mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-01 01:36:09 +03:00
124 lines
3.6 KiB
Python
Executable File
124 lines
3.6 KiB
Python
Executable File
#!/usr/bin/env python
|
|
#
|
|
# Copyright 2013 The Chromium Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
"""Signs and zipaligns APK.
|
|
|
|
"""
|
|
|
|
import optparse
|
|
import os
|
|
import shutil
|
|
import sys
|
|
import tempfile
|
|
import zipfile
|
|
|
|
# resource_sizes modifies zipfile for zip64 compatibility. See
|
|
# https://bugs.python.org/issue14315.
|
|
sys.path.append(os.path.join(os.path.dirname(__file__), os.pardir))
|
|
import resource_sizes # pylint: disable=unused-import
|
|
|
|
from util import build_utils
|
|
|
|
|
|
def JarSigner(key_path, key_name, key_passwd, unsigned_path, signed_path):
|
|
shutil.copy(unsigned_path, signed_path)
|
|
sign_cmd = [
|
|
'jarsigner',
|
|
'-sigalg', 'MD5withRSA',
|
|
'-digestalg', 'SHA1',
|
|
'-keystore', key_path,
|
|
'-storepass', key_passwd,
|
|
signed_path,
|
|
key_name,
|
|
]
|
|
build_utils.CheckOutput(sign_cmd)
|
|
|
|
|
|
def AlignApk(zipalign_path, unaligned_path, final_path):
|
|
# Note -p will page align native libraries (files ending with .so), but
|
|
# only those that are stored uncompressed.
|
|
align_cmd = [
|
|
zipalign_path,
|
|
'-p',
|
|
'-f',
|
|
]
|
|
|
|
|
|
align_cmd += [
|
|
'4', # 4 bytes
|
|
unaligned_path,
|
|
final_path,
|
|
]
|
|
build_utils.CheckOutput(align_cmd)
|
|
|
|
|
|
def main(args):
|
|
args = build_utils.ExpandFileArgs(args)
|
|
|
|
parser = optparse.OptionParser()
|
|
build_utils.AddDepfileOption(parser)
|
|
|
|
parser.add_option('--zipalign-path', help='Path to the zipalign tool.')
|
|
parser.add_option('--unsigned-apk-path', help='Path to input unsigned APK.')
|
|
parser.add_option('--final-apk-path',
|
|
help='Path to output signed and aligned APK.')
|
|
parser.add_option('--key-path', help='Path to keystore for signing.')
|
|
parser.add_option('--key-passwd', help='Keystore password')
|
|
parser.add_option('--key-name', help='Keystore name')
|
|
|
|
options, _ = parser.parse_args()
|
|
|
|
input_paths = [
|
|
options.unsigned_apk_path,
|
|
options.key_path,
|
|
]
|
|
|
|
input_strings = [
|
|
options.key_name,
|
|
options.key_passwd,
|
|
]
|
|
|
|
build_utils.CallAndWriteDepfileIfStale(
|
|
lambda: FinalizeApk(options),
|
|
options,
|
|
record_path=options.unsigned_apk_path + '.finalize.md5.stamp',
|
|
input_paths=input_paths,
|
|
input_strings=input_strings,
|
|
output_paths=[options.final_apk_path])
|
|
|
|
|
|
def _NormalizeZip(path):
|
|
with tempfile.NamedTemporaryFile(suffix='.zip') as hermetic_signed_apk:
|
|
with zipfile.ZipFile(path, 'r') as zi:
|
|
with zipfile.ZipFile(hermetic_signed_apk, 'w') as zo:
|
|
for info in zi.infolist():
|
|
# Ignore 'extended local file headers'. Python doesn't write them
|
|
# properly (see https://bugs.python.org/issue1742205) which causes
|
|
# zipalign to miscalculate alignment. Since we don't use them except
|
|
# for alignment anyway, we write a stripped file here and let
|
|
# zipalign add them properly later. eLFHs are controlled by 'general
|
|
# purpose bit flag 03' (0x08) so we mask that out.
|
|
info.flag_bits = info.flag_bits & 0xF7
|
|
|
|
info.date_time = build_utils.HERMETIC_TIMESTAMP
|
|
zo.writestr(info, zi.read(info.filename))
|
|
|
|
shutil.copy(hermetic_signed_apk.name, path)
|
|
|
|
|
|
def FinalizeApk(options):
|
|
with tempfile.NamedTemporaryFile() as signed_apk_path_tmp:
|
|
signed_apk_path = signed_apk_path_tmp.name
|
|
JarSigner(options.key_path, options.key_name, options.key_passwd,
|
|
options.unsigned_apk_path, signed_apk_path)
|
|
# Make the newly added signing files hermetic.
|
|
_NormalizeZip(signed_apk_path)
|
|
|
|
AlignApk(options.zipalign_path, signed_apk_path, options.final_apk_path)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
sys.exit(main(sys.argv[1:]))
|