Test: mma and run sign_apex
This reverts commit 8fe9e3a2c7.
Reason for revert: Updateable SEPolicy is punted.
Change-Id: I28ae2afbb1083e215f4e0a27a9164133cd73dd76
Merged-In: I28ae2afbb1083e215f4e0a27a9164133cd73dd76
This is bad, python already prints exceptino message and exit with
non-zero code when an exception is raised, no need to catch the
exception just to print it. In addition, printing an exception does not
print stacktrace, so catch + sys.exit provide less information than
python's default behavior.
Test: th
Change-Id: If6cf2e34d4ebc9f7d172063b4396bf4377dad447
For not virtApex, this results in a KeyError.
line 151, in <module>\n', ' File
"/usr/local/google/home/baligh/clients/goog/master/out/host/linux-x86/bin/sign_apex/sign_apex.py",
line 144, in main\n', "KeyError: 'sign_tool'\n"]
BUG: 193504286
Test: TH
Change-Id: Id982e5c57086ada78168163d2293813df121847d
A new argument is a custom signing tool for APEX contents. When
specified, apex_util invokes the tool with payload's key and payload
directory.
For now, the Virt APEX has its own custom signing tool (sign_virt_apex)
to re-sign filesystem images in it.
Bug: 193504286
Test: atest releasetools_test
Test: m sign_apex sign_virt_apex
Test: sign_apex --sign_tool sign_virt_apex --payload_key ..
--container_key .. resigned.apex
adb install resigned.apex
reboot & vm run-app
Change-Id: Ic4d369c2ba42a8295044a0a75e054dc8def93208
Some apex payload images contain apk files. And these apks need to be
signed during the signing processed when sign_target_files_apks is
called. To support the signing, we can extract the payload and repack
the apex file with the (de)apexer tool. Add the signing support in the
apex_util.
Bug: 146508800
Test: unit tests pass, run sign_apex, sign_target_files_apks
Change-Id: If6d58975248709a144b07dbabf47c27916e5695e
Bug: 139957269
Test: Sign a target_files.zip. Extract a re-signed APEX and check the
hashtree size (being zero).
Test: Use sign_apex to sign an APEX file. Check the hashtree size (not
being zero).
Test: python -m unittest test_apex_utils
Test: python -m unittest test_sign_apex
Change-Id: I927b7681d66920d7732b700ec3a8f7a65b4cb351
This allows a consistent logic in using the avbtool which could be
board-specific.
Test: `atest releasetools_test`
Test: Run sign_target_files_apks.py on a target_files.zip.
Change-Id: I8cd93b8e71146985734f85c31f4662f5e2e9534c
This ensures a matching interface between sign_apex and apex_utils.
The test apex `testdata/foo.apex` is generated by running
`system/apex/apexer/runtests.sh`.
Test: python -m unittest test_sign_apex
Test: atest releasetools_test
Change-Id: I7c14b1df2a3038ad206aa3e5aac084c47baaa00b
This CL moves SignApex() from sign_target_files_apks into apex_utils,
and adds sign_apex that allows signing a standalone APEX file directly.
Test: Run the following command and check the output file.
$ build/make/tools/releasetools/sign_apex.py \
-v \
--container_key \
build/make/target/product/security/testkey.x509.pem \
--payload_key external/avb/test/data/testkey_rsa4096.pem \
--payload_extra_args \
"--signing_helper_with_files ./signing-helper.sh" \
foo.apex \
signed-foo.apex
Test: Run sign_target_files_apks.py on crosshatch target_files.zip.
Change-Id: I4b2422fd5cb1c60a3aa94511475e2a0e5b1666ca
