Skip to content
This repository has been archived by the owner on Jul 22, 2024. It is now read-only.

Commit

Permalink
Support v1 signing for Oculus Go APK
Browse files Browse the repository at this point in the history
  • Loading branch information
bluemarvin committed Nov 7, 2019
1 parent 3a5a1bc commit 23c3811
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 12 deletions.
3 changes: 2 additions & 1 deletion .taskcluster.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,8 @@ tasks:
&& cp tools/gradle/taskcluster.properties ./user.properties
&& ./gradlew --no-daemon --console=plain clean `python tools/taskcluster/build_targets.py ${event.release.tag_name}`
&& python tools/taskcluster/fetch_secret.py -s project/firefoxreality/fr/release-signing-token -o token -n token
&& python tools/taskcluster/sign_apk.py -t token -r
&& python tools/taskcluster/fetch_secret.py -s project/firefoxreality/fr/staging-signing-token -o v1token -n v1
&& python tools/taskcluster/sign_apk.py -t token -c v1token -r
&& python tools/taskcluster/archive_debug_apk.py
&& . tools/taskcluster/upload_symbols.sh
artifacts:
Expand Down
56 changes: 45 additions & 11 deletions tools/taskcluster/sign_apk.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,28 @@
import subprocess
import sys

v1_platforms = {
'oculusvr3dofstore',
}

def main(name, argv):
token = ''
v1_token = ''
sign_url = 'https://edge.stage.autograph.services.mozaws.net/sign'
release = False
feature_name = ""
feature_name = ''
try:
opts, args = getopt.getopt(argv,"hrt:f:")
opts, args = getopt.getopt(argv,"hrt:c:f:")
except getopt.GetoptError:
print name + ' -t <token file name> -r -f <feature name>'
print name + ' -t <token file name> -c <v1 token file name> -r -f <feature name>'
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
print name + ' -t <token file name> -r -f <feature name>'
print name + ' -t <token file name> -c <v1 token file name> -r -f <feature name>'
sys.exit()
elif opt in ("-c"):
with open(arg, 'r') as tokenfile:
v1_token = tokenfile.read().rstrip()
elif opt in ("-t"):
with open(arg, 'r') as tokenfile:
token = tokenfile.read().rstrip()
Expand All @@ -34,30 +42,56 @@ def main(name, argv):
elif opt in ('-f'):
feature_name = arg.replace('/','-') + '-'

if not release and v1_token != '':
print "Warning, v1 signing is only supported in production"

build_output_path = './app/build/outputs/apk'

# Create folder for saving build artifacts
artifacts_path = './builds'
if not os.path.exists(artifacts_path):
os.makedirs(artifacts_path)

# Sign APKs
for apk in glob.glob(build_output_path + "/*/*/*-unsigned.apk"):
print "=" * 80
cred = token
target = apk.replace('-unsigned', '-signed')
align = False

if not release:
target = target.replace('-release-', '-staging-' + feature_name)
else:
for platform in v1_platforms:
if platform in target.lower():
print "Using v1 signing on target:", target
cred = v1_token
align = True

print "Signing", apk
print "Target ", target
print subprocess.check_output([
"curl",
"-F", "input=@" + apk,
"-o", target,
"-H", "Authorization: " + token,
sign_url])
cmd = ["curl", "-F", "input=@" + apk, "-o", target, "-H", "Authorization: " + cred, sign_url]

try:
print subprocess.check_output(cmd)
except subprocess.CalledProcessError as err:
cmd = ' '.join(err.cmd).replace(cred, "XXX")
print "Signing apk failed:", cmd
print "Output:", err.output
sys.exit(err.returncode)

if align:
split = os.path.splitext(target)
orig = target;
target = split[0] + "-aligned" + split[1]
print subprocess.check_output(["zipalign", "-f", "-v", "-p", "4", orig, target])

print "Verifying", target
print subprocess.check_output(['apksigner', 'verify', target])
print subprocess.check_output(['apksigner', 'verify', '--verbose', target])
print "Archiving", target
os.rename(target, artifacts_path + "/" + os.path.basename(target))
print "=" * 80
print "Done Signing"

if __name__ == "__main__":
main(sys.argv[0], sys.argv[1:])

0 comments on commit 23c3811

Please sign in to comment.