summaryrefslogtreecommitdiff
path: root/apex/key.go
diff options
context:
space:
mode:
Diffstat (limited to 'apex/key.go')
-rw-r--r--apex/key.go63
1 files changed, 63 insertions, 0 deletions
diff --git a/apex/key.go b/apex/key.go
index e4214f0e0..1622c65e6 100644
--- a/apex/key.go
+++ b/apex/key.go
@@ -18,6 +18,7 @@ import (
"fmt"
"android/soong/android"
+ "github.com/google/blueprint"
"github.com/google/blueprint/proptools"
)
@@ -29,6 +30,7 @@ func init() {
func registerApexKeyBuildComponents(ctx android.RegistrationContext) {
ctx.RegisterModuleType("apex_key", ApexKeyFactory)
+ ctx.RegisterParallelSingletonModuleType("all_apex_certs", allApexCertsFactory)
}
type apexKey struct {
@@ -155,3 +157,64 @@ func writeApexKeys(ctx android.ModuleContext, module android.Module) android.Wri
android.WriteFileRuleVerbatim(ctx, path, entry.String())
return path
}
+
+var (
+ pemToDer = pctx.AndroidStaticRule("pem_to_der",
+ blueprint.RuleParams{
+ Command: `openssl x509 -inform PEM -outform DER -in $in -out $out`,
+ Description: "Convert certificate from PEM to DER format",
+ },
+ )
+)
+
+// all_apex_certs is a singleton module that collects the certs of all apexes in the tree.
+// It provides two types of output files
+// 1. .pem: This is usually the checked-in x509 certificate in PEM format
+// 2. .der: This is DER format of the certificate, and is generated from the PEM certificate using `openssl x509`
+func allApexCertsFactory() android.SingletonModule {
+ m := &allApexCerts{}
+ android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
+ return m
+}
+
+type allApexCerts struct {
+ android.SingletonModuleBase
+}
+
+func (_ *allApexCerts) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ var avbpubkeys android.Paths
+ var certificatesPem android.Paths
+ ctx.VisitDirectDeps(func(m android.Module) {
+ if apex, ok := m.(*apexBundle); ok {
+ pem, _ := apex.getCertificateAndPrivateKey(ctx)
+ if !android.ExistentPathForSource(ctx, pem.String()).Valid() {
+ if ctx.Config().AllowMissingDependencies() {
+ return
+ } else {
+ ctx.ModuleErrorf("Path %s is not valid\n", pem.String())
+ }
+ }
+ certificatesPem = append(certificatesPem, pem)
+ // avbpubkey for signing the apex payload
+ avbpubkeys = append(avbpubkeys, apex.publicKeyFile)
+ }
+ })
+ certificatesPem = android.SortedUniquePaths(certificatesPem) // For hermiticity
+ avbpubkeys = android.SortedUniquePaths(avbpubkeys) // For hermiticity
+ var certificatesDer android.Paths
+ for index, certificatePem := range certificatesPem {
+ certificateDer := android.PathForModuleOut(ctx, fmt.Sprintf("x509.%v.der", index))
+ ctx.Build(pctx, android.BuildParams{
+ Rule: pemToDer,
+ Input: certificatePem,
+ Output: certificateDer,
+ })
+ certificatesDer = append(certificatesDer, certificateDer)
+ }
+ ctx.SetOutputFiles(certificatesPem, ".pem")
+ ctx.SetOutputFiles(certificatesDer, ".der")
+ ctx.SetOutputFiles(avbpubkeys, ".avbpubkey")
+}
+
+func (_ *allApexCerts) GenerateSingletonBuildActions(ctx android.SingletonContext) {
+}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 19:33:56 +0000