9b75e272b6bbcc79dcdf8eef0524a30872c84ef6 |
|
13-Dec-2016 |
Alex Klyubin <klyubin@google.com> |
Faster auto-detection of APK's minSdkVersion Prior to this change, when signing APKs, the build system invoked 'aapt dump badging' on each APK, to detect the value to pass into signapk as --min-sdk-version. Now that signapk uses the apksig library, it can auto-detect that value on its own, thus avoiding the need to invoke 'aapt dump badging' and thus speeding up the build process. The semantics of signapk's --min-sdk-version flag is changed by this commit from having the default value of 0 to having the default value of "auto-detect from APK". P.S. The get-package-min-sdk-version-int is not removed from core/definitions.mk in this commnit, because this function is used in another project's .mk file and thus that .mk file needs to be modified first. Test: rm -Rf out/ && make Change-Id: I0972fcf0abbde9cbf6794e6c05c743c77c8a78f9
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
969e354b1f5c83f22ba1727da19d3b803c7b3fcc |
|
07-Sep-2016 |
Alex Klyubin <klyubin@google.com> |
"SignApk" in Created-By header The switch to apksig changed the Created-By header value in .SF file from "1.0 (Android SignApk)" to "1.0 (Android apksigner)". This commit reverts the value back to "1.0 (Android SignApk)". Change-Id: I2fc462cade40a5b31bb6191996fd6f18fabbf08f
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
1b09a508bae3158c8496b9cf26d35910fae7954f |
|
07-Jul-2016 |
Alex Klyubin <klyubin@google.com> |
Move apksigner library to tools/apksig. This moves build/tools/apksigner/core to its own project tools/apksig. The move also renames the moved Java packages from com.android.apksigner.core.* to com.android.apksig.* to reflect the new name of the library. Bug: 27461702 Change-Id: Iab812ae2b8f0a741014f842460c78e35bc249d43
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
d4761a19b884d69c684c34ec0e5b74aaba2cfe95 |
|
14-Jun-2016 |
Alex Klyubin <klyubin@google.com> |
Faster and cleaner way to obtain UTF-8 encoded form. Instead of specifying character encoding by name, the faster, cleaner, and safer way is to use StandardCharsets.UTF_8. Bug: 27461702 Change-Id: I897284d3ceeb44a21cc74de09a9b25f6aec8c205
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
ab2a3b0061f26ebc95bc320fcfac316ccf14f567 |
|
12-Jun-2016 |
Alex Klyubin <klyubin@google.com> |
Fix inefficiency in APK entry data alignment. 26f00cda4b979d7e74db6872990682335b36612b introduced a bug where an APK entry's extra field is padded for alignment purposes when no padding is necessary because the entry is aligned without any padding bytes. Bug: 27461702 Change-Id: Icb164dbaa26d9686412e2920318a9f40c5ce9751
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
fa1da6c3114d9f0c0cd0e27025c07f73f1810b76 |
|
27-May-2016 |
Alex Klyubin <klyubin@google.com> |
Switch signapk to apksigner-core. This switches signapk's APK signing from its own signing logic to that offered by apksigner-core library. OTA update package signing logic remains inside signapk codebase. Bug: 27461702 Change-Id: Ibf8435c555fe3f2b621d5189e7ae44f79082c810
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
26f00cda4b979d7e74db6872990682335b36612b |
|
23-May-2016 |
Alex Klyubin <klyubin@google.com> |
Store entry alignment information in APK. Data of uncompressed APK entries is often aligned to a multiple of 4 or 4096 in the APK to make it easier to mmap the data. Unfortunately, the current method for achieving alignment suffers from two issues: (1) the way it uses the Local File Header extra field is not compliant with ZIP format (for example, this prevents older versions of Python's zipfile from reading APKs: https://bugs.python.org/issue14315), and (2) it does not store information about the alignment multiple in the APK, making it harder/impossible to preserve the intended alignment when rearranging entries in the APK. This change solves these issues by switching to a different method for aligning data of uncompressed APK entries. Same as before, alignment is achieved using Local File Header entry field. What's different is that alignment is achieved by placing a well-formed extensible data field/block into the extra field. The new field/block contains the alignment multiple (e.g., 4 or 4096) as well as the necessary padding (if any). Compared to the original alignment method, the new method uses 6 more bytes for each uncompressed entry. Bug: 27461702 Change-Id: I8cffbecc50bf634b28fca5bc39eb23f671961cf9
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
0caa16a6d1b4349654956c895aab925c9522d2cf |
|
12-May-2016 |
Alex Klyubin <klyubin@google.com> |
No need to JAR-sign OTA update packages. This removes the logic for JAR signing from -w (whole-file signing) mode. This mode is designed specifically for OTA update packages. When such packages are verified, their JAR signatures are ignored. Thus, there is no need to JAR-sign in -w mode. For context, OTA update packages are protected by a special signature residing in the ZIP End of Central Directory record (at the very end of the file). This is the signature verified when update packages are being applied to Android. Change-Id: Ia852a11ed6774ce746087cdd7f028b191ef6bc8b
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
b141ded82bef9af3c65b4192f986605f6c0dc21e |
|
04-May-2016 |
Alex Klyubin <klyubin@google.com> |
SHA-256 with ECDSA supported only on API Level 21 and higher. Turns out APK signatures using SHA-256 with ECDSA are accepted only by platforms with API Level 21 and higher, not 18 and higher. Bug: 28296599 Change-Id: I3fab5be17bf3a9bdbf4d84d90d51448027c7e761
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
3f52653abfb017a7fdc5819b28bed61f3eaf4498 |
|
25-Apr-2016 |
Alex Klyubin <klyubin@google.com> |
Separate logic for alg selection for OTA and APK signing. The rules for which digest algorithms are accepted by the Android platform for APK signatures and OTA update package signatures are different. For example, the set of digest algorithms accepted for APK signatures depends on the signing key algorithm and the platform's API Level. Whereas the set of digest algorithms accepted for OTA update package signatures by Recovery depends on the list produced by the build system, which in turn produces the list based on the key algorithm and digest used in the signing certificate. To reflect this reality, this refactoring CL explicitly separates signapk's logic for choosing the digest algorithm to use for v1 signing from its logic for choosing the digest algorithm to use for OTA update package signing. Bug: 28296599 Change-Id: Ic7aa77e89622d727e985f8749071284746be7f45
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
60817689faf7029d6073e0ebcf0c3bb9cce0cf73 |
|
07-Apr-2016 |
Alex Klyubin <klyubin@google.com> |
Remove support for DSA with SHA-512 from v2 signing. Android platform does not support DSA with SHA-512. Thus, it does not make sense to support this unsupported algorithm in APK Signature Scheme v2. Bug: 24331392 Change-Id: Ifba90ad5b11188bb968c28d9e0ed3f9cb13ce2e7
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
37a0ecd32935685151f0cfb5a5466e6e360a0b8f |
|
23-Mar-2016 |
Alex Klyubin <klyubin@google.com> |
Fix bug in APK entry alignment. APK entry alignment logic assumes that input entries have zero-length comment and extra fields. When the assumption is broken, the logic silently breaks alignment of output entries. This happens, for example, when the APK to be signed is already aligned and thus may contain entries with non-empty extra fields. Given that APKs are not supposed to use comment and extra fields for anything useful and given that this signer already discards comment and extra fields of compressed entries, this change makes the signer discard comment and extra fields of STORED input entries as well. This unbreaks the existing alignment logic. Bug: 27814973 Change-Id: I8242b037e21ba7bcf45d0fe2afc8bfc47f1ec314
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
f735851fa95ea7b372ab4245a7b583667efb4ea9 |
|
09-Feb-2016 |
Alex Klyubin <klyubin@google.com> |
Use Jan 1 2009 as timestamp in OTA update ZIPs. This is a follow-up to 6c41036bcf35fe39162b50d27533f0f3bfab3028 where I forgot to update a section of OTA update ZIP code. Bug: 26864066 Change-Id: Idbcde71d6377a16807e41c999120eeddd5b4d8a4
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
6c41036bcf35fe39162b50d27533f0f3bfab3028 |
|
29-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Use Jan 1 2009 as timestamp in APKs and OTA update ZIPs. Previously, the timestamp was one hour ahead of NotBefore of the signer's certificate, adjusted for the current timezone. With this change the MS-DOS timestamp in output APK/ZIP files is Jan 1 2009 00:00:00. Bug: 26864066 Change-Id: Id6263c38ac7042489ab695454f8e0fb2d85a3958
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
dd910c5945272e9820dfd9d7798ba32aa7dfc73f |
|
02-Dec-2015 |
Alex Klyubin <klyubin@google.com> |
Make signapk sign using APK Signature Scheme v2. APKs are now signed with the usual JAR signature scheme and then with the APK Signature Scheme v2. APK Signature Scheme v2 is a whole-file signature scheme which aims to protect every single bit of the APK as opposed to the JAR signature scheme which protects only the names and uncompressed contents of ZIP entries. The two main goals of APK Signature Scheme v2 are: 1. Detect any unauthorized modifications to the APK. This is achieved by making the signature cover every byte of the APK being signed. 2. Enable much faster signature and integrity verification. This is achieved by requiring only a minimal amount of APK parsing before the signature is verified, thus completely bypassing ZIP entry decompression and by making integrity verification parallelizable by employing a hash tree. Bug: 25794543 Change-Id: I275d2a6d0a98504891985309b9dfff2e0e44b878
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
9b54a565c9ffd1e8ed0c3434ede022d9501eaa80 |
|
20-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Command-line flag to disable signing with APK Signature Scheme v2. This change makes signapk not reject the --disable-v2 command-line flag which may be used by build scripts in some branches. The flag is currently ignored. This change is landed separately from the actual support for APK Signature Scheme v2 because of unbundled branches which use prebuilt versions of signapk. Bug: 25794543 Change-Id: I900966244b8b6296b1f443bf98830cc7f7cc81a8
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
c2c49ed0c13846f7f96249c7419971dfcddc9215 |
|
11-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Unconditionally use SHA-256 when minSdkVersion is 18 or higher. SHA-1 is deprecated, but the replacement SHA-256 is only supported for JAR/APK and OTA update package signatures on API Level 18 and newer. This change thus adds a --min-sdk-version command-line parameter to signapk. When this parameter is set to 18 or higher, SHA-256 is used instead of SHA-1. When the parameter is not provided, SHA-1 is used same as before. This change also removes any other digests from the MANIFEST.MF. This is to ignore any MANIFEST.MF digests already there in the APK, such as when re-signing an already signed APK. Build scripts will be modified to provide the --min-sdk-version parameter in a follow-up change. This is not done in this change because of prebuilts which require a prebuilt version of signapk to support this parameter before the build scripts can be modified. Bug: 25643280 Change-Id: I6a2782e465600fe2a3ad0c10bd80db2b80a6fb76
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
8502937cff58c036a2ac05671e1e46d1cbb46425 |
|
12-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
List SHA-1 digests of APK entries' contents in .SF files. Due to a bug introduced in 8562fd478d7f1b1b693de5db67928f1993522c0a SHA-1 digests of APK entries' contents were listed under wrong attribute name. The effect is equivalent to not listing SHA-1 digests. This change fix the issue by listing SHA-1 digests under the correct attribute name. However, these digests are not that useful because: (1) typically the digest of the MANIFEST.MF verifies and thus the per-entry digests are ignored, and (2) per-entry digests of entries with names longer than 64 characters are wrong in any case because the digest generation code does not take into account that such names are split over multiple lines. An alternative to this change would be to completely omit outputting per-entry sections of .SF files, thus saving space and speeding up APK verification (.SF files would decompress faster). Bug: 26513901 Change-Id: If95d58e9baa62b1113639fe70724e1e9c9f4e15c
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|
fe7c1e59d15c9fd3f5f28ef555926547e26b8640 |
|
15-Dec-2015 |
Alex Klyubin <klyubin@google.com> |
Move signapk sources to src dir. This also makes source files follow the standard directory structure based on Java package names. Bug: 25794543 Change-Id: Ie0b568057f836e56407f76d29eeacd28ab907ba8
/build/make/tools/signapk/src/com/android/signapk/SignApk.java
|