| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When signapk.jar is invoked by scripts like
sign_target_files_apks.py, there is no console as signapk is
invoked using popen(). To support signing of APKs using
software keys with passwords, we need to read
the password from stdin if there is no console.
Change-Id: Icf69ba1e58bf1f91979eaf1d3b91cb202782e8fd
Signed-off-by: adattatr <anisha.dattatraya.kulkarni@intel.com>
Signed-off-by: Brad Geltz <brad.geltz@intel.com>
Ticket: CYNGNOS-1725
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Reads the password through console instead of stdin directly and returns it as a string.
Change-Id: I52e525680b93e9729158f4902b22f985245dbf2f
Signed-off-by: zhang jun <jun.zhang@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
|
| |/
|
|
|
|
| |
The new API in 1.51 will allow null return values.
Change-Id: I583690bf0740b2d0962f02edea3896e18626e548
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When signing an APK, make the SignApk tool align the stored entries to
(by default) 4-byte boundaries. This obviates the need to run the
separate zipalign tool, which currently does this job.
The alignment byte count can be specified with the -a option. OTA
package signing (with -w) never does alignment.
The order of files in the output APK is changed so that all stored
files come first in the output, followed by all non-stored files.
This is not expected to have any impact in practice.
Change-Id: Iaeef89b2a7283e25fadb99c0a0f0641f682d76b8
|
| |
|
|
|
|
|
| |
ECDSA works in the recovery verifier, so we can allow OTA updates to be
signed with EC keys.
Change-Id: If8f2be028843fbfd6c8c9c41b492605d9b5cbeb0
|
| |
|
|
|
|
|
| |
For supporting loading a custom key type provider, add a -providerClass
argument that loads the selected JCE at the front of the provider list.
Change-Id: I3df16f7c570d36e08806b614d6f30c41cb117565
|
| |
|
|
|
|
|
|
|
|
|
| |
The PKCS#8 PrivateKeyInfo structure has the algorithm OID encoded right
before the actual key octet stream is encoded. Use Bouncycastle to read
the OID for creation with the key factory.
This aids in the creation of custom key types that are backed by
hardware devices (e.g., HSMs) and have their own assigned OIDs.
Change-Id: If5d8fe07bc157e9bb5a3fb5f99091e924143105f
|
| |
|
|
| |
Change-Id: I09bc0e52fc84ec321b997016a8f97de1bfd2770d
|
| |
|
|
|
|
| |
(cherry picked from commit c0581a02ede48007623030c4ce13174ee972cc42)
Change-Id: I6212e0f3a6aa3265b111f0f7348b667af4a668b0
|
| |
|
|
|
|
| |
Author: Koushik Dutta <koushd@gmail.com>
Change-Id: I58a68fa4bd4c0c3bb0e025d4311186195fb90e5a
|
| |
|
|
|
|
|
| |
Support signing .apks (but not OTA packages) with multiple keys.
Bug: 7350459
Change-Id: I794e1da0555e2bb9247a59c756656d4ca7ee04cf
|
| |
|
|
|
|
|
| |
Remove use of the private sun.security.* classes for generating pkcs7
signatures and use bouncy castle instead.
Change-Id: Ie8213575461975085d119e000e764d2a28c26715
|
| |
|
|
|
|
|
|
|
| |
Change to the default compression level instead of the max compression
level for OTA packages (-w): it's much faster and the difference in
output size is usually negligible.
Bug: 6778962
Change-Id: I82a6acc19be8b3289fd84c8c15f03ebeb7a1ce63
|
| |
|
|
|
|
|
|
|
|
|
| |
When signing a file with -w (ie, an OTA package), add the file
META-INF/com/android/otacert, which is a copy of the public key
certificate. While this can be extracted from the CERT.RSA file,
having a copy of it more easily accessible makes it easier to write
tools.
Bug: 6477365
Change-Id: I8cdb19536eca9a223c2b954e3f8ea0d9f3f86f02
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The java.util.jar implementation through Android 1.6 has a
bug where if the signature file in META-INF is a multiple
of 1024 bytes, it will throw an IOException attempting to
read it.
If signapk would produce a CERT.SF in a multiple of 1024
bytes, add an extra CRLF to the end of the file.
Bug: 3019677
Change-Id: I23d4a36e12e224be600d3ac39379b5b5a022a628
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(Actually there was a tapas command that just called choosecombo).
The new better tapas command is for building unbundled apps. Run
it with one or more modules to build and optionally a build variant.
tapas [variant] App1 App2 ...
If you don't supply a build variant, it defaults to eng.
Change-Id: I02214abd0b5ad02e364fcb024e10cf6ad17a9e68
|
| |
|
|
|
|
|
|
|
|
| |
The two 0xff bytes were intended to easily distinguish files with
whole file signatures from those without, but I got the endianness
backwards. Go ahead and fix that, as long as I'm making changes to
the verifier anyway.
Check for a signature that includes the sequence 0x50 0x4b 0x05 0x06,
which looks to minzip like the start of the EOCD block.
|
| |
|
|
|
|
|
|
| |
Make SignApk generate a signature for (nearly) the entire zip file
when run with the -w option. The signature covers all of the zip file
except for the archive comment (conveniently the last thing in a zip
file); the archive comment field is used to contain the signature
itself.
|
| |
|
|
|
|
|
|
| |
SignApk fixes the timestamp of the signature files it adds. Use that
same timestamp for all the files, so that the modtime doesn't vary
from build to build. (Incremental OTAs currently spend significant
time rewriting every .apk to do nothing but patch in timestamp
changes.)
|
| |
|
|
|
|
|
| |
Change signapk to not propagate other signatures to the output
archive. Multiple signatures seem to confuse the package manager, as
we saw with Maps, and other partners are checking in prebuilt APKs for
google experience devices signed with random other things.
|
| | |
|
| | |
|
| | |
|
| |
|
