APEXs are signed with apk signer
The entire APEX (which is a zip file) is signed with the apk signer.
Certificate can be specified via the 'certificate' property just like
ordinary apps. Note: multiple additional certificates are not supported.
Bug: 115721587
Test: m apex.test
Test: jarsigner -verify -verbose -certs .../apex.test.apex shows the
certificate info
Change-Id: Ia4c898d3427779a3809fdc683b85d7661ca65137
diff --git a/java/androidmk.go b/java/androidmk.go
index 359594c..e395c9b 100644
--- a/java/androidmk.go
+++ b/java/androidmk.go
@@ -239,7 +239,7 @@
fmt.Fprintln(w, "LOCAL_PRIVILEGED_MODULE := true")
}
- fmt.Fprintln(w, "LOCAL_CERTIFICATE :=", app.certificate.pem.String())
+ fmt.Fprintln(w, "LOCAL_CERTIFICATE :=", app.certificate.Pem.String())
if len(app.appProperties.Overrides) > 0 {
fmt.Fprintln(w, "LOCAL_OVERRIDES_PACKAGES := "+strings.Join(app.appProperties.Overrides, " "))
}
diff --git a/java/app.go b/java/app.go
index db6c15c..7ca20ce 100644
--- a/java/app.go
+++ b/java/app.go
@@ -76,7 +76,7 @@
Library
aapt
- certificate certificate
+ certificate Certificate
appProperties appProperties
@@ -99,8 +99,8 @@
var _ AndroidLibraryDependency = (*AndroidApp)(nil)
-type certificate struct {
- pem, key android.Path
+type Certificate struct {
+ Pem, Key android.Path
}
func (a *AndroidApp) DepsMutator(ctx android.BottomUpMutatorContext) {
@@ -237,7 +237,7 @@
dexJarFile = nil
}
- var certificates []certificate
+ var certificates []Certificate
var jniJarFile android.WritablePath
jniLibs, certificateDeps := a.collectAppDeps(ctx)
@@ -262,16 +262,16 @@
certificateDeps = certificateDeps[1:]
} else if cert != "" {
defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
- a.certificate = certificate{
+ a.certificate = Certificate{
defaultDir.Join(ctx, cert+".x509.pem"),
defaultDir.Join(ctx, cert+".pk8"),
}
} else {
pem, key := ctx.Config().DefaultAppCertificate(ctx)
- a.certificate = certificate{pem, key}
+ a.certificate = Certificate{pem, key}
}
- certificates = append([]certificate{a.certificate}, certificateDeps...)
+ certificates = append([]Certificate{a.certificate}, certificateDeps...)
packageFile := android.PathForModuleOut(ctx, "package.apk")
CreateAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates)
@@ -287,9 +287,9 @@
}
}
-func (a *AndroidApp) collectAppDeps(ctx android.ModuleContext) ([]jniLib, []certificate) {
+func (a *AndroidApp) collectAppDeps(ctx android.ModuleContext) ([]jniLib, []Certificate) {
var jniLibs []jniLib
- var certificates []certificate
+ var certificates []Certificate
ctx.VisitDirectDeps(func(module android.Module) {
otherName := ctx.OtherModuleName(module)
@@ -313,7 +313,7 @@
}
} else if tag == certificateTag {
if dep, ok := module.(*AndroidAppCertificate); ok {
- certificates = append(certificates, dep.certificate)
+ certificates = append(certificates, dep.Certificate)
} else {
ctx.ModuleErrorf("certificate dependency %q must be an android_app_certificate module", otherName)
}
@@ -446,7 +446,7 @@
type AndroidAppCertificate struct {
android.ModuleBase
properties AndroidAppCertificateProperties
- certificate certificate
+ Certificate Certificate
}
type AndroidAppCertificateProperties struct {
@@ -466,7 +466,7 @@
func (c *AndroidAppCertificate) GenerateAndroidBuildActions(ctx android.ModuleContext) {
cert := String(c.properties.Certificate)
- c.certificate = certificate{
+ c.Certificate = Certificate{
android.PathForModuleSrc(ctx, cert+".x509.pem"),
android.PathForModuleSrc(ctx, cert+".pk8"),
}
diff --git a/java/app_builder.go b/java/app_builder.go
index 7577444..424aec8 100644
--- a/java/app_builder.go
+++ b/java/app_builder.go
@@ -29,7 +29,7 @@
)
var (
- signapk = pctx.AndroidStaticRule("signapk",
+ Signapk = pctx.AndroidStaticRule("signapk",
blueprint.RuleParams{
Command: `${config.JavaCmd} -Djava.library.path=$$(dirname $signapkJniLibrary) ` +
`-jar $signapkCmd $certificates $in $out`,
@@ -63,7 +63,7 @@
})
func CreateAppPackage(ctx android.ModuleContext, outputFile android.WritablePath,
- resJarFile, jniJarFile, dexJarFile android.Path, certificates []certificate) {
+ resJarFile, jniJarFile, dexJarFile android.Path, certificates []Certificate) {
unsignedApk := android.PathForModuleOut(ctx, "unsigned.apk")
@@ -84,11 +84,11 @@
var certificateArgs []string
for _, c := range certificates {
- certificateArgs = append(certificateArgs, c.pem.String(), c.key.String())
+ certificateArgs = append(certificateArgs, c.Pem.String(), c.Key.String())
}
ctx.Build(pctx, android.BuildParams{
- Rule: signapk,
+ Rule: Signapk,
Description: "signapk",
Output: outputFile,
Input: unsignedApk,