Bug 1234629 - Part 2: Fail packaging if bouncer APK and main APK have different permissions. r=gps a=sylvestre
☠☠ backed out by 8fb854b34485 ☠ ☠
authorNick Alexander <nalexander@mozilla.com>
Wed, 27 Jan 2016 14:34:46 -0800
changeset 318819 5a115360df4a3ff1ce2f25909cd01344821cfb95
parent 318818 39510228f2b40b6ab267ce14725212e7644ba002
child 318820 c92a29c9f8b32bbd80f01e26c302ce27769ee3b1
push id1079
push userjlund@mozilla.com
push dateFri, 15 Apr 2016 21:02:33 +0000
treeherdermozilla-release@575fbf6786d5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgps, sylvestre
bugs1234629
milestone46.0a2
Bug 1234629 - Part 2: Fail packaging if bouncer APK and main APK have different permissions. r=gps a=sylvestre This isn't sensible for b2gdroid, but that project should never enable the bouncer APK anyway.
toolkit/mozapps/installer/upload-files.mk
--- a/toolkit/mozapps/installer/upload-files.mk
+++ b/toolkit/mozapps/installer/upload-files.mk
@@ -341,19 +341,30 @@ INNER_ROBOCOP_PACKAGE= \
 endif
 else
 INNER_ROBOCOP_PACKAGE=echo 'Testing is disabled - No Android Robocop for you'
 endif
 
 ifdef MOZ_ANDROID_PACKAGE_INSTALL_BOUNCER
 UPLOAD_EXTRA_FILES += bouncer.apk
 
-# Package and release sign the install bouncer APK.
+bouncer_package=$(ABS_DIST)/bouncer.apk
+
+# Package and release sign the install bouncer APK.  This assumes that the main
+# APK (that is, $(PACKAGE)) has already been produced, and verifies that the
+# bouncer APK and the main APK define the same set of permissions.  The
+# intention is to avoid permission-related surprises when bouncing to the
+# installation process in the Play Store.  N.b.: sort -u is Posix and saves
+# invoking uniq separately.  diff -u is *not* Posix, so we only add -c.
 INNER_INSTALL_BOUNCER_PACKAGE=\
-  $(call RELEASE_SIGN_ANDROID_APK,$(topobjdir)/mobile/android/bouncer/bouncer-unsigned-unaligned.apk,$(ABS_DIST)/bouncer.apk)
+  $(call RELEASE_SIGN_ANDROID_APK,$(topobjdir)/mobile/android/bouncer/bouncer-unsigned-unaligned.apk,$(bouncer_package)) && \
+  ($(AAPT) dump permissions $(PACKAGE) | sort -u > $(PACKAGE).permissions && \
+   $(AAPT) dump permissions $(bouncer_package) | sort -u > $(bouncer_package).permissions && \
+   diff -c $(PACKAGE).permissions $(bouncer_package).permissions || \
+   (echo "*** Error: The permissions of the bouncer package differ from the permissions of the main package.  Ensure the bouncer and main package Android manifests agree, rebuild mobile/android, and re-package." && exit 1))
 else
 INNER_INSTALL_BOUNCER_PACKAGE=echo 'Install bouncer is disabled - No trampolines for you'
 endif # MOZ_ANDROID_PACKAGE_INSTALL_BOUNCER
 
 # Create geckoview_library/geckoview_{assets,library}.zip for third-party GeckoView consumers.
 ifdef NIGHTLY_BUILD
 ifndef MOZ_DISABLE_GECKOVIEW
 INNER_MAKE_GECKOVIEW_LIBRARY= \