Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e555ab18 authored by Oleh Cherpak's avatar Oleh Cherpak
Browse files

sign_target_files_apks: Fix password encrypted keys handle 



This patch restores the possibility of using password encrypted
keys for build signing.

Bug: 171221825
Test: 1. Generate password encrypted keys (write non empty passwords):
        $ subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
        $ mkdir ~/.android-certs
        $ for x in releasekey platform shared media; do \
            ./development/tools/make_key ~/.android-certs/$x \
            "$subject"; \
          done
      2. Create a file with passwords:
        Example of passwd file:
            [[[ 12345678 ]]] /home/user/.android-certs/releasekey
            [[[ 12345678 ]]] /home/user/.android-certs/platform
            [[[ 12345678 ]]] /home/user/.android-certs/shared
            [[[ 12345678 ]]] /home/user/.android-certs/media
            [[[ 12345678 ]]] /home/user/.android-certs/networkstack
      3. Tell system where to find passwords:
        $ export ANDROID_PW_FILE=/path/to/file/with/passwords
      4. Generate a release image:
        $ make dist
        $ sign_target_files_apks \
        -o --default_key_mappings ~/.android-certs \
        out/dist/*-target_files-*.zip \
        signed-target_files.zip

Signed-off-by: default avatarOleh Cherpak <oleh.cherpak@globallogic.com>
Change-Id: I3e9d5318f69a2c3ac6eec64b36163b6544d49c90
parent 0071b0b5

tools/releasetools/apex_utils.py

+6 −3
Original line number Diff line number Diff line
@@ -49,6 +49,9 @@ class ApexApkSigner(object): 


  def __init__(self, apex_path, key_passwords, codename_to_api_level_map):

    self.apex_path = apex_path

    if not key_passwords:

      self.key_passwords = dict()

    else:

      self.key_passwords = key_passwords

    self.codename_to_api_level_map = codename_to_api_level_map
@@ -110,7 +113,7 @@ class ApexApkSigner(object): 
      # signed apk file.

      unsigned_apk = common.MakeTempFile()

      os.rename(apk_path, unsigned_apk)

      common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords,

      common.SignFile(unsigned_apk, apk_path, key_name, self.key_passwords.get(key_name),

                      codename_to_api_level_map=self.codename_to_api_level_map)

      has_signed_apk = True

    return payload_dir, has_signed_apk
@@ -356,7 +359,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, 
      aligned_apex,

      signed_apex,

      container_key,

      container_pw,

      container_pw.get(container_key),

      codename_to_api_level_map=codename_to_api_level_map,

      extra_signapk_args=extra_signapk_args)

tools/releasetools/sign_target_files_apks.py

+1 −1
Original line number Diff line number Diff line
@@ -515,7 +515,7 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, 
            data,

            payload_key,

            container_key,

            key_passwords[container_key],

            key_passwords,

            apk_keys,

            codename_to_api_level_map,

            no_hashtree=True,