File: finalize_apk.py

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (71 lines) | stat: -rw-r--r-- 2,374 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# Copyright 2013 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Signs and aligns an APK."""

import logging
import shutil
import tempfile

from util import build_utils


def FinalizeApk(apksigner_path,
                zipalign_path,
                unsigned_apk_path,
                final_apk_path,
                key_path,
                key_passwd,
                key_name,
                min_sdk_version,
                warnings_as_errors=False):
  # Use a tempfile so that Ctrl-C does not leave the file with a fresh mtime
  # and a corrupted state.
  with tempfile.NamedTemporaryFile() as staging_file:
    if zipalign_path:
      # v2 signing requires that zipalign happen first.
      logging.debug('Running zipalign')
      zipalign_cmd = [
          zipalign_path, '-p', '-f', '4', unsigned_apk_path, staging_file.name
      ]
      build_utils.CheckOutput(zipalign_cmd,
                              print_stdout=True,
                              fail_on_output=warnings_as_errors)
      signer_input_path = staging_file.name
    else:
      signer_input_path = unsigned_apk_path

    sign_cmd = build_utils.JavaCmd() + [
        '-jar',
        apksigner_path,
        'sign',
        '--in',
        signer_input_path,
        '--out',
        staging_file.name,
        '--ks',
        key_path,
        '--ks-key-alias',
        key_name,
        '--ks-pass',
        'pass:' + key_passwd,
    ]
    # V3 signing adds security niceties, which are irrelevant for local builds.
    sign_cmd += ['--v3-signing-enabled', 'false']

    if min_sdk_version >= 24:
      # Disable v1 signatures when v2 signing can be used (it's much faster).
      # By default, both v1 and v2 signing happen.
      sign_cmd += ['--v1-signing-enabled', 'false']
    else:
      # Force SHA-1 (makes signing faster; insecure is fine for local builds).
      # Leave v2 signing enabled since it verifies faster on device when
      # supported.
      sign_cmd += ['--min-sdk-version', '1']

    logging.debug('Signing apk')
    build_utils.CheckOutput(sign_cmd,
                            print_stdout=True,
                            fail_on_output=warnings_as_errors)
    shutil.move(staging_file.name, final_apk_path)
    staging_file._closer.delete = False  # pylint: disable=protected-access