[Android-tools-devel] Bug#1058331: android-platform-tools-base: additional information

Vladimir Petko vpa1977 at gmail.com
Thu Mar 7 20:47:35 GMT 2024 

Package: android-platform-tools-base
Followup-For: Bug #1058331
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Control: tags -1 patch

Dear Maintainer,

I apologise for submitting it as a debdiff, salsa repository appears to be out
of date.

The attached patch resolves ftbfs due to the internal sun.security and
BouncyCastle API changes.

In Ubuntu, the attached patch was applied to achieve the following:

  * Resolve the failure to build from source (LP: #2056088):
    - d/p/{der-output-stream.patch, add-exports.patch}: sun.security
      PKCS7 class now only supports encoding to DerOutputStream.
      Explicitly instantiate it.
    - d/p/bouncycastle177-compat.patch: use ASN1OutputStream instead
      of remove DerOutputStream.


Thanks for considering the patch.


-- System Information:
Debian Release: trixie/sid
  APT prefers mantic-updates
  APT policy: (500, 'mantic-updates'), (500, 'mantic-security'), (500, 'mantic'), (100, 'mantic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.5.0-21-generic (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-------------- next part --------------
diff -Nru android-platform-tools-base-2.2.2/debian/patches/add-exports.patch android-platform-tools-base-2.2.2/debian/patches/add-exports.patch
--- android-platform-tools-base-2.2.2/debian/patches/add-exports.patch	2023-02-03 03:01:58.000000000 +1300
+++ android-platform-tools-base-2.2.2/debian/patches/add-exports.patch	2024-03-06 13:16:37.000000000 +1300
@@ -5,7 +5,7 @@
  }
  
 +compileJava {
-+    options.compilerArgs << '--add-exports' << 'java.base/sun.security.pkcs=ALL-UNNAMED' << '--add-exports' << 'java.base/sun.security.x509=ALL-UNNAMED'
++    options.compilerArgs << '--add-exports' << 'java.base/sun.security.pkcs=ALL-UNNAMED' << '--add-exports' << 'java.base/sun.security.x509=ALL-UNNAMED' << '--add-exports' << 'java.base/sun.security.util=ALL-UNNAMED'
 +}
 +
  task initSdkForTests(type: JavaExec) {
diff -Nru android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch
--- android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch	1970-01-01 12:00:00.000000000 +1200
+++ android-platform-tools-base-2.2.2/debian/patches/bouncycastle177-compat.patch	2024-03-06 13:16:37.000000000 +1300
@@ -0,0 +1,57 @@
+Description: bouncycastle 1.77 compatibility patch
+ Remove usages of DerOutputStream that is no longer public.
+Author: Vladimir Petko <vladimir.petko at canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/debian/+source/android-platform-tools-base/+bug/2056088
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058331
+Forwarded: not-needed
+Last-Update: 2024-03-06
+
+--- a/build-system/builder/src/main/java/com/android/builder/internal/packaging/sign/SignatureExtension.java
++++ b/build-system/builder/src/main/java/com/android/builder/internal/packaging/sign/SignatureExtension.java
+@@ -29,7 +29,8 @@
+ 
+ import org.apache.commons.codec.binary.Base64;
+ import org.bouncycastle.asn1.ASN1InputStream;
+-import org.bouncycastle.asn1.DEROutputStream;
++import org.bouncycastle.asn1.ASN1OutputStream;
++import org.bouncycastle.asn1.ASN1Encoding;
+ import org.bouncycastle.cert.jcajce.JcaCertStore;
+ import org.bouncycastle.cms.CMSException;
+ import org.bouncycastle.cms.CMSProcessableByteArray;
+@@ -610,12 +611,12 @@
+         /*
+          * DEROutputStream is not closeable! OMG!
+          */
+-        DEROutputStream dos = null;
++        ASN1OutputStream dos = null;
+         try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
+-            dos = new DEROutputStream(outputBytes);
++            dos = ASN1OutputStream.create(outputBytes, ASN1Encoding.DER);
+             dos.writeObject(asn1.readObject());
+ 
+-            DEROutputStream toClose = dos;
++            ASN1OutputStream toClose = dos;
+             dos = null;
+             toClose.close();
+         } catch (IOException e) {
+--- a/build-system/builder/src/main/java/com/android/builder/signing/SignedJarApkCreator.java
++++ b/build-system/builder/src/main/java/com/android/builder/signing/SignedJarApkCreator.java
+@@ -33,7 +33,8 @@
+ import com.google.common.io.Files;
+ 
+ import org.bouncycastle.asn1.ASN1InputStream;
+-import org.bouncycastle.asn1.DEROutputStream;
++import org.bouncycastle.asn1.ASN1OutputStream;
++import org.bouncycastle.asn1.ASN1Encoding;
+ import org.bouncycastle.cert.jcajce.JcaCertStore;
+ import org.bouncycastle.cms.CMSException;
+ import org.bouncycastle.cms.CMSProcessableByteArray;
+@@ -400,7 +401,7 @@
+         CMSSignedData sigData = gen.generate(data, false);
+ 
+         try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
+-            DEROutputStream dos = new DEROutputStream(mOutputJar);
++            ASN1OutputStream dos = ASN1OutputStream.create(mOutputJar, ASN1Encoding.DER);
+             try {
+                 dos.writeObject(asn1.readObject());
+             } finally {
diff -Nru android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch
--- android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch	1970-01-01 12:00:00.000000000 +1200
+++ android-platform-tools-base-2.2.2/debian/patches/der-output-stream.patch	2024-03-06 13:16:37.000000000 +1300
@@ -0,0 +1,30 @@
+Description: workaround removal of pkcs7.encodeSignedData(OutputStream)
+  pkcs7.encodeSignedData(OutputStream) was removed in Java 21.
+  Explicitly instantiate DerOutputStream to encode pkcs7 contents.
+Author: Vladimir Petko <vladimir.petko at canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/debian/+source/android-platform-tools-base/+bug/2056088
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058331
+Forwarded: not-needed
+Last-Update: 2024-03-06
+
+--- a/sdklib/src/main/java/com/android/sdklib/internal/build/SignedJarBuilder.java
++++ b/sdklib/src/main/java/com/android/sdklib/internal/build/SignedJarBuilder.java
+@@ -25,6 +25,7 @@
+ import sun.security.pkcs.SignerInfo;
+ import sun.security.x509.AlgorithmId;
+ import sun.security.x509.X500Name;
++import sun.security.util.DerOutputStream;
+
+ import java.io.BufferedOutputStream;
+ import java.io.ByteArrayOutputStream;
+@@ -394,6 +395,9 @@
+                 new X509Certificate[] { publicKey },
+                 new SignerInfo[] { signerInfo });
+
+-        pkcs7.encodeSignedData(mOutputJar);
++        try (DerOutputStream derout = new DerOutputStream()) {
++            pkcs7.encodeSignedData(derout);
++            mOutputJar.write(derout.toByteArray());
++        }
+     }
+ }
diff -Nru android-platform-tools-base-2.2.2/debian/patches/series android-platform-tools-base-2.2.2/debian/patches/series
--- android-platform-tools-base-2.2.2/debian/patches/series	2023-02-03 03:01:58.000000000 +1300
+++ android-platform-tools-base-2.2.2/debian/patches/series	2024-03-06 13:16:37.000000000 +1300
@@ -22,3 +22,5 @@
 ecj-compatibility.patch
 asm-dependency.patch
 add-exports.patch
+der-output-stream.patch
+bouncycastle177-compat.patch

More information about the Android-tools-devel mailing list