| 284e45ac09cb9b58a4bf3274fb28398074a3bd1b |
|
23-Mar-2016 |
Alex Klyubin <klyubin@google.com> |
Fix bug in APK entry alignment.
APK entry alignment logic assumes that input entries have zero-length
comment and extra fields. When the assumption is broken, the logic
silently breaks alignment of output entries. This happens, for
example, when the APK to be signed is already aligned and thus may
contain entries with non-empty extra fields.
Given that APKs are not supposed to use comment and extra fields for
anything useful and given that this signer already discards comment
and extra fields of compressed entries, this change makes the signer
discard comment and extra fields of STORED input entries as well.
This unbreaks the existing alignment logic.
Bug: 27814973
(cherry picked from commit 37a0ecd32935685151f0cfb5a5466e6e360a0b8f)
Change-Id: If2e0df6d3298e9736ef175bb0d9a05d450164c9f
|
| b9f720a18b2cc06e61c05b9427acbc043523c6d1 |
|
09-Feb-2016 |
Alex Klyubin <klyubin@google.com> |
Use Jan 1 2009 as timestamp in OTA update ZIPs.
This is a follow-up to 6c41036bcf35fe39162b50d27533f0f3bfab3028 where
I forgot to update a section of OTA update ZIP code.
Bug: 26864066
(cherry picked from commit f735851fa95ea7b372ab4245a7b583667efb4ea9)
Change-Id: I4f85ce170ac72d13a9c8636414927a295e350458
|
| 6c41036bcf35fe39162b50d27533f0f3bfab3028 |
|
29-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Use Jan 1 2009 as timestamp in APKs and OTA update ZIPs.
Previously, the timestamp was one hour ahead of NotBefore of the
signer's certificate, adjusted for the current timezone. With this
change the MS-DOS timestamp in output APK/ZIP files is
Jan 1 2009 00:00:00.
Bug: 26864066
Change-Id: Id6263c38ac7042489ab695454f8e0fb2d85a3958
|
| dd910c5945272e9820dfd9d7798ba32aa7dfc73f |
|
02-Dec-2015 |
Alex Klyubin <klyubin@google.com> |
Make signapk sign using APK Signature Scheme v2.
APKs are now signed with the usual JAR signature scheme and then
with the APK Signature Scheme v2.
APK Signature Scheme v2 is a whole-file signature scheme which aims
to protect every single bit of the APK as opposed to the JAR signature
scheme which protects only the names and uncompressed contents of ZIP
entries.
The two main goals of APK Signature Scheme v2 are:
1. Detect any unauthorized modifications to the APK. This is achieved
by making the signature cover every byte of the APK being signed.
2. Enable much faster signature and integrity verification. This is
achieved by requiring only a minimal amount of APK parsing before
the signature is verified, thus completely bypassing ZIP entry
decompression and by making integrity verification parallelizable
by employing a hash tree.
Bug: 25794543
Change-Id: I275d2a6d0a98504891985309b9dfff2e0e44b878
|
| 9b54a565c9ffd1e8ed0c3434ede022d9501eaa80 |
|
20-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Command-line flag to disable signing with APK Signature Scheme v2.
This change makes signapk not reject the --disable-v2 command-line
flag which may be used by build scripts in some branches. The flag
is currently ignored.
This change is landed separately from the actual support for APK
Signature Scheme v2 because of unbundled branches which use prebuilt
versions of signapk.
Bug: 25794543
Change-Id: I900966244b8b6296b1f443bf98830cc7f7cc81a8
|
| c2c49ed0c13846f7f96249c7419971dfcddc9215 |
|
11-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Unconditionally use SHA-256 when minSdkVersion is 18 or higher.
SHA-1 is deprecated, but the replacement SHA-256 is only supported
for JAR/APK and OTA update package signatures on API Level 18 and
newer. This change thus adds a --min-sdk-version command-line
parameter to signapk. When this parameter is set to 18 or higher,
SHA-256 is used instead of SHA-1. When the parameter is not provided,
SHA-1 is used same as before.
This change also removes any other digests from the MANIFEST.MF.
This is to ignore any MANIFEST.MF digests already there in the APK,
such as when re-signing an already signed APK.
Build scripts will be modified to provide the --min-sdk-version
parameter in a follow-up change. This is not done in this change
because of prebuilts which require a prebuilt version of signapk
to support this parameter before the build scripts can be modified.
Bug: 25643280
Change-Id: I6a2782e465600fe2a3ad0c10bd80db2b80a6fb76
|
| 8502937cff58c036a2ac05671e1e46d1cbb46425 |
|
12-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
List SHA-1 digests of APK entries' contents in .SF files.
Due to a bug introduced in 8562fd478d7f1b1b693de5db67928f1993522c0a
SHA-1 digests of APK entries' contents were listed under wrong
attribute name. The effect is equivalent to not listing SHA-1
digests.
This change fix the issue by listing SHA-1 digests under the correct
attribute name. However, these digests are not that useful because:
(1) typically the digest of the MANIFEST.MF verifies and thus the
per-entry digests are ignored, and (2) per-entry digests of entries
with names longer than 64 characters are wrong in any case because the
digest generation code does not take into account that such names are
split over multiple lines.
An alternative to this change would be to completely omit outputting
per-entry sections of .SF files, thus saving space and speeding up APK
verification (.SF files would decompress faster).
Bug: 26513901
Change-Id: If95d58e9baa62b1113639fe70724e1e9c9f4e15c
|
| fe7c1e59d15c9fd3f5f28ef555926547e26b8640 |
|
15-Dec-2015 |
Alex Klyubin <klyubin@google.com> |
Move signapk sources to src dir.
This also makes source files follow the standard directory structure
based on Java package names.
Bug: 25794543
Change-Id: Ie0b568057f836e56407f76d29eeacd28ab907ba8
|