCommonTarget.Variations()
ctx.AddFarVariationDependencies(commonVariation, androidAppTag, a.overridableProperties.Apps...)
ctx.AddFarVariationDependencies(commonVariation, rroTag, a.overridableProperties.Rros...)
+
+ // Dependencies for signing
+ if String(a.overridableProperties.Key) == "" {
+ ctx.PropertyErrorf("key", "missing")
+ return
+ }
+ ctx.AddDependency(ctx.Module(), keyTag, String(a.overridableProperties.Key))
+
+ cert := android.SrcIsModule(a.getCertString(ctx))
+ if cert != "" {
+ ctx.AddDependency(ctx.Module(), certificateTag, cert)
+ // empty cert is not an error. Cert and private keys will be directly found under
+ // PRODUCT_DEFAULT_DEV_CERTIFICATE
+ }
}
type ApexBundleInfo struct {
@@ -1299,7 +1299,7 @@
if overridden {
return ":" + certificate
}
- return String(a.properties.Certificate)
+ return String(a.overridableProperties.Certificate)
}
// See the installable property
@@ -1956,7 +1956,7 @@
return false
})
if a.privateKeyFile == nil {
- ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.properties.Key))
+ ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.overridableProperties.Key))
return
}
diff --git a/apex/apex_test.go b/apex/apex_test.go
index 977a954..a7ae6f0 100644
--- a/apex/apex_test.go
+++ b/apex/apex_test.go
@@ -5599,6 +5599,8 @@
overrides: ["unknownapex"],
logging_parent: "com.foo.bar",
package_name: "test.overridden.package",
+ key: "mynewapex.key",
+ certificate: ":myapex.certificate",
}
apex_key {
@@ -5607,6 +5609,17 @@
private_key: "testkey.pem",
}
+ apex_key {
+ name: "mynewapex.key",
+ public_key: "testkey2.avbpubkey",
+ private_key: "testkey2.pem",
+ }
+
+ android_app_certificate {
+ name: "myapex.certificate",
+ certificate: "testkey",
+ }
+
android_app {
name: "app",
srcs: ["foo/bar/MyClass.java"],
@@ -5651,6 +5664,10 @@
optFlags := apexRule.Args["opt_flags"]
ensureContains(t, optFlags, "--override_apk_package_name test.overridden.package")
+ ensureContains(t, optFlags, "--pubkey testkey2.avbpubkey")
+
+ signApkRule := module.Rule("signapk")
+ ensureEquals(t, signApkRule.Args["certificates"], "testkey.x509.pem testkey.pk8")
data := android.AndroidMkDataForTest(t, ctx, apexBundle)
var builder strings.Builder
diff --git a/apex/builder.go b/apex/builder.go
index e59dc96..41f1cc7 100644
--- a/apex/builder.go
+++ b/apex/builder.go
@@ -872,7 +872,7 @@
return a.containerCertificateFile, a.containerPrivateKeyFile
}
- cert := String(a.properties.Certificate)
+ cert := String(a.overridableProperties.Certificate)
if cert == "" {
return ctx.Config().DefaultAppCertificate(ctx)
}