Allow passing keystore password other than android

Author: snazhmudinov

providers/providers.bzl

@@ -44,6 +44,7 @@ StarlarkApkInfo = provider(
         keystore = "Keystore used to sign the APK. Deprecated, prefer signing_keys.",
         signing_keys = "List of keys used to sign the APK",
         signing_lineage = "Optional sigining lineage file",
+        keystore_signing_password = "Keystore password (defaults to android)",
         signed_apk = "Signed APK",
         unsigned_apk = "Unsigned APK",
     ),
@@ -190,6 +191,7 @@ ApkInfo = provider(
         signed_apk = "Returns a signed APK built from the target.",
         signing_keys = "Returns a list of signing keystores that were used to sign the APK.",
         signing_min_v3_rotation_api_version = "Returns the minimum API version for signing the APK with key rotation.",
+        keystore_signing_password = "Returns the keystore password (defaults to android)",
     ),
 )
 

rules/android_binary/attrs.bzl

@@ -175,6 +175,12 @@ ATTRS = _attrs.replace(
                       """,
                 cfg = android_platforms_transition,
             ),
+            keystore_signing_password = attr.string(
+                doc = """
+                    The password for the KeyStore that contains the signer's key and certificate.
+                """,
+                default = "android",
+            ),
             key_rotation_min_sdk = attr.string(
                 doc = """
                       Sets the minimum Android platform version (API Level) for which an APK's

rules/android_binary/impl.bzl

@@ -984,6 +984,7 @@ def _process_apk_packaging(ctx, packaged_resources_ctx, native_libs_ctx, dex_ctx
         signing_keys = signing_keys,
         signing_lineage = ctx.file.debug_signing_lineage_file,
         signing_key_rotation_min_sdk = ctx.attr.key_rotation_min_sdk,
+        keystore_signing_password = ctx.attr.keystore_signing_password,
         deterministic_signing = False,
         java_toolchain = common.get_java_toolchain(ctx),
         deploy_info_writer = get_android_toolchain(ctx).deploy_info_writer.files_to_run,

rules/apk_packaging.bzl

@@ -54,6 +54,7 @@ def _process(
         signing_keys = [],
         signing_lineage = None,
         signing_key_rotation_min_sdk = None,
+        keystore_signing_password = "android",
         stamp_signing_key = None,
         deterministic_signing = False,
         java_toolchain = None,
@@ -84,6 +85,7 @@ def _process(
         signing_keys: Sequence of Files. The keystores to be used to sign the APK.
         signing_lineage: File. The signing lineage for signing_keys.
         signing_key_rotation_min_sdk: The minimum API version for signing the APK with key rotation.
+        signing_password: String. The password for the signing keystores. Defaults to "android".
         stamp_signing_key: File. The keystore to be used to sign the APK with stamp signing.
         deterministic_signing: Boolean. Whether to enable deterministic DSA signing.
         java_toolchain: The JavaToolchain target.
@@ -136,6 +138,7 @@ def _process(
         out_apk = signed_apk,
         in_apk = zipaligned_apk,
         signing_keys = signing_keys,
+        keystore_signing_password = keystore_signing_password,
         stamp_signing_key = stamp_signing_key,
         deterministic_signing = deterministic_signing,
         signing_lineage = signing_lineage,
@@ -320,6 +323,7 @@ def _sign_apk(
         out_apk,
         in_apk,
         signing_keys = [],
+        keystore_signing_password = "android",
         stamp_signing_key = None,
         deterministic_signing = True,
         signing_lineage = None,
@@ -351,7 +355,7 @@ def _sign_apk(
         if i > 0:
             args.add("--next-signer")
         args.add("--ks", signing_keys[i])
-        args.add("--ks-pass", "pass:android")
+        args.add("--ks-pass", "pass:{keystore_signing_password}".format(keystore_signing_password = keystore_signing_password))
 
     args.add("--v1-signing-enabled", ctx.fragments.android.apk_signing_method_v1)
     args.add("--v1-signer-name", "CERT")
@@ -371,7 +375,7 @@ def _sign_apk(
         inputs.append(stamp_signing_key)
         args.add("--stamp-signer")
         args.add("--ks", stamp_signing_key)
-        args.add("--ks-pass", "pass:android")
+        args.add("--ks-pass", "pass:{keystore_signing_password}".format(keystore_signing_password = keystore_signing_password))
 
     args.add("--out", out_apk)
     args.add(in_apk)