| #!/usr/bin/env python |
| # |
| # Copyright 2013 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| """Signs and zipaligns APK. |
| |
| """ |
| |
| import optparse |
| import os |
| import shutil |
| import sys |
| import tempfile |
| import zipfile |
| |
| # resource_sizes modifies zipfile for zip64 compatibility. See |
| # https://bugs.python.org/issue14315. |
| sys.path.append(os.path.join(os.path.dirname(__file__), os.pardir)) |
| import resource_sizes # pylint: disable=unused-import |
| |
| from util import build_utils |
| |
| |
| def JarSigner(key_path, key_name, key_passwd, unsigned_path, signed_path): |
| shutil.copy(unsigned_path, signed_path) |
| sign_cmd = [ |
| 'jarsigner', |
| '-sigalg', 'MD5withRSA', |
| '-digestalg', 'SHA1', |
| '-keystore', key_path, |
| '-storepass', key_passwd, |
| signed_path, |
| key_name, |
| ] |
| build_utils.CheckOutput(sign_cmd) |
| |
| |
| def AlignApk(zipalign_path, unaligned_path, final_path): |
| # Note -p will page align native libraries (files ending with .so), but |
| # only those that are stored uncompressed. |
| align_cmd = [ |
| zipalign_path, |
| '-p', |
| '-f', |
| ] |
| |
| |
| align_cmd += [ |
| '4', # 4 bytes |
| unaligned_path, |
| final_path, |
| ] |
| build_utils.CheckOutput(align_cmd) |
| |
| |
| def main(args): |
| args = build_utils.ExpandFileArgs(args) |
| |
| parser = optparse.OptionParser() |
| build_utils.AddDepfileOption(parser) |
| |
| parser.add_option('--zipalign-path', help='Path to the zipalign tool.') |
| parser.add_option('--unsigned-apk-path', help='Path to input unsigned APK.') |
| parser.add_option('--final-apk-path', |
| help='Path to output signed and aligned APK.') |
| parser.add_option('--key-path', help='Path to keystore for signing.') |
| parser.add_option('--key-passwd', help='Keystore password') |
| parser.add_option('--key-name', help='Keystore name') |
| |
| options, _ = parser.parse_args() |
| |
| input_paths = [ |
| options.unsigned_apk_path, |
| options.key_path, |
| ] |
| |
| input_strings = [ |
| options.key_name, |
| options.key_passwd, |
| ] |
| |
| build_utils.CallAndWriteDepfileIfStale( |
| lambda: FinalizeApk(options), |
| options, |
| record_path=options.unsigned_apk_path + '.finalize.md5.stamp', |
| input_paths=input_paths, |
| input_strings=input_strings, |
| output_paths=[options.final_apk_path]) |
| |
| |
| def _NormalizeZip(path): |
| with tempfile.NamedTemporaryFile(suffix='.zip') as hermetic_signed_apk: |
| with zipfile.ZipFile(path, 'r') as zi: |
| with zipfile.ZipFile(hermetic_signed_apk, 'w') as zo: |
| for info in zi.infolist(): |
| # Ignore 'extended local file headers'. Python doesn't write them |
| # properly (see https://bugs.python.org/issue1742205) which causes |
| # zipalign to miscalculate alignment. Since we don't use them except |
| # for alignment anyway, we write a stripped file here and let |
| # zipalign add them properly later. eLFHs are controlled by 'general |
| # purpose bit flag 03' (0x08) so we mask that out. |
| info.flag_bits = info.flag_bits & 0xF7 |
| |
| info.date_time = build_utils.HERMETIC_TIMESTAMP |
| zo.writestr(info, zi.read(info.filename)) |
| |
| shutil.copy(hermetic_signed_apk.name, path) |
| |
| |
| def FinalizeApk(options): |
| with tempfile.NamedTemporaryFile() as signed_apk_path_tmp: |
| signed_apk_path = signed_apk_path_tmp.name |
| JarSigner(options.key_path, options.key_name, options.key_passwd, |
| options.unsigned_apk_path, signed_apk_path) |
| # Make the newly added signing files hermetic. |
| _NormalizeZip(signed_apk_path) |
| |
| AlignApk(options.zipalign_path, signed_apk_path, options.final_apk_path) |
| |
| |
| if __name__ == '__main__': |
| sys.exit(main(sys.argv[1:])) |