diff options
author | Juho Kim <juhokim@google.com> | 2023-04-05 04:06:59 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2023-04-05 04:06:59 +0000 |
commit | 9ac4c809fb1cb0f863357e9e54eabe24016483ac (patch) | |
tree | 71a6f3bd2c5414c1237e9eab114da355870f9e71 /rules | |
parent | b034aef7853fa49e57f8e9b72ae9c7825c154c55 (diff) | |
parent | 36396c328a8324b6b9ebc8cdd404d2575928336c (diff) | |
download | bazel-9ac4c809fb1cb0f863357e9e54eabe24016483ac.tar.gz |
Merge "Revert "Read the default certificate in a transition-friendly way""
Diffstat (limited to 'rules')
-rw-r--r-- | rules/android/android_app_certificate.bzl | 108 | ||||
-rw-r--r-- | rules/android/android_binary.bzl | 5 | ||||
-rw-r--r-- | rules/apex/apex.bzl | 7 |
3 files changed, 42 insertions, 78 deletions
diff --git a/rules/android/android_app_certificate.bzl b/rules/android/android_app_certificate.bzl index 8b9f2422..8ffa0055 100644 --- a/rules/android/android_app_certificate.bzl +++ b/rules/android/android_app_certificate.bzl @@ -13,7 +13,7 @@ # limitations under the License. load("@bazel_skylib//lib:paths.bzl", "paths") -load("//build/bazel/product_config:product_variables_providing_rule.bzl", "ProductVariablesDepsInfo", "ProductVariablesInfo") +load("@soong_injection//product_config:product_variables.bzl", "product_vars") AndroidAppCertificateInfo = provider( "Info needed for Android app certificates", @@ -53,76 +53,46 @@ def android_app_certificate( ) default_cert_directory = "build/make/target/product/security" +_default_cert_package = "//" + default_cert_directory -def _android_app_certificate_with_default_cert_impl(ctx): - product_var_cert = ctx.attr._product_variables[ProductVariablesInfo].DefaultAppCertificate - - cert_name = ctx.attr.cert_name +# Set up the android_app_certificate dependency pointing to the .pk8 and +# .x509.pem files in the source tree. +# +# Every caller who use this function will have their own android_app_certificate +# target, even if the underlying certs are shared by many. +# +# If cert_name is used, then it will be looked up from the app certificate +# package as determined by the DefaultAppCertificate variable, or the hardcoded +# directory. +# +# Otherwise, if the DefaultAppCertificate variable is used, then an +# android_app_certificate target will be created to point to the path value, and +# the .pk8 and .x509.pem suffixes are added automatically. +# +# Finally (cert_name not used AND DefaultAppCertificate not specified), use the +# testkey. +def android_app_certificate_with_default_cert(name, cert_name = None): + default_cert = product_vars.get("DefaultAppCertificate") - if cert_name and product_var_cert: - cert_dir = paths.dirname(product_var_cert) + if cert_name and default_cert: + certificate = "".join(["//", paths.dirname(default_cert), ":", cert_name]) elif cert_name: - cert_dir = default_cert_directory - elif product_var_cert: - cert_name = paths.basename(product_var_cert) - cert_dir = paths.dirname(product_var_cert) + # if a specific certificate name is given, check the default directory + # for that certificate. + certificate = _default_cert_package + ":" + cert_name + elif default_cert: + # This assumes that there is a BUILD file marking the directory of + # the default cert as a package. + certificate = "".join([ + "//", + paths.dirname(default_cert), + ":", + paths.basename(default_cert), + ]) else: - cert_name = "testkey" - cert_dir = default_cert_directory - - if cert_dir != default_cert_directory: - cert_files_to_search = ctx.attr._product_variables[ProductVariablesDepsInfo].DefaultAppCertificateFiles - else: - cert_files_to_search = ctx.files._hardcoded_certs - - pk8 = None - pem = None - for file in cert_files_to_search: - if file.basename == cert_name + ".pk8": - pk8 = file - elif file.basename == cert_name + ".x509.pem": - pem = file - if not pk8 or not pem: - fail("Could not find .x509.pem and/or .pk8 file with name '%s' in package '%s'" % (cert_name, cert_dir)) - - return [ - AndroidAppCertificateInfo( - pk8 = pk8, - pem = pem, - key_name = "//" + cert_dir + ":" + cert_name, - ), - ] + certificate = _default_cert_package + ":testkey" -android_app_certificate_with_default_cert = rule( - doc = """ - This rule is the equivalent of an android_app_certificate, but uses the - certificate with the given name from a certain folder, or the default - certificate. - - Modules can give a simple name of a certificate instead of a full label to - an android_app_certificate. This certificate will be looked for either in - the package determined by the DefaultAppCertificate product config variable, - or the hardcoded default directory. (build/make/target/product/security) - - If a name is not given, it will fall back to using the certificate termined - by DefaultAppCertificate. (DefaultAppCertificate can function as both the - default certificate to use if none is specified, and the folder to look for - certificates in) - - If neither the name nor DefaultAppCertificate is given, - build/make/target/product/security/testkey.{pem,pk8} will be used. - - Since this rule is intended to be used from other macros, it's common to have - multiple android_app_certificate targets pointing to the same pem/pk8 files. - """, - implementation = _android_app_certificate_with_default_cert_impl, - attrs = { - "cert_name": attr.string(), - "_product_variables": attr.label( - default = "//build/bazel/product_config:product_vars", - ), - "_hardcoded_certs": attr.label( - default = "//build/make/target/product/security:android_certificate_directory", - ), - }, -) + android_app_certificate( + name = name, + certificate = certificate, + ) diff --git a/rules/android/android_binary.bzl b/rules/android/android_binary.bzl index 1b30efd7..4e96deac 100644 --- a/rules/android/android_binary.bzl +++ b/rules/android/android_binary.bzl @@ -77,10 +77,7 @@ def android_binary( if certificate or certificate_name: if certificate_name: app_cert_name = name + "_app_certificate" - android_app_certificate_with_default_cert( - name = app_cert_name, - cert_name = certificate_name, - ) + android_app_certificate_with_default_cert(app_cert_name, certificate_name) certificate = ":" + app_cert_name app_keystore_name = name + "_keystore" diff --git a/rules/apex/apex.bzl b/rules/apex/apex.bzl index 3f033d91..7bebca4b 100644 --- a/rules/apex/apex.bzl +++ b/rules/apex/apex.bzl @@ -1014,16 +1014,13 @@ def apex( app_cert_name = name + "_app_certificate" if certificate_name: # use the name key in the default cert dir - android_app_certificate_with_default_cert( - name = app_cert_name, - cert_name = certificate_name, - ) + android_app_certificate_with_default_cert(app_cert_name, certificate_name) certificate_label = ":" + app_cert_name elif certificate: certificate_label = certificate else: # use the default testkey - android_app_certificate_with_default_cert(name = app_cert_name) + android_app_certificate_with_default_cert(app_cert_name) certificate_label = ":" + app_cert_name target_compatible_with = select({ |