Add signing certificate lineage file support. (e2348338) · Commits · e / os / android_build

core/app_prebuilt_internal.mk

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -163,6 +163,13 @@ else
	$(built_module) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem		$(built_module) : $(LOCAL_CERTIFICATE).pk8 $(LOCAL_CERTIFICATE).x509.pem
	$(built_module) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8		$(built_module) : PRIVATE_PRIVATE_KEY := $(LOCAL_CERTIFICATE).pk8
	$(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem		$(built_module) : PRIVATE_CERTIFICATE := $(LOCAL_CERTIFICATE).x509.pem

			additional_certificates := $(foreach c,$(LOCAL_ADDITIONAL_CERTIFICATES), $(c).x509.pem $(c).pk8)
			$(built_module): $(additional_certificates)
			$(built_module): PRIVATE_ADDITIONAL_CERTIFICATES := $(additional_certificates)

			$(built_module): $(LOCAL_CERTIFICATE_LINEAGE)
			$(built_module): PRIVATE_CERTIFICATE_LINEAGE := $(LOCAL_CERTIFICATE_LINEAGE)
	endif		endif

	include $(BUILD_SYSTEM)/app_certificate_validate.mk		include $(BUILD_SYSTEM)/app_certificate_validate.mk

core/clear_vars.mk

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -152,6 +152,7 @@ LOCAL_JAVA_RESOURCE_FILES:=
	LOCAL_JETIFIER_ENABLED:=		LOCAL_JETIFIER_ENABLED:=
	LOCAL_JNI_SHARED_LIBRARIES:=		LOCAL_JNI_SHARED_LIBRARIES:=
	LOCAL_JNI_SHARED_LIBRARIES_ABI:=		LOCAL_JNI_SHARED_LIBRARIES_ABI:=
			LOCAL_CERTIFICATE_LINEAGE:=
	LOCAL_LDFLAGS:=		LOCAL_LDFLAGS:=
	LOCAL_LDLIBS:=		LOCAL_LDLIBS:=
	LOCAL_LOGTAGS_FILES:=		LOCAL_LOGTAGS_FILES:=

core/definitions.mk

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -2285,6 +2285,7 @@ endef
	define sign-package-arg		define sign-package-arg
	$(hide) mv $(1) $(1).unsigned		$(hide) mv $(1) $(1).unsigned
	$(hide) $(JAVA) -Djava.library.path=$$(dirname $(SIGNAPK_JNI_LIBRARY_PATH)) -jar $(SIGNAPK_JAR) \		$(hide) $(JAVA) -Djava.library.path=$$(dirname $(SIGNAPK_JNI_LIBRARY_PATH)) -jar $(SIGNAPK_JAR) \
			$(if $(strip $(PRIVATE_CERTIFICATE_LINEAGE)), --lineage $(PRIVATE_CERTIFICATE_LINEAGE)) \
	$(PRIVATE_CERTIFICATE) $(PRIVATE_PRIVATE_KEY) \		$(PRIVATE_CERTIFICATE) $(PRIVATE_PRIVATE_KEY) \
	$(PRIVATE_ADDITIONAL_CERTIFICATES) $(1).unsigned $(1).signed		$(PRIVATE_ADDITIONAL_CERTIFICATES) $(1).unsigned $(1).signed
	$(hide) mv $(1).signed $(1)		$(hide) mv $(1).signed $(1)

core/package_internal.mk

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -465,6 +465,9 @@ PACKAGES.$(LOCAL_PACKAGE_NAME).CERTIFICATE := $(certificate)
	$(LOCAL_BUILT_MODULE): $(additional_certificates)		$(LOCAL_BUILT_MODULE): $(additional_certificates)
	$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CERTIFICATES := $(additional_certificates)		$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CERTIFICATES := $(additional_certificates)

			$(LOCAL_BUILT_MODULE): $(LOCAL_CERTIFICATE_LINEAGE)
			$(LOCAL_BUILT_MODULE): PRIVATE_CERTIFICATE_LINEAGE := $(LOCAL_CERTIFICATE_LINEAGE)

	# Set a actual_partition_tag (calculated in base_rules.mk) for the package.		# Set a actual_partition_tag (calculated in base_rules.mk) for the package.
	PACKAGES.$(LOCAL_PACKAGE_NAME).PARTITION := $(actual_partition_tag)		PACKAGES.$(LOCAL_PACKAGE_NAME).PARTITION := $(actual_partition_tag)

tools/signapk/src/com/android/signapk/SignApk.java

+12 −0

Original line number	Original line	Diff line number	Diff line
	@@ -36,6 +36,7 @@ import org.conscrypt.OpenSSLProvider;

	import com.android.apksig.ApkSignerEngine;		import com.android.apksig.ApkSignerEngine;
	import com.android.apksig.DefaultApkSignerEngine;		import com.android.apksig.DefaultApkSignerEngine;
			import com.android.apksig.SigningCertificateLineage;
	import com.android.apksig.Hints;		import com.android.apksig.Hints;
	import com.android.apksig.apk.ApkUtils;		import com.android.apksig.apk.ApkUtils;
	import com.android.apksig.apk.MinSdkVersionException;		import com.android.apksig.apk.MinSdkVersionException;
	@@ -1046,6 +1047,7 @@ class SignApk {
	Integer minSdkVersionOverride = null;		Integer minSdkVersionOverride = null;
	boolean signUsingApkSignatureSchemeV2 = true;		boolean signUsingApkSignatureSchemeV2 = true;
	boolean signUsingApkSignatureSchemeV4 = false;		boolean signUsingApkSignatureSchemeV4 = false;
			SigningCertificateLineage certLineage = null;

	int argstart = 0;		int argstart = 0;
	while (argstart < args.length && args[argstart].startsWith("-")) {		while (argstart < args.length && args[argstart].startsWith("-")) {
	@@ -1076,6 +1078,15 @@ class SignApk {
	} else if ("--enable-v4".equals(args[argstart])) {		} else if ("--enable-v4".equals(args[argstart])) {
	signUsingApkSignatureSchemeV4 = true;		signUsingApkSignatureSchemeV4 = true;
	++argstart;		++argstart;
			} else if ("--lineage".equals(args[argstart])) {
			File lineageFile = new File(args[++argstart]);
			try {
			certLineage = SigningCertificateLineage.readFromFile(lineageFile);
			} catch (Exception e) {
			throw new IllegalArgumentException(
			"Error reading lineage file: " + e.getMessage());
			}
			++argstart;
	} else {		} else {
	usage();		usage();
	}		}
	@@ -1166,6 +1177,7 @@ class SignApk {
	.setV2SigningEnabled(signUsingApkSignatureSchemeV2)		.setV2SigningEnabled(signUsingApkSignatureSchemeV2)
	.setOtherSignersSignaturesPreserved(false)		.setOtherSignersSignaturesPreserved(false)
	.setCreatedBy("1.0 (Android SignApk)")		.setCreatedBy("1.0 (Android SignApk)")
			.setSigningCertificateLineage(certLineage)
	.build()) {		.build()) {
	// We don't preserve the input APK's APK Signing Block (which contains v2		// We don't preserve the input APK's APK Signing Block (which contains v2
	// signatures)		// signatures)