From af482b62e50b70e469426681584503eab1b308e9 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Mon, 8 Jun 2009 10:46:55 -0700 Subject: make signapk strip other signatures Change signapk to not propagate other signatures to the output archive. Multiple signatures seem to confuse the package manager, as we saw with Maps, and other partners are checking in prebuilt APKs for google experience devices signed with random other things. --- tools/signapk/SignApk.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'tools/signapk') diff --git a/tools/signapk/SignApk.java b/tools/signapk/SignApk.java index 340a9f5..fb55028 100644 --- a/tools/signapk/SignApk.java +++ b/tools/signapk/SignApk.java @@ -62,6 +62,7 @@ import java.util.jar.JarEntry; import java.util.jar.JarFile; import java.util.jar.JarOutputStream; import java.util.jar.Manifest; +import java.util.regex.Pattern; import javax.crypto.Cipher; import javax.crypto.EncryptedPrivateKeyInfo; import javax.crypto.SecretKeyFactory; @@ -75,6 +76,10 @@ class SignApk { private static final String CERT_SF_NAME = "META-INF/CERT.SF"; private static final String CERT_RSA_NAME = "META-INF/CERT.RSA"; + // Files matching this pattern are not copied to the output. + private static Pattern stripPattern = + Pattern.compile("^META-INF/(.*)[.](SF|RSA|DSA)$"); + private static X509Certificate readPublicKey(File file) throws IOException, GeneralSecurityException { FileInputStream input = new FileInputStream(file); @@ -193,7 +198,9 @@ class SignApk { for (JarEntry entry: byName.values()) { String name = entry.getName(); if (!entry.isDirectory() && !name.equals(JarFile.MANIFEST_NAME) && - !name.equals(CERT_SF_NAME) && !name.equals(CERT_RSA_NAME)) { + !name.equals(CERT_SF_NAME) && !name.equals(CERT_RSA_NAME) && + (stripPattern == null || + !stripPattern.matcher(name).matches())) { InputStream data = jar.getInputStream(entry); while ((num = data.read(buffer)) > 0) { md.update(buffer, 0, num); -- cgit v1.1