Add signing certificate lineage support to soong (e2b27f47) · Commits · e / os / android_build_soong

java/app.go

+11 −4

Original line number	Diff line number	Diff line
		@@ -129,6 +129,9 @@ type overridableAppProperties struct {
		// or an android_app_certificate module name in the form ":module".
		Certificate *string

		// Name of the signing certificate lineage file.
		Lineage *string

		// the package name of this app. The package name in the manifest file is used if one was not given.
		Package_name *string

		@@ -596,13 +599,17 @@ func (a *AndroidApp) generateAndroidBuildActions(ctx android.ModuleContext) {

		// Build a final signed app package.
		packageFile := android.PathForModuleOut(ctx, a.installApkName+".apk")
		CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps)
		var lineageFile android.Path
		if lineage := String(a.overridableAppProperties.Lineage); lineage != "" {
		lineageFile = android.PathForModuleSrc(ctx, lineage)
		}
		CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, lineageFile)
		a.outputFile = packageFile

		for _, split := range a.aapt.splits {
		// Sign the split APKs
		packageFile := android.PathForModuleOut(ctx, a.installApkName+"_"+split.suffix+".apk")
		CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps)
		CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, lineageFile)
		a.extraOutputFiles = append(a.extraOutputFiles, packageFile)
		}

		@@ -1299,7 +1306,7 @@ func (a *AndroidAppImport) generateAndroidBuildActions(ctx android.ModuleContext
		}
		a.certificate = certificates[0]
		signed := android.PathForModuleOut(ctx, "signed", apkFilename)
		SignAppPackage(ctx, signed, dexOutput, certificates)
		SignAppPackage(ctx, signed, dexOutput, certificates, nil)
		a.outputFile = signed
		} else {
		alignedApk := android.PathForModuleOut(ctx, "zip-aligned", apkFilename)
		@@ -1558,7 +1565,7 @@ func (r *RuntimeResourceOverlay) GenerateAndroidBuildActions(ctx android.ModuleC
		_, certificates := collectAppDeps(ctx, false, false)
		certificates = processMainCert(r.ModuleBase, String(r.properties.Certificate), certificates, ctx)
		signed := android.PathForModuleOut(ctx, "signed", r.Name()+".apk")
		SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates)
		SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil)
		r.certificate = certificates[0]

		r.outputFile = signed

java/app_builder.go

+9 −3

Original line number	Diff line number	Diff line
		@@ -45,7 +45,7 @@ var combineApk = pctx.AndroidStaticRule("combineApk",
		})

		func CreateAndSignAppPackage(ctx android.ModuleContext, outputFile android.WritablePath,
		packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths) {
		packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, lineageFile android.Path) {

		unsignedApkName := strings.TrimSuffix(outputFile.Base(), ".apk") + "-unsigned.apk"
		unsignedApk := android.PathForModuleOut(ctx, unsignedApkName)
		@@ -66,10 +66,10 @@ func CreateAndSignAppPackage(ctx android.ModuleContext, outputFile android.Writa
		Implicits: deps,
		})

		SignAppPackage(ctx, outputFile, unsignedApk, certificates)
		SignAppPackage(ctx, outputFile, unsignedApk, certificates, lineageFile)
		}

		func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate) {
		func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, lineageFile android.Path) {

		var certificateArgs []string
		var deps android.Paths
		@@ -78,6 +78,11 @@ func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, u
		deps = append(deps, c.Pem, c.Key)
		}

		var flags []string
		if lineageFile != nil {
		flags = append(flags, "--lineage", lineageFile.String())
		}

		ctx.Build(pctx, android.BuildParams{
		Rule: Signapk,
		Description: "signapk",
		@@ -86,6 +91,7 @@ func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, u
		Implicits: deps,
		Args: map[string]string{
		"certificates": strings.Join(certificateArgs, " "),
		"flags": strings.Join(flags, " "),
		},
		})
		}

java/app_test.go

+56 −15

Original line number	Diff line number	Diff line
		@@ -1209,7 +1209,8 @@ func TestCertificates(t *testing.T) {
		name string
		bp string
		certificateOverride string
		expected string
		expectedLineage string
		expectedCertificate string
		}{
		{
		name: "default",
		@@ -1221,7 +1222,8 @@ func TestCertificates(t *testing.T) {
		}
		`,
		certificateOverride: "",
		expected: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8",
		expectedLineage: "",
		expectedCertificate: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8",
		},
		{
		name: "module certificate property",
		@@ -1239,7 +1241,8 @@ func TestCertificates(t *testing.T) {
		}
		`,
		certificateOverride: "",
		expected: "cert/new_cert.x509.pem cert/new_cert.pk8",
		expectedLineage: "",
		expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
		},
		{
		name: "path certificate property",
		@@ -1252,7 +1255,8 @@ func TestCertificates(t *testing.T) {
		}
		`,
		certificateOverride: "",
		expected: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
		expectedLineage: "",
		expectedCertificate: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
		},
		{
		name: "certificate overrides",
		@@ -1270,7 +1274,28 @@ func TestCertificates(t *testing.T) {
		}
		`,
		certificateOverride: "foo:new_certificate",
		expected: "cert/new_cert.x509.pem cert/new_cert.pk8",
		expectedLineage: "",
		expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
		},
		{
		name: "certificate lineage",
		bp: `
		android_app {
		name: "foo",
		srcs: ["a.java"],
		certificate: ":new_certificate",
		lineage: "lineage.bin",
		sdk_version: "current",
		}

		android_app_certificate {
		name: "new_certificate",
		certificate: "cert/new_cert",
		}
		`,
		certificateOverride: "",
		expectedLineage: "--lineage lineage.bin",
		expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
		},
		}

		@@ -1286,9 +1311,14 @@ func TestCertificates(t *testing.T) {
		foo := ctx.ModuleForTests("foo", "android_common")

		signapk := foo.Output("foo.apk")
		signFlags := signapk.Args["certificates"]
		if test.expected != signFlags {
		t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expected, signFlags)
		signCertificateFlags := signapk.Args["certificates"]
		if test.expectedCertificate != signCertificateFlags {
		t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedCertificate, signCertificateFlags)
		}

		signFlags := signapk.Args["flags"]
		if test.expectedLineage != signFlags {
		t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedLineage, signFlags)
		}
		})
		}
		@@ -1402,6 +1432,7 @@ func TestOverrideAndroidApp(t *testing.T) {
		name: "bar",
		base: "foo",
		certificate: ":new_certificate",
		lineage: "lineage.bin",
		logging_parent: "bah",
		}

		@@ -1422,7 +1453,8 @@ func TestOverrideAndroidApp(t *testing.T) {
		variantName string
		apkName string
		apkPath string
		signFlag string
		certFlag string
		lineageFlag string
		overrides []string
		aaptFlag string
		logging_parent string
		@@ -1431,7 +1463,8 @@ func TestOverrideAndroidApp(t *testing.T) {
		moduleName: "foo",
		variantName: "android_common",
		apkPath: "/target/product/test_device/system/app/foo/foo.apk",
		signFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
		certFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
		lineageFlag: "",
		overrides: []string{"qux"},
		aaptFlag: "",
		logging_parent: "",
		@@ -1440,7 +1473,8 @@ func TestOverrideAndroidApp(t *testing.T) {
		moduleName: "bar",
		variantName: "android_common_bar",
		apkPath: "/target/product/test_device/system/app/bar/bar.apk",
		signFlag: "cert/new_cert.x509.pem cert/new_cert.pk8",
		certFlag: "cert/new_cert.x509.pem cert/new_cert.pk8",
		lineageFlag: "--lineage lineage.bin",
		overrides: []string{"qux", "foo"},
		aaptFlag: "",
		logging_parent: "bah",
		@@ -1449,7 +1483,8 @@ func TestOverrideAndroidApp(t *testing.T) {
		moduleName: "baz",
		variantName: "android_common_baz",
		apkPath: "/target/product/test_device/system/app/baz/baz.apk",
		signFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
		certFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
		lineageFlag: "",
		overrides: []string{"qux", "foo"},
		aaptFlag: "--rename-manifest-package org.dandroid.bp",
		logging_parent: "",
		@@ -1474,9 +1509,15 @@ func TestOverrideAndroidApp(t *testing.T) {

		// Check the certificate paths
		signapk := variant.Output(expected.moduleName + ".apk")
		signFlag := signapk.Args["certificates"]
		if expected.signFlag != signFlag {
		t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.signFlag, signFlag)
		certFlag := signapk.Args["certificates"]
		if expected.certFlag != certFlag {
		t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.certFlag, certFlag)
		}

		// Check the lineage flags
		lineageFlag := signapk.Args["flags"]
		if expected.lineageFlag != lineageFlag {
		t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.lineageFlag, lineageFlag)
		}

		// Check if the overrides field values are correctly aggregated.

java/testing.go

+1 −0

Original line number	Diff line number	Diff line
		@@ -116,6 +116,7 @@ func TestConfig(buildDir string, env map[string]string, bp string, fs map[string

		"cert/new_cert.x509.pem": nil,
		"cert/new_cert.pk8": nil,
		"lineage.bin": nil,

		"testdata/data": nil,