1 files changed, 78 insertions, 0 deletions

diff --git a/third_party/libwebrtc/build/android/gyp/finalize_apk.py b/third_party/libwebrtc/build/android/gyp/finalize_apk.py
new file mode 100644
index 0000000000..b465f713db
--- /dev/null
+++ b/third_party/libwebrtc/build/android/gyp/finalize_apk.py
@@ -0,0 +1,78 @@
+# Copyright 2013 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+"""Signs and aligns an APK."""
+
+import argparse
+import logging
+import shutil
+import subprocess
+import sys
+import tempfile
+
+from util import build_utils
+
+
+def FinalizeApk(apksigner_path,
+                zipalign_path,
+                unsigned_apk_path,
+                final_apk_path,
+                key_path,
+                key_passwd,
+                key_name,
+                min_sdk_version,
+                warnings_as_errors=False):
+  # Use a tempfile so that Ctrl-C does not leave the file with a fresh mtime
+  # and a corrupted state.
+  with tempfile.NamedTemporaryFile() as staging_file:
+    if zipalign_path:
+      # v2 signing requires that zipalign happen first.
+      logging.debug('Running zipalign')
+      zipalign_cmd = [
+          zipalign_path, '-p', '-f', '4', unsigned_apk_path, staging_file.name
+      ]
+      build_utils.CheckOutput(zipalign_cmd,
+                              print_stdout=True,
+                              fail_on_output=warnings_as_errors)
+      signer_input_path = staging_file.name
+    else:
+      signer_input_path = unsigned_apk_path
+
+    sign_cmd = build_utils.JavaCmd(warnings_as_errors) + [
+        '-jar',
+        apksigner_path,
+        'sign',
+        '--in',
+        signer_input_path,
+        '--out',
+        staging_file.name,
+        '--ks',
+        key_path,
+        '--ks-key-alias',
+        key_name,
+        '--ks-pass',
+        'pass:' + key_passwd,
+    ]
+    # V3 signing adds security niceties, which are irrelevant for local builds.
+    sign_cmd += ['--v3-signing-enabled', 'false']
+
+    if min_sdk_version >= 24:
+      # Disable v1 signatures when v2 signing can be used (it's much faster).
+      # By default, both v1 and v2 signing happen.
+      sign_cmd += ['--v1-signing-enabled', 'false']
+    else:
+      # Force SHA-1 (makes signing faster; insecure is fine for local builds).
+      # Leave v2 signing enabled since it verifies faster on device when
+      # supported.
+      sign_cmd += ['--min-sdk-version', '1']
+
+    logging.debug('Signing apk')
+    build_utils.CheckOutput(sign_cmd,
+                            print_stdout=True,
+                            fail_on_output=warnings_as_errors)
+    shutil.move(staging_file.name, final_apk_path)
+    # TODO(crbug.com/1174969): Remove this once Python2 is obsoleted.
+    if sys.version_info.major == 2:
+      staging_file.delete = False
+    else:
+      staging_file._closer.delete = False