add "EXTERNAL" as special value of LOCAL_CERTIFICATE
Setting LOCAL_CERTIFICATE to "EXTERNAL" now marks an apk (either a
prebuilt or otherwise) as needing the default test key within the
system, but one that should be signed after the target_files is
produced but before sign_target_files_apks does the rest of the
signing. (We use this to ship apps on the system that are signed by
third parties, like Facebook.)
diff --git a/core/package.mk b/core/package.mk
index d92a8b8..70f10e0 100644
--- a/core/package.mk
+++ b/core/package.mk
@@ -244,6 +244,15 @@
ifeq ($(LOCAL_CERTIFICATE),)
LOCAL_CERTIFICATE := testkey
endif
+
+ifeq ($(LOCAL_CERTIFICATE),EXTERNAL)
+ # The special value "EXTERNAL" means that we will sign it with the
+ # default testkey, apply predexopt, but then expect the final .apk
+ # (after dexopting) to be signed by an outside tool.
+ LOCAL_CERTIFICATE := testkey
+ PACKAGES.$(LOCAL_PACKAGE_NAME).EXTERNAL_KEY := 1
+endif
+
# If this is not an absolute certificate, assign it to a generic one.
ifeq ($(dir $(strip $(LOCAL_CERTIFICATE))),./)
LOCAL_CERTIFICATE := $(SRC_TARGET_DIR)/product/security/$(LOCAL_CERTIFICATE)