Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 133d57dc authored by Kelvin Zhang's avatar Kelvin Zhang Committed by Kevin Haggerty
Browse files

Support container password for apex signing 

Some partners need the ability to sign apexes with passwords enabled.

Test: th
Bug: 206007131
Change-Id: I6abb0775031a4c6bf8aaae679f5c7ad8f4cffe46
parent 756852c1

tools/releasetools/apex_utils.py

+2 −2
Original line number Diff line number Diff line
@@ -498,7 +498,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, 
          apex_file,

          payload_key=payload_key,

          container_key=container_key,

          container_pw=None,

          container_pw=container_pw,

          codename_to_api_level_map=codename_to_api_level_map,

          no_hashtree=no_hashtree,

          apk_keys=apk_keys,
@@ -510,7 +510,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, 
          apex_file,

          payload_key=payload_key,

          container_key=container_key,

          container_pw=None,

          container_pw=container_pw,

          codename_to_api_level_map=codename_to_api_level_map,

          no_hashtree=no_hashtree,

          apk_keys=apk_keys,

tools/releasetools/sign_apex.py

+19 −3
Original line number Diff line number Diff line
@@ -42,10 +42,14 @@ Usage: sign_apex [flags] input_apex_file output_apex_file 


  --sign_tool <sign_tool>

      Optional flag that specifies a custom signing tool for the contents of the apex.



  --container_pw <name1=passwd,name2=passwd>

      A mapping of key_name to password

"""



import logging

import shutil

import re

import sys



import apex_utils
@@ -55,7 +59,7 @@ logger = logging.getLogger(__name__) 




def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree,

                 apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None):

                 apk_keys=None, signing_args=None, codename_to_api_level_map=None, sign_tool=None, container_pw=None):

  """Signs the given apex file."""

  with open(apex_file, 'rb') as input_fp:

    apex_data = input_fp.read()
@@ -65,7 +69,7 @@ def SignApexFile(avbtool, apex_file, payload_key, container_key, no_hashtree, 
      apex_data,

      payload_key=payload_key,

      container_key=container_key,

      container_pw=None,

      container_pw=container_pw,

      codename_to_api_level_map=codename_to_api_level_map,

      no_hashtree=no_hashtree,

      apk_keys=apk_keys,
@@ -106,6 +110,15 @@ def main(argv): 
        options['extra_apks'].update({n: key})

    elif o == '--sign_tool':

      options['sign_tool'] = a

    elif o == '--container_pw':

      passwords = {}

      pairs = a.split()

      for pair in pairs:

        if "=" not in pair:

          continue

        tokens = pair.split("=", maxsplit=1)

        passwords[tokens[0].strip()] = tokens[1].strip()

      options['container_pw'] = passwords

    else:

      return False

    return True
@@ -121,6 +134,7 @@ def main(argv): 
          'payload_key=',

          'extra_apks=',

          'sign_tool=',

          'container_pw=',

      ],

      extra_option_handler=option_handler)
@@ -141,7 +155,9 @@ def main(argv): 
      signing_args=options.get('payload_extra_args'),

      codename_to_api_level_map=options.get(

          'codename_to_api_level_map', {}),

      sign_tool=options.get('sign_tool', None))

      sign_tool=options.get('sign_tool', None),

      container_pw=options.get('container_pw'),

  )

  shutil.copyfile(signed_apex, args[1])

  logger.info("done.")