Bug 1234629 - Part 2: Fail packaging if bouncer APK and main APK have different permissions. r=gps
☠☠ backed out by 1836c1f9ef19 ☠ ☠
authorNick Alexander <nalexander@mozilla.com>
Wed, 27 Jan 2016 14:34:46 -0800
changeset 283256 50bcadca213183aaa64e39632892b8f00957dcfc
parent 283255 aaa420ed66d754ecc17b19f5a12297d24371f1ca
child 283257 f80912ecfa87584394d22e28ed09e68c182d1b35
push id71491
push userphilringnalda@gmail.com
push dateSat, 06 Feb 2016 03:42:29 +0000
treeherdermozilla-inbound@3c3e39e9becc [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgps
bugs1234629
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1234629 - Part 2: Fail packaging if bouncer APK and main APK have different permissions. r=gps This isn't sensible for b2gdroid, but that project should never enable the bouncer APK anyway.
toolkit/mozapps/installer/upload-files.mk
--- a/toolkit/mozapps/installer/upload-files.mk
+++ b/toolkit/mozapps/installer/upload-files.mk
@@ -335,19 +335,30 @@ INNER_ROBOCOP_PACKAGE= \
 endif
 else
 INNER_ROBOCOP_PACKAGE=echo 'Testing is disabled - No Android Robocop for you'
 endif
 
 ifdef MOZ_ANDROID_PACKAGE_INSTALL_BOUNCER
 UPLOAD_EXTRA_FILES += bouncer.apk
 
-# Package and release sign the install bouncer APK.
+bouncer_package=$(ABS_DIST)/bouncer.apk
+
+# Package and release sign the install bouncer APK.  This assumes that the main
+# APK (that is, $(PACKAGE)) has already been produced, and verifies that the
+# bouncer APK and the main APK define the same set of permissions.  The
+# intention is to avoid permission-related surprises when bouncing to the
+# installation process in the Play Store.  N.b.: sort -u is Posix and saves
+# invoking uniq separately.  diff -u is *not* Posix, so we only add -c.
 INNER_INSTALL_BOUNCER_PACKAGE=\
-  $(call RELEASE_SIGN_ANDROID_APK,$(topobjdir)/mobile/android/bouncer/bouncer-unsigned-unaligned.apk,$(ABS_DIST)/bouncer.apk)
+  $(call RELEASE_SIGN_ANDROID_APK,$(topobjdir)/mobile/android/bouncer/bouncer-unsigned-unaligned.apk,$(bouncer_package)) && \
+  ($(AAPT) dump permissions $(PACKAGE) | sort -u > $(PACKAGE).permissions && \
+   $(AAPT) dump permissions $(bouncer_package) | sort -u > $(bouncer_package).permissions && \
+   diff -c $(PACKAGE).permissions $(bouncer_package).permissions || \
+   (echo "*** Error: The permissions of the bouncer package differ from the permissions of the main package.  Ensure the bouncer and main package Android manifests agree, rebuild mobile/android, and re-package." && exit 1))
 else
 INNER_INSTALL_BOUNCER_PACKAGE=echo 'Install bouncer is disabled - No trampolines for you'
 endif # MOZ_ANDROID_PACKAGE_INSTALL_BOUNCER
 
 # Create geckoview_library/geckoview_{assets,library}.zip for third-party GeckoView consumers.
 ifdef NIGHTLY_BUILD
 ifndef MOZ_DISABLE_GECKOVIEW
 INNER_MAKE_GECKOVIEW_LIBRARY= \