Skip to content

Commit 91fecd5

Browse files
snazhmudinovsnazhmudinov
committed
Allow passing keystore password other than android
1 parent db71ce3 commit 91fecd5

File tree

7 files changed

+26
-7
lines changed

7 files changed

+26
-7
lines changed

mobile_install/adapters/android_binary.bzl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ def extract(target, ctx):
5959
debug_signing_keys = ctx.rule.files.debug_signing_keys,
6060
debug_signing_lineage_file = utils.only(ctx.rule.files.debug_signing_lineage_file, allow_empty = True),
6161
key_rotation_min_sdk = ctx.rule.attr.key_rotation_min_sdk,
62+
keystore_signing_password = ctx.rule.attr.keystore_signing_password,
6263
merged_manifest = target[AndroidIdeInfo].generated_manifest,
6364
native_libs = target[AndroidIdeInfo].native_libs,
6465
package = java_package,

mobile_install/apks.bzl

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ def _patch_split_manifests(ctx, orig_manifest, split_manifests, out_manifest_pac
6060
progress_message = "MI Patch split manifests",
6161
)
6262

63-
def _make_split_apk(ctx, dirs, artifacts, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, out):
63+
def _make_split_apk(ctx, dirs, artifacts, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password, out):
6464
unsigned = utils.isolated_declare_file(ctx, out.basename + "_unsigned", sibling = out)
6565

6666
args = ctx.actions.args()
@@ -87,7 +87,7 @@ def _make_split_apk(ctx, dirs, artifacts, debug_signing_keys, debug_signing_line
8787
progress_message = "MI Making split app %s" % out.path,
8888
)
8989

90-
_zipalign_sign(ctx, unsigned, out, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk)
90+
_zipalign_sign(ctx, unsigned, out, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password)
9191

9292
def make_split_apks(
9393
ctx,
@@ -101,6 +101,7 @@ def make_split_apks(
101101
debug_signing_keys,
102102
debug_signing_lineage_file,
103103
key_rotation_min_sdk,
104+
keystore_signing_password,
104105
sibling):
105106
"""Create a split for each dex and for resources"""
106107
manifest_package_name = utils.isolated_declare_file(ctx, "manifest_package_name.txt", sibling = sibling)
@@ -159,6 +160,7 @@ def make_split_apks(
159160
debug_signing_keys,
160161
debug_signing_lineage_file,
161162
key_rotation_min_sdk,
163+
keystore_signing_password,
162164
split,
163165
)
164166
splits.append(split)
@@ -185,18 +187,18 @@ def make_split_apks(
185187
# Resources are now in the base apk to support RRO. Previously they were a separate split, but
186188
# base reinstalls no longer require a full reinstall.
187189
base = utils.isolated_declare_file(ctx, "splits/base.apk", sibling = sibling)
188-
_make_split_apk(ctx, [compiled], [resource_apk, java8_legacy], debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, base)
190+
_make_split_apk(ctx, [compiled], [resource_apk, java8_legacy], debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password, base)
189191
splits.append(base)
190192

191193
return manifest_package_name, splits
192194

193-
def _zipalign_sign(ctx, unsigned_apk, signed_apk, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk):
195+
def _zipalign_sign(ctx, unsigned_apk, signed_apk, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password):
194196
"""Zipalign and signs the given apk."""
195197

196198
signing_params = ((("--lineage %s " % debug_signing_lineage_file.path) if debug_signing_lineage_file else "") +
197199
(("--rotation-min-sdk-version %s " % key_rotation_min_sdk) if key_rotation_min_sdk else "") +
198200
" --next-signer ".join([
199-
"--ks %s --ks-pass pass:android" % debug_signing_key.path
201+
"--ks %s --ks-pass pass:%s" % (debug_signing_key.path, keystore_signing_password)
200202
for debug_signing_key in debug_signing_keys
201203
]) +
202204
" --v1-signing-enabled true" +

mobile_install/process.bzl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ def process(
3838
debug_signing_keys = [],
3939
debug_signing_lineage_file = None,
4040
key_rotation_min_sdk = None,
41+
keystore_signing_password = "android",
4142
apk = None,
4243
sibling = None):
4344
"""Processes the data in the mi and return data to pass up the graph.
@@ -57,6 +58,7 @@ def process(
5758
debug_signing_keys: Debug keystores to be used to sign the apk.
5859
debug_signing_lineage_file: File containing the signing lineage.
5960
key_rotation_min_sdk: String of the minimum API level to rotate signing keys for.
61+
keystore_signing_password: String. The password for the signing keystores.
6062
apk: The generated apk for the app.
6163
sibling: The path to the launcher file.
6264
@@ -109,6 +111,7 @@ def process(
109111
debug_signing_keys,
110112
debug_signing_lineage_file,
111113
key_rotation_min_sdk,
114+
keystore_signing_password,
112115
sibling,
113116
)
114117

providers/providers.bzl

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ StarlarkApkInfo = provider(
4444
keystore = "Keystore used to sign the APK. Deprecated, prefer signing_keys.",
4545
signing_keys = "List of keys used to sign the APK",
4646
signing_lineage = "Optional sigining lineage file",
47+
keystore_signing_password = "Keystore password (defaults to android)",
4748
signed_apk = "Signed APK",
4849
unsigned_apk = "Unsigned APK",
4950
),
@@ -190,6 +191,7 @@ ApkInfo = provider(
190191
signed_apk = "Returns a signed APK built from the target.",
191192
signing_keys = "Returns a list of signing keystores that were used to sign the APK.",
192193
signing_min_v3_rotation_api_version = "Returns the minimum API version for signing the APK with key rotation.",
194+
keystore_signing_password = "Returns the keystore password (defaults to android)",
193195
),
194196
)
195197

rules/android_binary/attrs.bzl

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,12 @@ ATTRS = _attrs.replace(
175175
""",
176176
cfg = android_platforms_transition,
177177
),
178+
keystore_signing_password = attr.string(
179+
doc = """
180+
The password for the KeyStore that contains the signer's key and certificate.
181+
""",
182+
default = "android",
183+
),
178184
key_rotation_min_sdk = attr.string(
179185
doc = """
180186
Sets the minimum Android platform version (API Level) for which an APK's

rules/android_binary/impl.bzl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -984,6 +984,7 @@ def _process_apk_packaging(ctx, packaged_resources_ctx, native_libs_ctx, dex_ctx
984984
signing_keys = signing_keys,
985985
signing_lineage = ctx.file.debug_signing_lineage_file,
986986
signing_key_rotation_min_sdk = ctx.attr.key_rotation_min_sdk,
987+
keystore_signing_password = ctx.attr.keystore_signing_password,
987988
deterministic_signing = False,
988989
java_toolchain = common.get_java_toolchain(ctx),
989990
deploy_info_writer = get_android_toolchain(ctx).deploy_info_writer.files_to_run,

rules/apk_packaging.bzl

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ def _process(
5454
signing_keys = [],
5555
signing_lineage = None,
5656
signing_key_rotation_min_sdk = None,
57+
keystore_signing_password = "android",
5758
stamp_signing_key = None,
5859
deterministic_signing = False,
5960
java_toolchain = None,
@@ -84,6 +85,7 @@ def _process(
8485
signing_keys: Sequence of Files. The keystores to be used to sign the APK.
8586
signing_lineage: File. The signing lineage for signing_keys.
8687
signing_key_rotation_min_sdk: The minimum API version for signing the APK with key rotation.
88+
signing_password: String. The password for the signing keystores. Defaults to "android".
8789
stamp_signing_key: File. The keystore to be used to sign the APK with stamp signing.
8890
deterministic_signing: Boolean. Whether to enable deterministic DSA signing.
8991
java_toolchain: The JavaToolchain target.
@@ -136,6 +138,7 @@ def _process(
136138
out_apk = signed_apk,
137139
in_apk = zipaligned_apk,
138140
signing_keys = signing_keys,
141+
keystore_signing_password = keystore_signing_password,
139142
stamp_signing_key = stamp_signing_key,
140143
deterministic_signing = deterministic_signing,
141144
signing_lineage = signing_lineage,
@@ -320,6 +323,7 @@ def _sign_apk(
320323
out_apk,
321324
in_apk,
322325
signing_keys = [],
326+
keystore_signing_password = "android",
323327
stamp_signing_key = None,
324328
deterministic_signing = True,
325329
signing_lineage = None,
@@ -351,7 +355,7 @@ def _sign_apk(
351355
if i > 0:
352356
args.add("--next-signer")
353357
args.add("--ks", signing_keys[i])
354-
args.add("--ks-pass", "pass:android")
358+
args.add("--ks-pass", "pass:{keystore_signing_password}".format(keystore_signing_password = keystore_signing_password))
355359

356360
args.add("--v1-signing-enabled", ctx.fragments.android.apk_signing_method_v1)
357361
args.add("--v1-signer-name", "CERT")
@@ -371,7 +375,7 @@ def _sign_apk(
371375
inputs.append(stamp_signing_key)
372376
args.add("--stamp-signer")
373377
args.add("--ks", stamp_signing_key)
374-
args.add("--ks-pass", "pass:android")
378+
args.add("--ks-pass", "pass:{keystore_signing_password}".format(keystore_signing_password = keystore_signing_password))
375379

376380
args.add("--out", out_apk)
377381
args.add(in_apk)

0 commit comments

Comments
 (0)