Merge changes I91bd3dce,I2e941fd9
* changes:
releasetools: Fix alignment issue when signing APEXes.
releasetools: Fix an issue in handling PRESIGNED APEX keys.
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 34c1359..632c1e2 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -1008,7 +1008,8 @@
def SignFile(input_name, output_name, key, password, min_api_level=None,
- codename_to_api_level_map=None, whole_file=False):
+ codename_to_api_level_map=None, whole_file=False,
+ extra_signapk_args=None):
"""Sign the input_name zip/jar/apk, producing output_name. Use the
given key and password (the latter may be None if the key does not
have a password.
@@ -1023,9 +1024,14 @@
codename_to_api_level_map is needed to translate the codename which may be
encountered as the APK's minSdkVersion.
+
+ Caller may optionally specify extra args to be passed to SignApk, which
+ defaults to OPTIONS.extra_signapk_args if omitted.
"""
if codename_to_api_level_map is None:
codename_to_api_level_map = {}
+ if extra_signapk_args is None:
+ extra_signapk_args = OPTIONS.extra_signapk_args
java_library_path = os.path.join(
OPTIONS.search_path, OPTIONS.signapk_shared_library_path)
@@ -1033,7 +1039,7 @@
cmd = ([OPTIONS.java_path] + OPTIONS.java_args +
["-Djava.library.path=" + java_library_path,
"-jar", os.path.join(OPTIONS.search_path, OPTIONS.signapk_path)] +
- OPTIONS.extra_signapk_args)
+ extra_signapk_args)
if whole_file:
cmd.append("-w")
diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py
index 75a98fd..16c1840 100755
--- a/tools/releasetools/sign_target_files_apks.py
+++ b/tools/releasetools/sign_target_files_apks.py
@@ -400,7 +400,6 @@
APEX_PAYLOAD_IMAGE = 'apex_payload.img'
- # Signing an APEX is a two step process.
# 1. Extract and sign the APEX_PAYLOAD_IMAGE entry with the given payload_key.
payload_dir = common.MakeTempDir(prefix='apex-payload-')
with zipfile.ZipFile(apex_file) as apex_fd:
@@ -420,21 +419,28 @@
common.ZipWrite(apex_zip, payload_file, arcname=APEX_PAYLOAD_IMAGE)
common.ZipClose(apex_zip)
- # 2. Sign the overall APEX container with container_key.
+ # 2. Align the files at page boundary (same as in apexer).
+ aligned_apex = common.MakeTempFile(
+ prefix='apex-container-', suffix='.apex')
+ common.RunAndCheckOutput(
+ ['zipalign', '-f', '4096', apex_file, aligned_apex])
+
+ # 3. Sign the APEX container with container_key.
signed_apex = common.MakeTempFile(prefix='apex-container-', suffix='.apex')
+
+ # Specify the 4K alignment when calling SignApk.
+ extra_signapk_args = OPTIONS.extra_signapk_args[:]
+ extra_signapk_args.extend(['-a', '4096'])
+
common.SignFile(
- apex_file,
+ aligned_apex,
signed_apex,
container_key,
container_pw,
- codename_to_api_level_map=codename_to_api_level_map)
+ codename_to_api_level_map=codename_to_api_level_map,
+ extra_signapk_args=extra_signapk_args)
- signed_and_aligned_apex = common.MakeTempFile(
- prefix='apex-container-', suffix='.apex')
- common.RunAndCheckOutput(
- ['zipalign', '-f', '4096', signed_apex, signed_and_aligned_apex])
-
- return (signed_and_aligned_apex, payload_info['apex.key'])
+ return (signed_apex, payload_info['apex.key'])
def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info,
@@ -600,7 +606,7 @@
else:
common.ZipWriteStr(output_tf_zip, out_info, data)
- # Update APEX payload public keys.
+ # Copy or update APEX payload public keys.
for info in input_tf_zip.infolist():
filename = info.filename
if (os.path.dirname(filename) != 'SYSTEM/etc/security/apex' or
@@ -609,8 +615,10 @@
name = os.path.basename(filename)
- # Skip PRESIGNED APEXes.
+ # Copy the keys for PRESIGNED APEXes.
if name not in updated_apex_payload_keys:
+ data = input_tf_zip.read(filename)
+ common.ZipWriteStr(output_tf_zip, info, data)
continue
key_path = updated_apex_payload_keys[name]