Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d8469727 authored by Tao Bao's avatar Tao Bao
Browse files

releasetools: check_target_files_signatures.py checks APEXes. 

Only the container certs will be checked and reported. For the payload
within an APEX, we can't easily extract the cert info.

It needs to go along a longer path, if ever needed, by:
 - extracting public keys from all the available certs;
 - using each of them to verify against an APEX payload to find a match
   (`avbtool verify_image --image payload --key public_key`).

Bug: 123716522
Test: Run check_target_files_signatures.py on target_files with APEXes.
Change-Id: I2ef318e05433d2d65ab84e2dff9e01fb6ee3373d
parent 015f8313

tools/releasetools/check_target_files_signatures.py

+5 −4
Original line number Diff line number Diff line
@@ -168,6 +168,7 @@ def CertFromPKCS7(data, filename): 




class APK(object):



  def __init__(self, full_filename, filename):

    self.filename = filename

    self.certs = None
@@ -244,12 +245,12 @@ class TargetFiles(object): 
    # must decompress them individually before we perform any analysis.



    # This is the list of wildcards of files we extract from |filename|.

    apk_extensions = ['*.apk']

    apk_extensions = ['*.apk', '*.apex']



    self.certmap, compressed_extension = common.ReadApkCerts(

        zipfile.ZipFile(filename, "r"))

        zipfile.ZipFile(filename))

    if compressed_extension:

      apk_extensions.append("*.apk" + compressed_extension)

      apk_extensions.append('*.apk' + compressed_extension)



    d = common.UnzipTemp(filename, apk_extensions)

    self.apks = {}
@@ -272,7 +273,7 @@ class TargetFiles(object): 
          os.remove(os.path.join(dirpath, fn))

          fn = uncompressed_fn



        if fn.endswith(".apk"):

        if fn.endswith(('.apk', '.apex')):

          fullname = os.path.join(dirpath, fn)

          displayname = fullname[len(d)+1:]

          apk = APK(fullname, displayname)