Allow passing keystore password other than android

mobile_install/adapters/android_binary.bzl

@@ -59,6 +59,7 @@ def extract(target, ctx):
         debug_signing_keys = ctx.rule.files.debug_signing_keys,
         debug_signing_lineage_file = utils.only(ctx.rule.files.debug_signing_lineage_file, allow_empty = True),
         key_rotation_min_sdk = ctx.rule.attr.key_rotation_min_sdk,
+        keystore_signing_password = ctx.rule.attr.keystore_signing_password,
         merged_manifest = target[AndroidIdeInfo].generated_manifest,
         native_libs = target[AndroidIdeInfo].native_libs,
         package = java_package,

mobile_install/apks.bzl

@@ -60,7 +60,7 @@ def _patch_split_manifests(ctx, orig_manifest, split_manifests, out_manifest_pac
         progress_message = "MI Patch split manifests",
     )
 
-def _make_split_apk(ctx, dirs, artifacts, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, out):
+def _make_split_apk(ctx, dirs, artifacts, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password, out):
     unsigned = utils.isolated_declare_file(ctx, out.basename + "_unsigned", sibling = out)
 
     args = ctx.actions.args()
@@ -87,7 +87,7 @@ def _make_split_apk(ctx, dirs, artifacts, debug_signing_keys, debug_signing_line
         progress_message = "MI Making split app %s" % out.path,
     )
 
-    _zipalign_sign(ctx, unsigned, out, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk)
+    _zipalign_sign(ctx, unsigned, out, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password)
 
 def make_split_apks(
         ctx,
@@ -101,6 +101,7 @@ def make_split_apks(
         debug_signing_keys,
         debug_signing_lineage_file,
         key_rotation_min_sdk,
+        keystore_signing_password,
         sibling):
     """Create a split for each dex and for resources"""
     manifest_package_name = utils.isolated_declare_file(ctx, "manifest_package_name.txt", sibling = sibling)
@@ -159,6 +160,7 @@ def make_split_apks(
             debug_signing_keys,
             debug_signing_lineage_file,
             key_rotation_min_sdk,
+            keystore_signing_password,
             split,
         )
         splits.append(split)
@@ -185,18 +187,18 @@ def make_split_apks(
     # Resources are now in the base apk to support RRO. Previously they were a separate split, but
     # base reinstalls no longer require a full reinstall.
     base = utils.isolated_declare_file(ctx, "splits/base.apk", sibling = sibling)
-    _make_split_apk(ctx, [compiled], [resource_apk, java8_legacy], debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, base)
+    _make_split_apk(ctx, [compiled], [resource_apk, java8_legacy], debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password, base)
     splits.append(base)
 
     return manifest_package_name, splits
 
-def _zipalign_sign(ctx, unsigned_apk, signed_apk, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk):
+def _zipalign_sign(ctx, unsigned_apk, signed_apk, debug_signing_keys, debug_signing_lineage_file, key_rotation_min_sdk, keystore_signing_password):
     """Zipalign and signs the given apk."""
 
     signing_params = ((("--lineage %s " % debug_signing_lineage_file.path) if debug_signing_lineage_file else "") +
                       (("--rotation-min-sdk-version %s " % key_rotation_min_sdk) if key_rotation_min_sdk else "") +
                       " --next-signer ".join([
-                          "--ks %s --ks-pass pass:android" % debug_signing_key.path
+                          "--ks %s --ks-pass pass:%s" % (debug_signing_key.path, keystore_signing_password)
                           for debug_signing_key in debug_signing_keys
                       ]) +
                       " --v1-signing-enabled true" +

mobile_install/process.bzl

@@ -38,6 +38,7 @@ def process(
         debug_signing_keys = [],
         debug_signing_lineage_file = None,
         key_rotation_min_sdk = None,
+        keystore_signing_password = "android",
         apk = None,
         sibling = None):
     """Processes the data in the mi and return data to pass up the graph.
@@ -57,6 +58,7 @@ def process(
       debug_signing_keys: Debug keystores to be used to sign the apk.
       debug_signing_lineage_file: File containing the signing lineage.
       key_rotation_min_sdk: String of the minimum API level to rotate signing keys for.
+      keystore_signing_password: String. The password for the signing keystores.
       apk: The generated apk for the app.
       sibling: The path to the launcher file.
 
@@ -109,6 +111,7 @@ def process(
         debug_signing_keys,
         debug_signing_lineage_file,
         key_rotation_min_sdk,
+        keystore_signing_password,
         sibling,
     )
 

providers/providers.bzl

@@ -44,6 +44,7 @@ StarlarkApkInfo = provider(
         keystore = "Keystore used to sign the APK. Deprecated, prefer signing_keys.",
         signing_keys = "List of keys used to sign the APK",
         signing_lineage = "Optional sigining lineage file",
+        keystore_signing_password = "Keystore password (defaults to android)",
         signed_apk = "Signed APK",
         unsigned_apk = "Unsigned APK",
     ),
@@ -190,6 +191,7 @@ ApkInfo = provider(
         signed_apk = "Returns a signed APK built from the target.",
         signing_keys = "Returns a list of signing keystores that were used to sign the APK.",
         signing_min_v3_rotation_api_version = "Returns the minimum API version for signing the APK with key rotation.",
+        keystore_signing_password = "Returns the keystore password (defaults to android)",
     ),
 )
 

rules/android_binary/attrs.bzl

@@ -175,6 +175,12 @@ ATTRS = _attrs.replace(
                       """,
                 cfg = android_platforms_transition,
             ),
+            keystore_signing_password = attr.string(
+                doc = """
+                    The password for the KeyStore that contains the signer's key and certificate.
+                """,
+                default = "android",
+            ),
             key_rotation_min_sdk = attr.string(
                 doc = """
                       Sets the minimum Android platform version (API Level) for which an APK's

rules/android_binary/impl.bzl

@@ -984,6 +984,7 @@ def _process_apk_packaging(ctx, packaged_resources_ctx, native_libs_ctx, dex_ctx
         signing_keys = signing_keys,
         signing_lineage = ctx.file.debug_signing_lineage_file,
         signing_key_rotation_min_sdk = ctx.attr.key_rotation_min_sdk,
+        keystore_signing_password = ctx.attr.keystore_signing_password,
         deterministic_signing = False,
         java_toolchain = common.get_java_toolchain(ctx),
         deploy_info_writer = get_android_toolchain(ctx).deploy_info_writer.files_to_run,

rules/apk_packaging.bzl

@@ -54,6 +54,7 @@ def _process(
         signing_keys = [],
         signing_lineage = None,
         signing_key_rotation_min_sdk = None,
+        keystore_signing_password = "android",
         stamp_signing_key = None,
         deterministic_signing = False,
         java_toolchain = None,
@@ -84,6 +85,7 @@ def _process(
         signing_keys: Sequence of Files. The keystores to be used to sign the APK.
         signing_lineage: File. The signing lineage for signing_keys.
         signing_key_rotation_min_sdk: The minimum API version for signing the APK with key rotation.
+        signing_password: String. The password for the signing keystores. Defaults to "android".
         stamp_signing_key: File. The keystore to be used to sign the APK with stamp signing.
         deterministic_signing: Boolean. Whether to enable deterministic DSA signing.
         java_toolchain: The JavaToolchain target.
@@ -136,6 +138,7 @@ def _process(
         out_apk = signed_apk,
         in_apk = zipaligned_apk,
         signing_keys = signing_keys,
+        keystore_signing_password = keystore_signing_password,
         stamp_signing_key = stamp_signing_key,
         deterministic_signing = deterministic_signing,
         signing_lineage = signing_lineage,
@@ -320,6 +323,7 @@ def _sign_apk(
         out_apk,
         in_apk,
         signing_keys = [],
+        keystore_signing_password = "android",
         stamp_signing_key = None,
         deterministic_signing = True,
         signing_lineage = None,
@@ -351,7 +355,7 @@ def _sign_apk(
         if i > 0:
             args.add("--next-signer")
         args.add("--ks", signing_keys[i])
-        args.add("--ks-pass", "pass:android")
+        args.add("--ks-pass", "pass:{keystore_signing_password}".format(keystore_signing_password = keystore_signing_password))
 
     args.add("--v1-signing-enabled", ctx.fragments.android.apk_signing_method_v1)
     args.add("--v1-signer-name", "CERT")
@@ -371,7 +375,7 @@ def _sign_apk(
         inputs.append(stamp_signing_key)
         args.add("--stamp-signer")
         args.add("--ks", stamp_signing_key)
-        args.add("--ks-pass", "pass:android")
+        args.add("--ks-pass", "pass:{keystore_signing_password}".format(keystore_signing_password = keystore_signing_password))
 
     args.add("--out", out_apk)
     args.add(in_apk)