Commit graph

14 commits

Author SHA1 Message Date
Koushik Dutta
29706d155a SignApk: perform the whole file signature in a single streaming pass.
Author: Koushik Dutta <koushd@gmail.com>

Change-Id: I58a68fa4bd4c0c3bb0e025d4311186195fb90e5a
2013-01-03 14:00:40 -08:00
Doug Zongker
b14c97621b add multiple key support to signapk
Support signing .apks (but not OTA packages) with multiple keys.

Bug: 7350459
Change-Id: I794e1da0555e2bb9247a59c756656d4ca7ee04cf
2013-01-02 13:31:00 -08:00
Doug Zongker
147626e624 change SignApk.java to use bouncy castle for signing
Remove use of the private sun.security.* classes for generating pkcs7
signatures and use bouncy castle instead.

Change-Id: Ie8213575461975085d119e000e764d2a28c26715
2012-09-18 23:29:10 -07:00
Doug Zongker
e691373514 make SignApk faster for OTA packages
Change to the default compression level instead of the max compression
level for OTA packages (-w): it's much faster and the difference in
output size is usually negligible.

Bug: 6778962
Change-Id: I82a6acc19be8b3289fd84c8c15f03ebeb7a1ce63
2012-07-03 15:03:04 -07:00
Doug Zongker
7bb042317a add copy of public cert used for signing to OTA packages
When signing a file with -w (ie, an OTA package), add the file
META-INF/com/android/otacert, which is a copy of the public key
certificate.  While this can be extracted from the CERT.RSA file,
having a copy of it more easily accessible makes it easier to write
tools.

Bug: 6477365
Change-Id: I8cdb19536eca9a223c2b954e3f8ea0d9f3f86f02
2012-05-11 09:22:29 -07:00
Ficus Kirkpatrick
7978d50edb Add a workaround for a platform JAR parsing bug.
The java.util.jar implementation through Android 1.6 has a
bug where if the signature file in META-INF is a multiple
of 1024 bytes, it will throw an IOException attempting to
read it.

If signapk would produce a CERT.SF in a multiple of 1024
bytes, add an extra CRLF to the end of the file.

Bug: 3019677
Change-Id: I23d4a36e12e224be600d3ac39379b5b5a022a628
2010-09-24 10:24:53 -07:00
Doug Zongker
badd2ca451 fix endianness problem with the tail of the signature comment
The two 0xff bytes were intended to easily distinguish files with
whole file signatures from those without, but I got the endianness
backwards.  Go ahead and fix that, as long as I'm making changes to
the verifier anyway.

Check for a signature that includes the sequence 0x50 0x4b 0x05 0x06,
which looks to minzip like the start of the EOCD block.
2009-08-14 17:15:46 -07:00
Doug Zongker
c6cf01a117 add whole-file signature mode to SignApk
Make SignApk generate a signature for (nearly) the entire zip file
when run with the -w option.  The signature covers all of the zip file
except for the archive comment (conveniently the last thing in a zip
file); the archive comment field is used to contain the signature
itself.
2009-08-14 12:25:05 -07:00
Doug Zongker
a237874ccf fix the modtime of files in the apk when signing
SignApk fixes the timestamp of the signature files it adds.  Use that
same timestamp for all the files, so that the modtime doesn't vary
from build to build.  (Incremental OTAs currently spend significant
time rewriting every .apk to do nothing but patch in timestamp
changes.)
2009-07-15 15:43:39 -07:00
Doug Zongker
af482b62e5 make signapk strip other signatures
Change signapk to not propagate other signatures to the output
archive.  Multiple signatures seem to confuse the package manager, as
we saw with Maps, and other partners are checking in prebuilt APKs for
google experience devices signed with random other things.
2009-06-11 19:24:50 -07:00
The Android Open Source Project
88b607994a auto import from //depot/cupcake/@135843 2009-03-03 19:28:42 -08:00
The Android Open Source Project
05806d7af6 auto import from //depot/cupcake/@135843 2009-03-03 18:28:14 -08:00
The Android Open Source Project
dcc08f073b Code drop from //branches/cupcake/...@124589 2008-12-17 18:03:49 -08:00
The Android Open Source Project
b6c1cf6de7 Initial Contribution 2008-10-21 07:00:00 -07:00