New module type to collect cert files for otatools.zip
- Use finder.go to search "*.pem", "*.pk8", and "*.avbpubkey".
- The "otatools_package_cert_files" gathers these certs into zip.
- The cert files are in "build/make/target/product/security", "device",
"external/avb/test/data", "packages/modules", and "vendor" folders.
Bug: 403277238
Test: m -j blueprint_tools && cat out/.module_paths/OtaToolsCertFiles.list
Test: m otatools_package_cert_files
Change-Id: I5673ef03b0e47c7783918f566af67c1fdc2838bb
diff --git a/android/Android.bp b/android/Android.bp
index 00dc50a..71e6747 100644
--- a/android/Android.bp
+++ b/android/Android.bp
@@ -83,6 +83,7 @@
"nothing.go",
"notices.go",
"onceper.go",
+ "otatools_package_cert_zip.go",
"override_module.go",
"package.go",
"package_ctx.go",
diff --git a/android/otatools_package_cert_zip.go b/android/otatools_package_cert_zip.go
new file mode 100644
index 0000000..03265ca
--- /dev/null
+++ b/android/otatools_package_cert_zip.go
@@ -0,0 +1,62 @@
+// Copyright 2025 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package android
+
+import (
+ "github.com/google/blueprint"
+)
+
+func init() {
+ RegisterOtatoolsPackageBuildComponents(InitRegistrationContext)
+ pctx.HostBinToolVariable("SoongZipCmd", "soong_zip")
+}
+
+func RegisterOtatoolsPackageBuildComponents(ctx RegistrationContext) {
+ ctx.RegisterModuleType("otatools_package_cert_files", OtatoolsPackageFactory)
+}
+
+type OtatoolsPackage struct {
+ ModuleBase
+}
+
+func OtatoolsPackageFactory() Module {
+ module := &OtatoolsPackage{}
+ InitAndroidModule(module)
+ return module
+}
+
+var (
+ otatoolsPackageCertRule = pctx.AndroidStaticRule("otatools_package_cert_files", blueprint.RuleParams{
+ Command: "echo $out: > ${out}.d && cat $in >> ${out}.d && ${SoongZipCmd} -o $out -l $in",
+ CommandDeps: []string{"${SoongZipCmd}"},
+ Depfile: "${out}.d",
+ Description: "Zip otatools-package cert files",
+ })
+)
+
+func (fg *OtatoolsPackage) GenerateAndroidBuildActions(ctx ModuleContext) {
+ if ctx.ModuleDir() != "build/make/tools/otatools_package" {
+ ctx.ModuleErrorf("There can only be one otatools_package_cert_files module in build/make/tools/otatools_package")
+ return
+ }
+ fileListFile := PathForArbitraryOutput(ctx, ".module_paths", "OtaToolsCertFiles.list")
+ otatoolsPackageCertZip := PathForModuleOut(ctx, "otatools_package_cert_files.zip")
+ ctx.Build(pctx, BuildParams{
+ Rule: otatoolsPackageCertRule,
+ Input: fileListFile,
+ Output: otatoolsPackageCertZip,
+ })
+ ctx.SetOutputFiles([]Path{otatoolsPackageCertZip}, "")
+}
diff --git a/ui/build/finder.go b/ui/build/finder.go
index 783b488..ff8908b 100644
--- a/ui/build/finder.go
+++ b/ui/build/finder.go
@@ -84,8 +84,14 @@
// METADATA file of packages
"METADATA",
},
- // .mk files for product/board configuration.
- IncludeSuffixes: []string{".mk"},
+ IncludeSuffixes: []string{
+ // .mk files for product/board configuration.
+ ".mk",
+ // otatools cert files
+ ".pk8",
+ ".pem",
+ ".avbpubkey",
+ },
}
dumpDir := config.FileListDir()
f, err = finder.New(cacheParams, filesystem, logger.New(ioutil.Discard),
@@ -118,6 +124,18 @@
return entries.DirNames, matches
}
+func findOtaToolsCertFiles(entries finder.DirEntries) (dirNames []string, fileNames []string) {
+ matches := []string{}
+ for _, foundName := range entries.FileNames {
+ if strings.HasSuffix(foundName, ".pk8") ||
+ strings.HasSuffix(foundName, ".pem") ||
+ strings.HasSuffix(foundName, ".avbpubkey") {
+ matches = append(matches, foundName)
+ }
+ }
+ return entries.DirNames, matches
+}
+
// FindSources searches for source files known to <f> and writes them to the filesystem for
// use later.
func FindSources(ctx Context, config Config, f *finder.Finder) {
@@ -184,6 +202,17 @@
ctx.Fatalf("Could not find TEST_MAPPING: %v", err)
}
+ // Recursively look for all otatools cert files.
+ otatools_cert_files := f.FindMatching("build/make/target/product/security", findOtaToolsCertFiles)
+ otatools_cert_files = append(otatools_cert_files, f.FindMatching("device", findOtaToolsCertFiles)...)
+ otatools_cert_files = append(otatools_cert_files, f.FindMatching("external/avb/test/data", findOtaToolsCertFiles)...)
+ otatools_cert_files = append(otatools_cert_files, f.FindMatching("packages/modules", findOtaToolsCertFiles)...)
+ otatools_cert_files = append(otatools_cert_files, f.FindMatching("vendor", findOtaToolsCertFiles)...)
+ err = dumpListToFile(ctx, config, otatools_cert_files, filepath.Join(dumpDir, "OtaToolsCertFiles.list"))
+ if err != nil {
+ ctx.Fatalf("Could not find otatools cert files: %v", err)
+ }
+
// Recursively look for all Android.bp files
androidBps := f.FindNamedAt(".", "Android.bp")
if len(androidBps) == 0 {