Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build_soong / 9335a26cbd7f003798220e3c24814a1655fc84b3^! / . / apex / apex.go
commit9335a26cbd7f003798220e3c24814a1655fc84b3[log] [tgz]
authorJiyong Park <jiyong@google.com>Mon Dec 24 11:31:58 2018 +0900
committerJiyong Park <jiyong@google.com>Fri Jan 11 13:35:56 2019 +0900
treeaec010bb812487ee463da2809cac28ea6e733109
parent709a3294519cc9e07aa6a96144a231d6d60b1814 [diff] [blame]
APEXes can be signed with devkeys

When PRODUCT_DEFAULT_DEV_CERTIFICATE is set to /vendor/foo/devkeys/test,
then the public/private key pairs for an apex_key is searched at
/vendor/foo/devkeys directory.

To be specific,

/system/timezone/Android.bp:
apex_key {
    name: "timezone.key",
    public_key: "com.android.tzdata.avbpubkey",
    private_key: "com.android.tzdata.pem",
}

When PRODUCT_DEFAULT_DEV_CERTIFICATE isn't set, the keys are searched at
/system/timezone, which is the path where Android.bp is located.

With PRODUCT_DEFAULT_DEV_CERTIFICATE set to /vendor/foo/devkeys/test,
the keys are searched at /vendor/foo/devkeys.

Bug: 121224311
Test: m (apex_test updated)
Test: m with crosshatch (PRODUCT_DEFAULT_DEV_CERTIFICATE is set to
/vendor/google/...)
Test: m with cheets (PRODUCT_DEFAULT_DEV_CERTIFICATE is set, but there
is no apex key there. The product is with TARGET_FLATTEN_APEX := true)

Change-Id: I213bbb96c433d851f9cc982871459fd7fb4fe47d

diff --git a/apex/apex.go b/apex/apex.go
index 9f5a46c..e711c8b 100644
--- a/apex/apex.go
+++ b/apex/apex.go

@@ -448,15 +448,17 @@
 		{Mutator: "arch", Variation: "android_common"},
 	}, prebuiltTag, a.properties.Prebuilts...)
 
-	if String(a.properties.Key) == "" {
-		ctx.ModuleErrorf("key is missing")
-		return
-	}
-	ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
+	if !ctx.Config().FlattenApex() || ctx.Config().UnbundledBuild() {
+		if String(a.properties.Key) == "" {
+			ctx.ModuleErrorf("key is missing")
+			return
+		}
+		ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
 
-	cert := android.SrcIsModule(String(a.properties.Certificate))
-	if cert != "" {
-		ctx.AddDependency(ctx.Module(), certificateTag, cert)
+		cert := android.SrcIsModule(String(a.properties.Certificate))
+		if cert != "" {
+			ctx.AddDependency(ctx.Module(), certificateTag, cert)
+		}
 	}
 }
 
@@ -626,7 +628,8 @@
 		return false
 	})
 
-	if keyFile == nil {
+	a.flattened = ctx.Config().FlattenApex() && !ctx.Config().UnbundledBuild()
+	if !a.flattened && keyFile == nil {
 		ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.properties.Key))
 		return
 	}
@@ -656,7 +659,6 @@
 		filesInfo[i].moduleName = ctx.ModuleName() + "." + filesInfo[i].moduleName
 	}
 
-	a.flattened = ctx.Config().FlattenApex() && !ctx.Config().UnbundledBuild()
 	a.installDir = android.PathForModuleInstall(ctx, "apex")
 	a.filesInfo = filesInfo