diff options
| author | Doug Zongker <dougz@android.com> | 2009-12-15 15:06:55 -0800 |
|---|---|---|
| committer | Doug Zongker <dougz@android.com> | 2009-12-15 15:06:55 -0800 |
| commit | f6a53aa5f24878ad9098409ed3d3f41bb5c63fb5 (patch) | |
| tree | 26993d68c40ee81a4a727631bb5bc23cb744e35a /tools/releasetools/check_target_files_signatures | |
| parent | bfa7a8fbda9317dee6266fe1e67399ba6d84c7a1 (diff) | |
| download | build-f6a53aa5f24878ad9098409ed3d3f41bb5c63fb5.zip build-f6a53aa5f24878ad9098409ed3d3f41bb5c63fb5.tar.gz build-f6a53aa5f24878ad9098409ed3d3f41bb5c63fb5.tar.bz2 | |
add "EXTERNAL" as special value of LOCAL_CERTIFICATE
Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a
prebuilt or otherwise) as needing the default test key within the
system, but one that should be signed after the target_files is
produced but before sign_target_files_apks does the rest of the
signing. (We use this to ship apps on the system that are signed by
third parties, like Facebook.)
Diffstat (limited to 'tools/releasetools/check_target_files_signatures')
| -rwxr-xr-x | tools/releasetools/check_target_files_signatures | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/tools/releasetools/check_target_files_signatures b/tools/releasetools/check_target_files_signatures index b91f3d4..17aebdc 100755 --- a/tools/releasetools/check_target_files_signatures +++ b/tools/releasetools/check_target_files_signatures @@ -248,6 +248,7 @@ class TargetFiles(object): d = common.UnzipTemp(filename, '*.apk') try: self.apks = {} + self.apks_by_basename = {} for dirpath, dirnames, filenames in os.walk(d): for fn in filenames: if fn.endswith(".apk"): @@ -255,12 +256,17 @@ class TargetFiles(object): displayname = fullname[len(d)+1:] apk = APK(fullname, displayname) self.apks[apk.package] = apk + self.apks_by_basename[os.path.basename(apk.filename)] = apk self.max_pkg_len = max(self.max_pkg_len, len(apk.package)) self.max_fn_len = max(self.max_fn_len, len(apk.filename)) finally: shutil.rmtree(d) + z = zipfile.ZipFile(open(filename, "rb")) + self.certmap = common.ReadApkCerts(z) + z.close() + def CheckSharedUids(self): """Look for any instances where packages signed with different certs request the same sharedUserId.""" @@ -292,6 +298,20 @@ class TargetFiles(object): apk.package, apk.filename) print + def CheckExternalSignatures(self): + for apk_filename, certname in self.certmap.iteritems(): + if certname == "EXTERNAL": + # Apps marked EXTERNAL should be signed with the test key + # during development, then manually re-signed after + # predexopting. Consider it an error if this app is now + # signed with any key that is present in our tree. + apk = self.apks_by_basename[apk_filename] + name = ALL_CERTS.Get(apk.cert) + if not name.startswith("unknown "): + Push(apk.filename) + AddProblem("hasn't been signed with EXTERNAL cert") + Pop() + def PrintCerts(self): """Display a table of packages grouped by cert.""" by_cert = {} @@ -402,6 +422,7 @@ def main(argv): Banner("target files") target_files.PrintCerts() target_files.CheckSharedUids() + target_files.CheckExternalSignatures() if compare_files: if OPTIONS.text: Banner("comparison files") |