Add the function of signing apex file with signapk tool. Bug: 196204358 Test: b build //build/bazel/examples/apex/minimal:build.bazel.examples.apex.minimal Test: jarsigner -verify -verbose build.bazel.examples.apex.minimal.apex Change-Id: I7556c3b21d221ce67a6f5449321da9af6f75ac48

commit: 099092f1f2ab61c0f3315ff1e690f2798d1c7f67 [log] [tgz]
author: Wei Li <weiwli@google.com> Fri Dec 10 03:12:15 2021 -0800
committer: Wei Li <weiwli@google.com> Mon Dec 13 20:11:35 2021 -0800
tree: dcea467b6e46aa727b73d9b9d89c8cfad763c1ae
parent: 2c32cac501949a45a99ea899905e005e18791673 [diff]
diff --git a/examples/apex/minimal/Android.bp b/examples/apex/minimal/Android.bp
index 7f96acd..ccef7b9 100644
--- a/examples/apex/minimal/Android.bp
+++ b/examples/apex/minimal/Android.bp

@@ -109,4 +109,6 @@
     binaries: [
         "build.bazel.examples.apex.cc_binary",
     ],
+
+    certificate: ":build.bazel.examples.apex.minimal.certificate"
 }

diff --git a/rules/apex.bzl b/rules/apex.bzl
index 21db21c..78772ac 100644
--- a/rules/apex.bzl
+++ b/rules/apex.bzl

@@ -128,7 +128,7 @@
     android_manifest = ctx.file.android_manifest
 
     # Outputs
-    apex_output_file = ctx.actions.declare_file(ctx.attr.name + ".apex")
+    apex_output_file = ctx.actions.declare_file(ctx.attr.name + ".apex.unsigned")
 
     # Arguments
     args = ctx.actions.args()
@@ -173,6 +173,41 @@
 
     return apex_output_file
 
+# Sign the generated unsigned apex file with signapk
+def _run_signapk(ctx, unsigned_apex_output_file):
+    # Inputs
+    apex_cert_info = ctx.attr.certificate[AndroidAppCertificateInfo]
+    privkey = apex_cert_info.pk8
+    pubkey = apex_cert_info.pem
+
+    inputs = [
+        unsigned_apex_output_file,
+        privkey,
+        pubkey,
+        ctx.executable._signapk,
+    ]
+
+    # Outputs
+    signed_apex_output_file = ctx.actions.declare_file(ctx.attr.name + ".apex")
+    outputs = [signed_apex_output_file]
+
+    # Arguments
+    args = ctx.actions.args()
+    args.add_all(["-a", 4096])
+    args.add_all(["--align-file-size"])
+    args.add_all([pubkey, privkey])
+    args.add_all([unsigned_apex_output_file, signed_apex_output_file])
+
+    ctx.actions.run(
+        inputs = inputs,
+        outputs = outputs,
+        executable = ctx.executable._signapk,
+        arguments = [args],
+        mnemonic = "BazelApexSigning",
+    )
+
+    return signed_apex_output_file
+
 # See the APEX section in the README on how to use this rule.
 def _apex_rule_impl(ctx):
     apex_toolchain = ctx.toolchains["//build/bazel/rules/apex:apex_toolchain_type"].toolchain_info
@@ -180,9 +215,10 @@
     apex_content_inputs, bazel_apexer_wrapper_manifest = _prepare_apexer_wrapper_inputs(ctx)
     apex_manifest_pb = _convert_apex_manifest_json_to_pb(ctx, apex_toolchain)
 
-    apex_output_file = _run_apexer(ctx, apex_toolchain, apex_content_inputs, bazel_apexer_wrapper_manifest, apex_manifest_pb)
+    unsigned_apex_output_file = _run_apexer(ctx, apex_toolchain, apex_content_inputs, bazel_apexer_wrapper_manifest, apex_manifest_pb)
+    signed_apex_output_file = _run_signapk(ctx, unsigned_apex_output_file)
 
-    files_to_build = depset([apex_output_file])
+    files_to_build = depset([signed_apex_output_file])
     return [DefaultInfo(files = files_to_build)]
 
 _apex = rule(
@@ -199,15 +235,15 @@
         "native_shared_libs": attr.label_list(
             providers = [ApexCcInfo],
             aspects = [apex_cc_aspect],
-            cfg = apex_transition
+            cfg = apex_transition,
         ),
         "binaries": attr.label_list(
             providers = [
                 # The dependency must produce _all_ of the providers in _one_ of these lists.
-                [ShBinaryInfo], # sh_binary
-                [StrippedCcBinaryInfo, CcInfo], # cc_binary (stripped)
+                [ShBinaryInfo],  # sh_binary
+                [StrippedCcBinaryInfo, CcInfo],  # cc_binary (stripped)
             ],
-            cfg = apex_transition
+            cfg = apex_transition,
         ),
         "prebuilts": attr.label_list(providers = [PrebuiltEtcInfo], cfg = apex_transition),
         # Required to use apex_transition. This is an acknowledgement to the risks of memory bloat when using transitions.
@@ -218,6 +254,12 @@
             executable = True,
             default = "//build/bazel/rules/apex:bazel_apexer_wrapper",
         ),
+        "_signapk": attr.label(
+            cfg = "host",
+            doc = "The signapk tool.",
+            executable = True,
+            default = "//build/make/tools/signapk",
+        ),
     },
     toolchains = ["//build/bazel/rules/apex:apex_toolchain_type"],
 )

diff --git a/rules/java/BUILD b/rules/java/BUILD
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/rules/java/BUILD


diff --git a/rules/java/library.bzl b/rules/java/library.bzl
new file mode 100644
index 0000000..f45cd51
--- /dev/null
+++ b/rules/java/library.bzl

@@ -0,0 +1,8 @@
+"""Macro wrapping the java_library for bp2build. """
+
+def java_library(name = "", srcs = [], deps = [], javacopts = [], **kwargs):
+    # Disable the error prone check of HashtableContains by default. See https://errorprone.info/bugpattern/HashtableContains
+    # HashtableContains error is reported when compiling //external/bouncycastle:bouncycastle-bcpkix-unbundled
+    opts = ["-Xep:HashtableContains:OFF"] + javacopts
+
+    native.java_library(name, srcs = srcs, deps = deps, javacopts = opts, **kwargs)
commit	099092f1f2ab61c0f3315ff1e690f2798d1c7f67	[log] [tgz]
author	Wei Li <weiwli@google.com>	Fri Dec 10 03:12:15 2021 -0800
committer	Wei Li <weiwli@google.com>	Mon Dec 13 20:11:35 2021 -0800
tree	dcea467b6e46aa727b73d9b9d89c8cfad763c1ae
parent	2c32cac501949a45a99ea899905e005e18791673 [diff]