From a13f3c346f9071100c7d8ddacb51750fa159b09d Mon Sep 17 00:00:00 2001
From: TheScarastic <warabhishek@e.email>
Date: Wed, 14 Dec 2022 11:51:20 +0000
Subject: [PATCH 1/2] make: Add Patch Trichrome script

 * inspired form calyx and https://github.com/danielfullmer/robotnix/blob/master/modules/apps/chromium-trichrome-patcher.py
---
 core/app_prebuilt_internal.mk       |  1 +
 core/config.mk                      |  2 ++
 core/definitions.mk                 |  5 ++++
 tools/chromium_trichrome_patcher.py | 36 +++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+)
 create mode 100755 tools/chromium_trichrome_patcher.py

diff --git a/core/app_prebuilt_internal.mk b/core/app_prebuilt_internal.mk
index dd263dd330..0d403a5abf 100644
--- a/core/app_prebuilt_internal.mk
+++ b/core/app_prebuilt_internal.mk
@@ -226,6 +226,7 @@ ifdef LOCAL_DEX_PREOPT
 	mv -f $@ $@.tmp
 	$(PRIVATE_STRIP_SCRIPT) $@.tmp $@
 endif  # LOCAL_DEX_PREOPT
+	$(patch-trichrome)
 	$(sign-package)
 	# No need for align-package because sign-package takes care of alignment
 else  # LOCAL_CERTIFICATE == PRESIGNED
diff --git a/core/config.mk b/core/config.mk
index a1a5e356c1..83816ed003 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -619,6 +619,8 @@ JETIFIER := prebuilts/sdk/tools/jetifier/jetifier-standalone/bin/jetifier-standa
 
 EXTRACT_KERNEL := build/make/tools/extract_kernel.py
 
+PATCH_TRICHROME := build/make/tools/chromium_trichrome_patcher.py
+
 USE_OPENJDK9 := true
 
 ifeq ($(EXPERIMENTAL_USE_OPENJDK9),)
diff --git a/core/definitions.mk b/core/definitions.mk
index 8b9af6ac05..f7d6fb8e4d 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -3444,3 +3444,8 @@ $(hide) CLANG_BIN="$(LLVM_PREBUILTS_PATH)" \
 	XZ="$(XZ)" \
 	$(LIBRARY_IDENTITY_CHECK_SCRIPT) $(SOONG_STRIP_PATH) $(1) $(2)
 endef
+
+# Patch Trichrome to add cert digest at buildtime
+define patch-trichrome
+$(hide) $(PATCH_TRICHROME) $@ $(PRIVATE_CERTIFICATE)
+endef
diff --git a/tools/chromium_trichrome_patcher.py b/tools/chromium_trichrome_patcher.py
new file mode 100755
index 0000000000..06cdea0448
--- /dev/null
+++ b/tools/chromium_trichrome_patcher.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+import os
+import subprocess
+import sys
+import zipfile
+
+infilename, sign_key = sys.argv[1:]
+
+def ExtractFingerprint(cert):
+    cmd = ['openssl', 'x509', '-sha256', '-fingerprint', '-noout', '-in', cert]
+    proc = subprocess.run(cmd, stdout=subprocess.PIPE)
+    return proc.stdout.decode('utf-8').split('=')[1].replace(':', '')
+
+def patch_trichrome(infilename, sign_key):
+    orig_certdigest = "32a2fc74d731105859e5a85df16d95f102d85b22099b8064c5d8915c61dad1e0"
+    new_certdigest = ExtractFingerprint(sign_key).lower().rstrip()
+
+    with zipfile.ZipFile(infilename, 'r') as zin, zipfile.ZipFile(infilename + ".patched", 'w') as zout:
+        for info in zin.infolist():
+            data = zin.read(info.filename)
+            if info.filename == 'AndroidManifest.xml':
+                # Make sure we can find the certdigest
+                data.rindex(orig_certdigest.encode('utf-16-le'))
+                # Replace it
+                data = data.replace(orig_certdigest.encode('utf-16-le'), new_certdigest.encode('utf-16-le'))
+            zout.writestr(info, data)
+
+    # Delete the original file
+    os.remove(infilename)
+
+    # Rename the output file to the original file name
+    os.rename(infilename + ".patched", infilename)
+
+if "Browser_" in infilename or "BrowserWebView_" in infilename:
+    patch_trichrome(infilename, sign_key)
-- 
GitLab


From d33c75b46bcaadce594e7b14fad607b08ce3c42a Mon Sep 17 00:00:00 2001
From: althafvly <althafvly@gmail.com>
Date: Wed, 21 Dec 2022 15:43:03 +0530
Subject: [PATCH 2/2] make: Catch exception for no certdigest

- Fixes build for non-trichrome browser apks
---
 tools/chromium_trichrome_patcher.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/chromium_trichrome_patcher.py b/tools/chromium_trichrome_patcher.py
index 06cdea0448..bda96b3fa6 100755
--- a/tools/chromium_trichrome_patcher.py
+++ b/tools/chromium_trichrome_patcher.py
@@ -21,7 +21,10 @@ def patch_trichrome(infilename, sign_key):
             data = zin.read(info.filename)
             if info.filename == 'AndroidManifest.xml':
                 # Make sure we can find the certdigest
-                data.rindex(orig_certdigest.encode('utf-16-le'))
+                try:
+                    data.rindex(orig_certdigest.encode('utf-16-le'))
+                except:
+                    pass
                 # Replace it
                 data = data.replace(orig_certdigest.encode('utf-16-le'), new_certdigest.encode('utf-16-le'))
             zout.writestr(info, data)
-- 
GitLab