Add signing certificate lineage support to soong
Test: app_test
Bug: 153366049
Change-Id: I65a92d6c40057dcc01950991fb7be485de1c9080
diff --git a/java/app.go b/java/app.go
index 4c4b83c..531b46a 100755
--- a/java/app.go
+++ b/java/app.go
@@ -129,6 +129,9 @@
// or an android_app_certificate module name in the form ":module".
Certificate *string
+ // Name of the signing certificate lineage file.
+ Lineage *string
+
// the package name of this app. The package name in the manifest file is used if one was not given.
Package_name *string
@@ -586,7 +589,11 @@
if v4SigningRequested {
v4SignatureFile = android.PathForModuleOut(ctx, a.installApkName+".apk.idsig")
}
- CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, v4SignatureFile)
+ var lineageFile android.Path
+ if lineage := String(a.overridableAppProperties.Lineage); lineage != "" {
+ lineageFile = android.PathForModuleSrc(ctx, lineage)
+ }
+ CreateAndSignAppPackage(ctx, packageFile, a.exportPackage, jniJarFile, dexJarFile, certificates, apkDeps, v4SignatureFile, lineageFile)
a.outputFile = packageFile
if v4SigningRequested {
a.extraOutputFiles = append(a.extraOutputFiles, v4SignatureFile)
@@ -598,7 +605,7 @@
if v4SigningRequested {
v4SignatureFile = android.PathForModuleOut(ctx, a.installApkName+"_"+split.suffix+".apk.idsig")
}
- CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, v4SignatureFile)
+ CreateAndSignAppPackage(ctx, packageFile, split.path, nil, nil, certificates, apkDeps, v4SignatureFile, lineageFile)
a.extraOutputFiles = append(a.extraOutputFiles, packageFile)
if v4SigningRequested {
a.extraOutputFiles = append(a.extraOutputFiles, v4SignatureFile)
@@ -1249,7 +1256,7 @@
}
a.certificate = certificates[0]
signed := android.PathForModuleOut(ctx, "signed", apkFilename)
- SignAppPackage(ctx, signed, dexOutput, certificates, nil)
+ SignAppPackage(ctx, signed, dexOutput, certificates, nil, nil)
a.outputFile = signed
} else {
alignedApk := android.PathForModuleOut(ctx, "zip-aligned", apkFilename)
@@ -1486,7 +1493,7 @@
_, certificates := collectAppDeps(ctx, false, false)
certificates = processMainCert(r.ModuleBase, String(r.properties.Certificate), certificates, ctx)
signed := android.PathForModuleOut(ctx, "signed", r.Name()+".apk")
- SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil)
+ SignAppPackage(ctx, signed, r.aapt.exportPackage, certificates, nil, nil)
r.certificate = certificates[0]
r.outputFile = signed
diff --git a/java/app_builder.go b/java/app_builder.go
index b2780bc..e8c16c2 100644
--- a/java/app_builder.go
+++ b/java/app_builder.go
@@ -45,7 +45,7 @@
})
func CreateAndSignAppPackage(ctx android.ModuleContext, outputFile android.WritablePath,
- packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, v4SignatureFile android.WritablePath) {
+ packageFile, jniJarFile, dexJarFile android.Path, certificates []Certificate, deps android.Paths, v4SignatureFile android.WritablePath, lineageFile android.Path) {
unsignedApkName := strings.TrimSuffix(outputFile.Base(), ".apk") + "-unsigned.apk"
unsignedApk := android.PathForModuleOut(ctx, unsignedApkName)
@@ -66,10 +66,10 @@
Implicits: deps,
})
- SignAppPackage(ctx, outputFile, unsignedApk, certificates, v4SignatureFile)
+ SignAppPackage(ctx, outputFile, unsignedApk, certificates, v4SignatureFile, lineageFile)
}
-func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath) {
+func SignAppPackage(ctx android.ModuleContext, signedApk android.WritablePath, unsignedApk android.Path, certificates []Certificate, v4SignatureFile android.WritablePath, lineageFile android.Path) {
var certificateArgs []string
var deps android.Paths
@@ -79,10 +79,14 @@
}
outputFiles := android.WritablePaths{signedApk}
- var flag string = ""
+ var flags []string
if v4SignatureFile != nil {
outputFiles = append(outputFiles, v4SignatureFile)
- flag = "--enable-v4"
+ flags = append(flags, "--enable-v4")
+ }
+
+ if lineageFile != nil {
+ flags = append(flags, "--lineage", lineageFile.String())
}
ctx.Build(pctx, android.BuildParams{
@@ -93,7 +97,7 @@
Implicits: deps,
Args: map[string]string{
"certificates": strings.Join(certificateArgs, " "),
- "flags": flag,
+ "flags": strings.Join(flags, " "),
},
})
}
diff --git a/java/app_test.go b/java/app_test.go
index f2cbbfb..75d1c90 100644
--- a/java/app_test.go
+++ b/java/app_test.go
@@ -1115,7 +1115,8 @@
name string
bp string
certificateOverride string
- expected string
+ expectedLineage string
+ expectedCertificate string
}{
{
name: "default",
@@ -1127,7 +1128,8 @@
}
`,
certificateOverride: "",
- expected: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8",
+ expectedLineage: "",
+ expectedCertificate: "build/make/target/product/security/testkey.x509.pem build/make/target/product/security/testkey.pk8",
},
{
name: "module certificate property",
@@ -1145,7 +1147,8 @@
}
`,
certificateOverride: "",
- expected: "cert/new_cert.x509.pem cert/new_cert.pk8",
+ expectedLineage: "",
+ expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
},
{
name: "path certificate property",
@@ -1158,7 +1161,8 @@
}
`,
certificateOverride: "",
- expected: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
+ expectedLineage: "",
+ expectedCertificate: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
},
{
name: "certificate overrides",
@@ -1176,7 +1180,28 @@
}
`,
certificateOverride: "foo:new_certificate",
- expected: "cert/new_cert.x509.pem cert/new_cert.pk8",
+ expectedLineage: "",
+ expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
+ },
+ {
+ name: "certificate lineage",
+ bp: `
+ android_app {
+ name: "foo",
+ srcs: ["a.java"],
+ certificate: ":new_certificate",
+ lineage: "lineage.bin",
+ sdk_version: "current",
+ }
+
+ android_app_certificate {
+ name: "new_certificate",
+ certificate: "cert/new_cert",
+ }
+ `,
+ certificateOverride: "",
+ expectedLineage: "--lineage lineage.bin",
+ expectedCertificate: "cert/new_cert.x509.pem cert/new_cert.pk8",
},
}
@@ -1192,9 +1217,14 @@
foo := ctx.ModuleForTests("foo", "android_common")
signapk := foo.Output("foo.apk")
- signFlags := signapk.Args["certificates"]
- if test.expected != signFlags {
- t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expected, signFlags)
+ signCertificateFlags := signapk.Args["certificates"]
+ if test.expectedCertificate != signCertificateFlags {
+ t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedCertificate, signCertificateFlags)
+ }
+
+ signFlags := signapk.Args["flags"]
+ if test.expectedLineage != signFlags {
+ t.Errorf("Incorrect signing flags, expected: %q, got: %q", test.expectedLineage, signFlags)
}
})
}
@@ -1368,6 +1398,7 @@
name: "bar",
base: "foo",
certificate: ":new_certificate",
+ lineage: "lineage.bin",
logging_parent: "bah",
}
@@ -1388,7 +1419,8 @@
variantName string
apkName string
apkPath string
- signFlag string
+ certFlag string
+ lineageFlag string
overrides []string
aaptFlag string
logging_parent string
@@ -1397,7 +1429,8 @@
moduleName: "foo",
variantName: "android_common",
apkPath: "/target/product/test_device/system/app/foo/foo.apk",
- signFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
+ certFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
+ lineageFlag: "",
overrides: []string{"qux"},
aaptFlag: "",
logging_parent: "",
@@ -1406,7 +1439,8 @@
moduleName: "bar",
variantName: "android_common_bar",
apkPath: "/target/product/test_device/system/app/bar/bar.apk",
- signFlag: "cert/new_cert.x509.pem cert/new_cert.pk8",
+ certFlag: "cert/new_cert.x509.pem cert/new_cert.pk8",
+ lineageFlag: "--lineage lineage.bin",
overrides: []string{"qux", "foo"},
aaptFlag: "",
logging_parent: "bah",
@@ -1415,7 +1449,8 @@
moduleName: "baz",
variantName: "android_common_baz",
apkPath: "/target/product/test_device/system/app/baz/baz.apk",
- signFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
+ certFlag: "build/make/target/product/security/expiredkey.x509.pem build/make/target/product/security/expiredkey.pk8",
+ lineageFlag: "",
overrides: []string{"qux", "foo"},
aaptFlag: "--rename-manifest-package org.dandroid.bp",
logging_parent: "",
@@ -1440,9 +1475,15 @@
// Check the certificate paths
signapk := variant.Output(expected.moduleName + ".apk")
- signFlag := signapk.Args["certificates"]
- if expected.signFlag != signFlag {
- t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.signFlag, signFlag)
+ certFlag := signapk.Args["certificates"]
+ if expected.certFlag != certFlag {
+ t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.certFlag, certFlag)
+ }
+
+ // Check the lineage flags
+ lineageFlag := signapk.Args["flags"]
+ if expected.lineageFlag != lineageFlag {
+ t.Errorf("Incorrect signing flags, expected: %q, got: %q", expected.lineageFlag, lineageFlag)
}
// Check if the overrides field values are correctly aggregated.
diff --git a/java/testing.go b/java/testing.go
index 28c1a26..dd35653 100644
--- a/java/testing.go
+++ b/java/testing.go
@@ -114,6 +114,7 @@
"cert/new_cert.x509.pem": nil,
"cert/new_cert.pk8": nil,
+ "lineage.bin": nil,
"testdata/data": nil,