platform_build_soong/apex/apex.go
Jiyong Park fa0a37365b Fail gracefully when apek_key is not found
When the private key file can not be obtained, e.g., due to missing git
project where the apex_key module is defined, fail gracefully with an
error message instead of panicing.

Bug: 119256776
Test: modify the key property in /systme/apex/Android.bp to
apex.test.key2 and run `ALLOW_MISSING_DEPENDENCIES=true m apex.test`
The build fails with

error: system/apex/Android.bp:32:8: module "apex.test" variant "android_common_apex.test": key: private_key for "apex.test.key2" could not be found

Change-Id: I2cd5fed0f046de1f0b380fbdac5f8b82816b0e24
2018-11-09 05:55:32 +09:00

569 lines
20 KiB
Go

// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package apex
import (
"fmt"
"io"
"path/filepath"
"runtime"
"sort"
"strings"
"android/soong/android"
"android/soong/cc"
"android/soong/java"
"github.com/google/blueprint"
"github.com/google/blueprint/proptools"
)
var (
pctx = android.NewPackageContext("android/apex")
// Create a canned fs config file where all files and directories are
// by default set to (uid/gid/mode) = (1000/1000/0644)
// TODO(b/113082813) make this configurable using config.fs syntax
generateFsConfig = pctx.StaticRule("generateFsConfig", blueprint.RuleParams{
Command: `echo '/ 1000 1000 0755' > ${out} && ` +
`echo '/manifest.json 1000 1000 0644' >> ${out} && ` +
`echo ${ro_paths} | tr ' ' '\n' | awk '{print "/"$$1 " 1000 1000 0644"}' >> ${out} && ` +
`echo ${exec_paths} | tr ' ' '\n' | awk '{print "/"$$1 " 1000 1000 0755"}' >> ${out}`,
Description: "fs_config ${out}",
}, "ro_paths", "exec_paths")
// TODO(b/113233103): make sure that file_contexts is sane, i.e., validate
// against the binary policy using sefcontext_compiler -p <policy>.
// TODO(b/114327326): automate the generation of file_contexts
apexRule = pctx.StaticRule("apexRule", blueprint.RuleParams{
Command: `rm -rf ${image_dir} && mkdir -p ${image_dir} && ` +
`(${copy_commands}) && ` +
`APEXER_TOOL_PATH=${tool_path} ` +
`${apexer} --verbose --force --manifest ${manifest} ` +
`--file_contexts ${file_contexts} ` +
`--canned_fs_config ${canned_fs_config} ` +
`--key ${key} ${image_dir} ${out} `,
CommandDeps: []string{"${apexer}", "${avbtool}", "${e2fsdroid}", "${merge_zips}",
"${mke2fs}", "${resize2fs}", "${sefcontext_compile}",
"${soong_zip}", "${zipalign}", "${aapt2}"},
Description: "APEX ${image_dir} => ${out}",
}, "tool_path", "image_dir", "copy_commands", "manifest", "file_contexts", "canned_fs_config", "key")
)
var apexSuffix = ".apex"
type dependencyTag struct {
blueprint.BaseDependencyTag
name string
}
var (
sharedLibTag = dependencyTag{name: "sharedLib"}
executableTag = dependencyTag{name: "executable"}
javaLibTag = dependencyTag{name: "javaLib"}
prebuiltTag = dependencyTag{name: "prebuilt"}
keyTag = dependencyTag{name: "key"}
certificateTag = dependencyTag{name: "certificate"}
)
func init() {
pctx.Import("android/soong/common")
pctx.Import("android/soong/java")
pctx.HostBinToolVariable("apexer", "apexer")
// ART minimal builds (using the master-art manifest) do not have the "frameworks/base"
// projects, and hence cannot built 'aapt2'. Use the SDK prebuilt instead.
hostBinToolVariableWithPrebuilt := func(name, prebuiltDir, tool string) {
pctx.VariableFunc(name, func(ctx android.PackageVarContext) string {
if !android.ExistentPathForSource(ctx, "frameworks/base").Valid() {
return filepath.Join(prebuiltDir, runtime.GOOS, "bin", tool)
} else {
return pctx.HostBinToolPath(ctx, tool).String()
}
})
}
hostBinToolVariableWithPrebuilt("aapt2", "prebuilts/sdk/tools", "aapt2")
pctx.HostBinToolVariable("avbtool", "avbtool")
pctx.HostBinToolVariable("e2fsdroid", "e2fsdroid")
pctx.HostBinToolVariable("merge_zips", "merge_zips")
pctx.HostBinToolVariable("mke2fs", "mke2fs")
pctx.HostBinToolVariable("resize2fs", "resize2fs")
pctx.HostBinToolVariable("sefcontext_compile", "sefcontext_compile")
pctx.HostBinToolVariable("soong_zip", "soong_zip")
pctx.HostBinToolVariable("zipalign", "zipalign")
android.RegisterModuleType("apex", apexBundleFactory)
android.PostDepsMutators(func(ctx android.RegisterMutatorsContext) {
ctx.TopDown("apex_deps", apexDepsMutator)
ctx.BottomUp("apex", apexMutator)
})
}
// maps a module name to set of apex bundle names that the module should be built for
func apexBundleNamesFor(config android.Config) map[string]map[string]bool {
return config.Once("apexBundleNames", func() interface{} {
return make(map[string]map[string]bool)
}).(map[string]map[string]bool)
}
// Mark the direct and transitive dependencies of apex bundles so that they
// can be built for the apex bundles.
func apexDepsMutator(mctx android.TopDownMutatorContext) {
if _, ok := mctx.Module().(*apexBundle); ok {
apexBundleName := mctx.Module().Name()
mctx.WalkDeps(func(child, parent android.Module) bool {
if am, ok := child.(android.ApexModule); ok && am.CanHaveApexVariants() {
moduleName := am.Name() + "-" + am.Target().String()
bundleNames, ok := apexBundleNamesFor(mctx.Config())[moduleName]
if !ok {
bundleNames = make(map[string]bool)
apexBundleNamesFor(mctx.Config())[moduleName] = bundleNames
}
bundleNames[apexBundleName] = true
return true
} else {
return false
}
})
}
}
// Create apex variations if a module is included in APEX(s).
func apexMutator(mctx android.BottomUpMutatorContext) {
if am, ok := mctx.Module().(android.ApexModule); ok && am.CanHaveApexVariants() {
moduleName := am.Name() + "-" + am.Target().String()
if bundleNames, ok := apexBundleNamesFor(mctx.Config())[moduleName]; ok {
variations := []string{"platform"}
for bn := range bundleNames {
variations = append(variations, bn)
}
modules := mctx.CreateVariations(variations...)
for i, m := range modules {
if i == 0 {
continue // platform
}
m.(android.ApexModule).BuildForApex(variations[i])
}
}
} else if _, ok := mctx.Module().(*apexBundle); ok {
// apex bundle itself is mutated so that it and its modules have same
// apex variant.
apexBundleName := mctx.ModuleName()
mctx.CreateVariations(apexBundleName)
}
}
type apexBundleProperties struct {
// Json manifest file describing meta info of this APEX bundle. Default:
// "manifest.json"
Manifest *string
// File contexts file for setting security context to each file in this APEX bundle
// Default: "file_contexts".
File_contexts *string
// List of native shared libs that are embedded inside this APEX bundle
Native_shared_libs []string
// List of native executables that are embedded inside this APEX bundle
Binaries []string
// List of java libraries that are embedded inside this APEX bundle
Java_libs []string
// List of prebuilt files that are embedded inside this APEX bundle
Prebuilts []string
// Name of the apex_key module that provides the private key to sign APEX
Key *string
// The name of a certificate in the default certificate directory, blank to use the default product certificate,
// or an android_app_certificate module name in the form ":module".
Certificate *string
Multilib struct {
First struct {
// List of native libraries whose compile_multilib is "first"
Native_shared_libs []string
// List of native executables whose compile_multilib is "first"
Binaries []string
}
Both struct {
// List of native libraries whose compile_multilib is "both"
Native_shared_libs []string
// List of native executables whose compile_multilib is "both"
Binaries []string
}
Prefer32 struct {
// List of native libraries whose compile_multilib is "prefer32"
Native_shared_libs []string
// List of native executables whose compile_multilib is "prefer32"
Binaries []string
}
Lib32 struct {
// List of native libraries whose compile_multilib is "32"
Native_shared_libs []string
// List of native executables whose compile_multilib is "32"
Binaries []string
}
Lib64 struct {
// List of native libraries whose compile_multilib is "64"
Native_shared_libs []string
// List of native executables whose compile_multilib is "64"
Binaries []string
}
}
}
type apexBundle struct {
android.ModuleBase
android.DefaultableModuleBase
properties apexBundleProperties
outputFile android.WritablePath
installDir android.OutputPath
}
func addDependenciesForNativeModules(ctx android.BottomUpMutatorContext,
native_shared_libs []string, binaries []string, arch string) {
// Use *FarVariation* to be able to depend on modules having
// conflicting variations with this module. This is required since
// arch variant of an APEX bundle is 'common' but it is 'arm' or 'arm64'
// for native shared libs.
ctx.AddFarVariationDependencies([]blueprint.Variation{
{Mutator: "arch", Variation: arch},
{Mutator: "image", Variation: "core"},
{Mutator: "link", Variation: "shared"},
}, sharedLibTag, native_shared_libs...)
ctx.AddFarVariationDependencies([]blueprint.Variation{
{Mutator: "arch", Variation: arch},
{Mutator: "image", Variation: "core"},
}, executableTag, binaries...)
}
func (a *apexBundle) DepsMutator(ctx android.BottomUpMutatorContext) {
targets := ctx.MultiTargets()
has32BitTarget := false
for _, target := range targets {
if target.Arch.ArchType.Multilib == "lib32" {
has32BitTarget = true
}
}
for i, target := range targets {
// When multilib.* is omitted for native_shared_libs, it implies
// multilib.both.
ctx.AddFarVariationDependencies([]blueprint.Variation{
{Mutator: "arch", Variation: target.String()},
{Mutator: "image", Variation: "core"},
{Mutator: "link", Variation: "shared"},
}, sharedLibTag, a.properties.Native_shared_libs...)
// Add native modules targetting both ABIs
addDependenciesForNativeModules(ctx,
a.properties.Multilib.Both.Native_shared_libs,
a.properties.Multilib.Both.Binaries, target.String())
if i == 0 {
// When multilib.* is omitted for binaries, it implies
// multilib.first.
ctx.AddFarVariationDependencies([]blueprint.Variation{
{Mutator: "arch", Variation: target.String()},
{Mutator: "image", Variation: "core"},
}, executableTag, a.properties.Binaries...)
// Add native modules targetting the first ABI
addDependenciesForNativeModules(ctx,
a.properties.Multilib.First.Native_shared_libs,
a.properties.Multilib.First.Binaries, target.String())
}
switch target.Arch.ArchType.Multilib {
case "lib32":
// Add native modules targetting 32-bit ABI
addDependenciesForNativeModules(ctx,
a.properties.Multilib.Lib32.Native_shared_libs,
a.properties.Multilib.Lib32.Binaries, target.String())
addDependenciesForNativeModules(ctx,
a.properties.Multilib.Prefer32.Native_shared_libs,
a.properties.Multilib.Prefer32.Binaries, target.String())
case "lib64":
// Add native modules targetting 64-bit ABI
addDependenciesForNativeModules(ctx,
a.properties.Multilib.Lib64.Native_shared_libs,
a.properties.Multilib.Lib64.Binaries, target.String())
if !has32BitTarget {
addDependenciesForNativeModules(ctx,
a.properties.Multilib.Prefer32.Native_shared_libs,
a.properties.Multilib.Prefer32.Binaries, target.String())
}
}
}
ctx.AddFarVariationDependencies([]blueprint.Variation{
{Mutator: "arch", Variation: "android_common"},
}, javaLibTag, a.properties.Java_libs...)
ctx.AddFarVariationDependencies([]blueprint.Variation{
{Mutator: "arch", Variation: "android_common"},
}, prebuiltTag, a.properties.Prebuilts...)
if String(a.properties.Key) == "" {
ctx.ModuleErrorf("key is missing")
return
}
ctx.AddDependency(ctx.Module(), keyTag, String(a.properties.Key))
cert := android.SrcIsModule(String(a.properties.Certificate))
if cert != "" {
ctx.AddDependency(ctx.Module(), certificateTag, cert)
}
}
func getCopyManifestForNativeLibrary(cc *cc.Module) (fileToCopy android.Path, dirInApex string) {
// Decide the APEX-local directory by the multilib of the library
// In the future, we may query this to the module.
switch cc.Arch().ArchType.Multilib {
case "lib32":
dirInApex = "lib"
case "lib64":
dirInApex = "lib64"
}
if !cc.Arch().Native {
dirInApex = filepath.Join(dirInApex, cc.Arch().ArchType.String())
}
fileToCopy = cc.OutputFile().Path()
return
}
func getCopyManifestForExecutable(cc *cc.Module) (fileToCopy android.Path, dirInApex string) {
dirInApex = "bin"
fileToCopy = cc.OutputFile().Path()
return
}
func getCopyManifestForJavaLibrary(java *java.Library) (fileToCopy android.Path, dirInApex string) {
dirInApex = "javalib"
fileToCopy = java.Srcs()[0]
return
}
func getCopyManifestForPrebuiltEtc(prebuilt *android.PrebuiltEtc) (fileToCopy android.Path, dirInApex string) {
dirInApex = filepath.Join("etc", prebuilt.SubDir())
fileToCopy = prebuilt.OutputFile()
return
}
func (a *apexBundle) GenerateAndroidBuildActions(ctx android.ModuleContext) {
// files to copy -> dir in apex
copyManifest := make(map[android.Path]string)
var keyFile android.Path
var certificate java.Certificate
ctx.WalkDeps(func(child, parent android.Module) bool {
if _, ok := parent.(*apexBundle); ok {
// direct dependencies
depTag := ctx.OtherModuleDependencyTag(child)
depName := ctx.OtherModuleName(child)
switch depTag {
case sharedLibTag:
if cc, ok := child.(*cc.Module); ok {
fileToCopy, dirInApex := getCopyManifestForNativeLibrary(cc)
copyManifest[fileToCopy] = dirInApex
return true
} else {
ctx.PropertyErrorf("native_shared_libs", "%q is not a cc_library or cc_library_shared module", depName)
}
case executableTag:
if cc, ok := child.(*cc.Module); ok {
fileToCopy, dirInApex := getCopyManifestForExecutable(cc)
copyManifest[fileToCopy] = dirInApex
return true
} else {
ctx.PropertyErrorf("binaries", "%q is not a cc_binary module", depName)
}
case javaLibTag:
if java, ok := child.(*java.Library); ok {
fileToCopy, dirInApex := getCopyManifestForJavaLibrary(java)
copyManifest[fileToCopy] = dirInApex
return true
} else {
ctx.PropertyErrorf("java_libs", "%q is not a java_library module", depName)
}
case prebuiltTag:
if prebuilt, ok := child.(*android.PrebuiltEtc); ok {
fileToCopy, dirInApex := getCopyManifestForPrebuiltEtc(prebuilt)
copyManifest[fileToCopy] = dirInApex
return true
} else {
ctx.PropertyErrorf("prebuilts", "%q is not a prebuilt_etc module", depName)
}
case keyTag:
if key, ok := child.(*apexKey); ok {
keyFile = key.private_key_file
return false
} else {
ctx.PropertyErrorf("key", "%q is not an apex_key module", depName)
}
case certificateTag:
if dep, ok := child.(*java.AndroidAppCertificate); ok {
certificate = dep.Certificate
return false
} else {
ctx.ModuleErrorf("certificate dependency %q must be an android_app_certificate module", depName)
}
}
} else {
// indirect dependencies
if am, ok := child.(android.ApexModule); ok && am.CanHaveApexVariants() && am.IsInstallableToApex() {
if cc, ok := child.(*cc.Module); ok {
fileToCopy, dirInApex := getCopyManifestForNativeLibrary(cc)
copyManifest[fileToCopy] = dirInApex
return true
}
}
}
return false
})
if keyFile == nil {
ctx.PropertyErrorf("key", "private_key for %q could not be found", String(a.properties.Key))
return
}
cert := String(a.properties.Certificate)
if cert != "" && android.SrcIsModule(cert) == "" {
defaultDir := ctx.Config().DefaultAppCertificateDir(ctx)
certificate = java.Certificate{
defaultDir.Join(ctx, cert+".x509.pem"),
defaultDir.Join(ctx, cert+".pk8"),
}
} else if cert == "" {
pem, key := ctx.Config().DefaultAppCertificate(ctx)
certificate = java.Certificate{pem, key}
}
// files and dirs that will be created in apex
var readOnlyPaths []string
var executablePaths []string // this also includes dirs
for fileToCopy, dirInApex := range copyManifest {
pathInApex := filepath.Join(dirInApex, fileToCopy.Base())
if dirInApex == "bin" {
executablePaths = append(executablePaths, pathInApex)
} else {
readOnlyPaths = append(readOnlyPaths, pathInApex)
}
if !android.InList(dirInApex, executablePaths) {
executablePaths = append(executablePaths, dirInApex)
}
}
sort.Strings(readOnlyPaths)
sort.Strings(executablePaths)
cannedFsConfig := android.PathForModuleOut(ctx, "canned_fs_config")
ctx.ModuleBuild(pctx, android.ModuleBuildParams{
Rule: generateFsConfig,
Output: cannedFsConfig,
Args: map[string]string{
"ro_paths": strings.Join(readOnlyPaths, " "),
"exec_paths": strings.Join(executablePaths, " "),
},
})
manifest := android.PathForModuleSrc(ctx, proptools.StringDefault(a.properties.Manifest, "manifest.json"))
fileContexts := android.PathForModuleSrc(ctx, proptools.StringDefault(a.properties.File_contexts, "file_contexts"))
unsignedOutputFile := android.PathForModuleOut(ctx, a.ModuleBase.Name()+apexSuffix+".unsigned")
filesToCopy := []android.Path{}
for file := range copyManifest {
filesToCopy = append(filesToCopy, file)
}
sort.Slice(filesToCopy, func(i, j int) bool {
return filesToCopy[i].String() < filesToCopy[j].String()
})
copyCommands := []string{}
for _, src := range filesToCopy {
dest := filepath.Join(copyManifest[src], src.Base())
dest_path := filepath.Join(android.PathForModuleOut(ctx, "image").String(), dest)
copyCommands = append(copyCommands, "mkdir -p "+filepath.Dir(dest_path))
copyCommands = append(copyCommands, "cp "+src.String()+" "+dest_path)
}
implicitInputs := append(android.Paths(nil), filesToCopy...)
implicitInputs = append(implicitInputs, cannedFsConfig, manifest, fileContexts, keyFile)
outHostBinDir := android.PathForOutput(ctx, "host", ctx.Config().PrebuiltOS(), "bin").String()
prebuiltSdkToolsBinDir := filepath.Join("prebuilts", "sdk", "tools", runtime.GOOS, "bin")
ctx.ModuleBuild(pctx, android.ModuleBuildParams{
Rule: apexRule,
Implicits: implicitInputs,
Output: unsignedOutputFile,
Args: map[string]string{
"tool_path": outHostBinDir + ":" + prebuiltSdkToolsBinDir,
"image_dir": android.PathForModuleOut(ctx, "image").String(),
"copy_commands": strings.Join(copyCommands, " && "),
"manifest": manifest.String(),
"file_contexts": fileContexts.String(),
"canned_fs_config": cannedFsConfig.String(),
"key": keyFile.String(),
},
})
a.outputFile = android.PathForModuleOut(ctx, a.ModuleBase.Name()+apexSuffix)
ctx.Build(pctx, android.BuildParams{
Rule: java.Signapk,
Description: "signapk",
Output: a.outputFile,
Input: unsignedOutputFile,
Args: map[string]string{
"certificates": strings.Join([]string{certificate.Pem.String(), certificate.Key.String()}, " "),
},
})
a.installDir = android.PathForModuleInstall(ctx, "apex")
}
func (a *apexBundle) AndroidMk() android.AndroidMkData {
return android.AndroidMkData{
Custom: func(w io.Writer, name, prefix, moduleDir string, data android.AndroidMkData) {
fmt.Fprintln(w, "\ninclude $(CLEAR_VARS)")
fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir)
fmt.Fprintln(w, "LOCAL_MODULE :=", name)
fmt.Fprintln(w, "LOCAL_MODULE_CLASS := ETC") // do we need a new class?
fmt.Fprintln(w, "LOCAL_PREBUILT_MODULE_FILE :=", a.outputFile.String())
fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", filepath.Join("$(OUT_DIR)", a.installDir.RelPathString()))
fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", name+apexSuffix)
fmt.Fprintln(w, "LOCAL_REQUIRED_MODULES :=", String(a.properties.Key))
fmt.Fprintln(w, "include $(BUILD_PREBUILT)")
}}
}
func apexBundleFactory() android.Module {
module := &apexBundle{}
module.AddProperties(&module.properties)
module.Prefer32(func(ctx android.BaseModuleContext, base *android.ModuleBase,
class android.OsClass) bool {
return class == android.Device && ctx.Config().DevicePrefer32BitExecutables()
})
android.InitAndroidMultiTargetsArchModule(module, android.DeviceSupported, android.MultilibCommon)
android.InitDefaultableModule(module)
return module
}