apk签名-signapk.jar

如果做平台app开发，需要签platform签名，除了通过adroid.bp或者android.mk的方式使用AOSP整个大工程中签名外，还可以直接通过signapk.jar的方式进行签名，效率更高更快捷简便。

首先我们来回顾下AOSP平台签名的办法。

Android.mk 使用LOCAL_CERTIFICATE宏定义，值为platform。

LOCAL_PATH:= $(call my-dir)

########################################
# NCI Configuration
########################################
include $(CLEAR_VARS)

LOCAL_MODULE_TAGS := optional

LOCAL_SRC_FILES := \
        $(call all-java-files-under, src)

LOCAL_SRC_FILES += \
        $(call all-java-files-under, nci)

LOCAL_PACKAGE_NAME := NfcNci
LOCAL_CERTIFICATE := platform

LOCAL_JNI_SHARED_LIBRARIES := libnfc_nci_jni

LOCAL_JAVA_LIBRARIES := mediatek-telephony-base

LOCAL_STATIC_JAVA_LIBRARIES := android-support-v4 com.nxp.nfc

LOCAL_PROGUARD_ENABLED := disabled

include $(BUILD_PACKAGE)

include $(call all-makefiles-under,$(LOCAL_PATH))

android.bp 使用certificate标签，值写’platform"。

package {
    default_applicable_licenses: ["Android-Apache-2.0"],
}

genrule {
    name: "statslog-Nfc-java-gen",
    tools: ["stats-log-api-gen"],
    cmd: "$(location stats-log-api-gen) --java $(out) --module nfc --javaPackage com.android.nfc"
        + " --javaClass NfcStatsLog",
    out: ["com/android/nfc/NfcStatsLog.java"],
}

// NCI Configuration
android_app {
    name: "NfcNci",
    srcs: [
        "src/**/*.java",
        "nci/**/*.java",
        ":statslog-Nfc-java-gen",
    ],
    platform_apis: true,
    certificate: "platform",
    jni_libs: ["libnfc_nci_jni"],
    static_libs: ["androidx.appcompat_appcompat"],
    optimize: {
        enabled: false,
    },
}

以上两种方式需要进行前期整个编译系统工具链的编译准备工作，如果我们仅仅是为了快速签名，编码工作放置在Android studio工程里边进行。效率将大大提升。

准备工作：

我们只需要从在研Android工程中取得签名私钥和公钥进行签名。java 11环境。

• 公私密钥获取；

//build/target/product/目录
-rw-rw-r-- 1 user user 1218 May  6 09:48 bluetooth.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:48 bluetooth.x509.pem
-rw-rw-r-- 1 user user 1217 May  6 09:48 media.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:48 media.x509.pem
-rw-rw-r-- 1 user user 1219 May  6 09:50 networkstack.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:50 networkstack.x509.pem
-rw-rw-r-- 1 user user 1218 May  6 09:47 platform.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:47 platform.x509.pem
-rw-rw-r-- 1 user user 1219 May  6 09:47 releasekey.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:47 releasekey.x509.pem
-rw-rw-r-- 1 user user 1217 May  6 09:49 sdk_sandbox.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:49 sdk_sandbox.x509.pem
-rw-rw-r-- 1 user user 2662 Jun 12 12:06 shared.pk12
-rw-rw-r-- 1 user user 1217 May  6 09:48 shared.pk8
-rw-rw-r-- 1 user user 1399 May  6 09:48 shared.x509.pem
-rw-rw-r-- 1 user user 1217 Apr 19 16:56 testkey.pk8
-rw-rw-r-- 1 user user 1675 Apr 19 16:56 testkey.x509.pem

其中platform.pk8就是我们的私钥，platform.x509.pem就是我们的公钥。

• 签名工具signapk.jar包获取。

其也可以从Android项目工程里边获取到（这里以Android 13)为例，源码目录和编译结果。

// 源码目录
/build/tools/signapk/
-rw-rw-r-- 1 user user 1310 May 17 19:30 Android.bp
-rw-rw-r-- 1 user user   40 May 17 19:30 OWNERS
-rw-rw-r-- 1 user user   40 May 17 19:30 SignApk.mf
drwxrwxr-x 3 user user 4096 May 17 19:30 src
drwxrwxr-x 2 user user 4096 May 17 19:30 test


// android.bp
//
// Copyright (C) 2008 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// the signapk tool (a .jar application used to sign packages)
// ============================================================
package {
    default_applicable_licenses: ["Android-Apache-2.0"],
}
java_binary_host {
    name: "signapk",
    srcs: ["src/**/*.java"],
    manifest: "SignApk.mf",
    static_libs: [
        "apksig",
        "bouncycastle-unbundled",
        "bouncycastle-bcpkix-unbundled",
        "conscrypt-unbundled"，
    ],


    jni_libs: ["libconscrypt_openjdk_jni"],

    // The post-build signing tools need signapk.jar (and its shared libraries,
    // handled in their own Android.bp files)
    dist: {
        tag: ".jar",
        targets: ["droidcore"],
    },
}



// 编译结果
/out/soong/host/linux-x86/framework/
-rw-rw-r-- 1 user user   991094 May 17 20:57 apksigner.jar
-rw-rw-r-- 1 user user  1839296 May 17 20:57 boot_signer.jar
-rw-rw-r-- 1 user user  5966938 May 17 20:53 d8.jar
-rw-rw-r-- 1 user user   243200 May 17 20:57 jarjar.jar
-rw-rw-r-- 1 user user  6799007 May 17 20:53 manifest-merger.jar
-rw-rw-r-- 1 user user 76636731 May 17 20:58 metalava.jar
-rw-rw-r-- 1 user user  1636347 May 17 20:58 sdkparcelables.jar
-rw-rw-r-- 1 user user  2966159 May 17 20:58 signapk.jar
-rw-rw-r-- 1 user user  5238302 May 17 20:58 turbine.jar
-rw-rw-r-- 1 user user  1834529 May 17 20:58 verity_signer.jar
-rw-rw-r-- 1 user user   120110 May 17 20:58 xsdc.jar



/out/target/product/targetxxx_k419/obj/PACKAGING/otatools_intermediates/otatools/framework$ ls -l
total 7460
-rw-rw-r-- 1 user user  991094 May 17 20:58 apksigner.jar
-rw-rw-r-- 1 user user 1839296 May 17 20:58 boot_signer.jar
-rw-rw-r-- 1 user user 2966159 May 17 20:58 signapk.jar
-rw-rw-r-- 1 user user 1834529 May 17 20:58 verity_signer.jar

将jar包拷贝到本地。

• JAVA 11环境准备

本文不赘述，可自行查找文档。

签名过过程中，这里可能遇到一下几个报错。

1) java 8版本过低，signapk是在Android 13工程里边使用java 11编译的。需要将java环境切换到11环境。

user@swd:/local/sdb/src$ /usr/lib/jvm/java-8-openjdk-amd64/bin/java -jar signapk.jar ./platform.x509.pem ./platform.pk8 Testdemo.apk Testdemo_signed.apk
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: com/android/signapk/SignApk has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
	at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
	at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)

2）找不到libconscrypt_openjdk_jni.so; 同样可以从Android工程的编译目标里边去找到。

user@swd:/local/sdb/src$ /usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar signapk.jar ./platform.x509.pem ./platform.pk8 Testdemo.apk Testdemon_signed.apk
Exception in thread "main" java.lang.UnsatisfiedLinkError: no conscrypt_openjdk_jni-linux-x86_64 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
	at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
	at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
	at java.base/java.lang.System.loadLibrary(System.java:1873)
	at org.conscrypt.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:54)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.conscrypt.NativeLibraryLoader$1.run(NativeLibraryLoader.java:297)
	at org.conscrypt.NativeLibraryLoader$1.run(NativeLibraryLoader.java:289)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.conscrypt.NativeLibraryLoader.loadLibraryFromHelperClassloader(NativeLibraryLoader.java:289)
	at org.conscrypt.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:262)
	at org.conscrypt.NativeLibraryLoader.load(NativeLibraryLoader.java:162)
	at org.conscrypt.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:106)
	at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:50)
	at org.conscrypt.NativeCrypto.(NativeCrypto.java:64)
	at org.conscrypt.OpenSSLProvider.(OpenSSLProvider.java:60)
	at org.conscrypt.OpenSSLProvider.(OpenSSLProvider.java:53)
	at org.conscrypt.OpenSSLProvider.(OpenSSLProvider.java:49)
	at com.android.signapk.SignApk.main(SignApk.java:1068)
	Suppressed: java.lang.UnsatisfiedLinkError: no conscrypt_openjdk_jni-linux-x86_64 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
		at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
		at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
		at java.base/java.lang.System.loadLibrary(System.java:1873)
		at org.conscrypt.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:54)
		at org.conscrypt.NativeLibraryLoader.loadLibraryFromCurrentClassloader(NativeLibraryLoader.java:318)
		at org.conscrypt.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:273)
		... 8 more
	Suppressed: java.lang.UnsatisfiedLinkError: no conscrypt_openjdk_jni in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
		... 21 more
	Suppressed: java.lang.UnsatisfiedLinkError: no conscrypt_openjdk_jni in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
		at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
		at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
		at java.base/java.lang.System.loadLibrary(System.java:1873)
		at org.conscrypt.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:54)
		at org.conscrypt.NativeLibraryLoader.loadLibraryFromCurrentClassloader(NativeLibraryLoader.java:318)
		at org.conscrypt.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:273)
		... 8 more
	Suppressed: java.lang.UnsatisfiedLinkError: no conscrypt in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
		... 21 more
	Suppressed: java.lang.UnsatisfiedLinkError: no conscrypt in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
		at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
		at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
		at java.base/java.lang.System.loadLibrary(System.java:1873)
		at org.conscrypt.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:54)
		at org.conscrypt.NativeLibraryLoader.loadLibraryFromCurrentClassloader(NativeLibraryLoader.java:318)
		at org.conscrypt.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:273)
		... 8 more

libconscrypt_openjdk_jni.so 位置。

user@swd:~/samba/coding/targetxxx/out/soong/host/linux-x86/lib64$ ls -l
total 147680
-rwxrwxr-x 1 user user  2478432 May 17 20:45 libbase.so
-rwxrwxr-x 1 user user  2104080 May 17 20:57 libbrillo.so
-rwxrwxr-x 1 user user  1279848 May 17 20:57 libbrillo-stream.so
-rwxrwxr-x 1 user user    97840 May 17 20:45 libcgrouprc.so
-rwxrwxr-x 1 user user 18948392 May 17 20:57 libchrome.so
-rwxrwxr-x 1 user user 12570832 May 17 20:46 libconscrypt_openjdk_jni.so
-rwxrwxr-x 1 user user  7067056 May 17 20:43 libcrypto-host.so
-rwxrwxr-x 1 user user    19376 May 17 20:44 libcrypto_utils.so
-rwxrwxr-x 1 user user  5334576 May 17 20:43 libc++.so
-rwxrwxr-x 1 user user   212312 May 17 20:45 libcutils.so
-rwxrwxr-x 1 user user  1288304 May 17 20:44 libevent-host.so
-rwxrwxr-x 1 user user   197224 May 17 20:44 libext2_blkid-host.so
-rwxrwxr-x 1 user user    31392 May 17 20:44 libext2_com_err-host.so
-rwxrwxr-x 1 user user   109184 May 17 20:44 libext2_e2p-host.so
-rwxrwxr-x 1 user user  1579128 May 17 20:47 libext2fs-host.so
-rwxrwxr-x 1 user user   255208 May 17 20:47 libext2_quota-host.so
-rwxrwxr-x 1 user user    44688 May 17 20:44 libext2_uuid-host.so
-rwxrwxr-x 1 user user    45744 May 17 20:47 libext4_utils.so
-rwxrwxr-x 1 user user   189752 May 17 20:44 libfdt.so
-rwxrwxr-x 1 user user   574784 May 17 20:47 libfec.so
-rwxrwxr-x 1 user user   357824 May 17 20:45 libhidl-gen-utils.so
-rwxrwxr-x 1 user user   433136 May 17 20:56 libhidlmetadata.so
-rwxrwxr-x 1 user user 16669600 May 17 20:44 libicui18n-host.so
-rwxrwxr-x 1 user user  9982520 May 17 20:44 libicuuc-host.so
-rwxrwxr-x 1 user user   530264 May 17 20:45 liblog.so
-rwxrwxr-x 1 user user  1382984 May 17 20:48 liblpdump.so
-rwxrwxr-x 1 user user  2237584 May 17 20:47 liblp.so
-rwxrwxr-x 1 user user   979528 May 17 20:45 libpcre2.so
-rwxrwxr-x 1 user user  3460288 May 17 20:45 libprocessgroup.so
-rwxrwxr-x 1 user user 27677328 May 17 20:47 libprotobuf-cpp-full.so
-rwxrwxr-x 1 user user  4465064 May 17 20:45 libprotobuf-cpp-lite.so
-rwxrwxr-x 1 user user   405824 May 17 20:45 libselinux.so
-rwxrwxr-x 1 user user   148848 May 17 20:47 libsparse-host.so
-rwxrwxr-x 1 user user  5821664 May 17 20:46 libsqlite.so
-rwxrwxr-x 1 user user    11488 May 17 20:46 libsquashfs_utils.so
-rwxrwxr-x 1 user user  3042256 May 17 20:46 libssl-host.so
-rwxrwxr-x 1 user user   367568 May 17 20:47 libtinyxml2.so
-rwxrwxr-x 1 user user 12502584 May 17 20:47 libvintf.so
-rwxrwxr-x 1 user user  5141736 May 17 20:47 libxml2.so
-rwxrwxr-x 1 user user   312624 May 17 20:47 libz-host.so
-rwxrwxr-x 1 user user   773648 May 17 20:47 libziparchive.so
user@swd:~/samba/coding/targetxxx/out/soong/host/linux-x86/lib64$

user@swd:~/samba/coding/targetxxx/out/target/product/targetxxx_k419/obj/PACKAGING/otatools_intermediates/otatools/lib64$ ls -l
total 101512
-rwxrwxr-x 1 user user  2478432 May 17 20:58 libbase.so
-rwxrwxr-x 1 user user  2104080 May 17 20:58 libbrillo.so
-rwxrwxr-x 1 user user  1279848 May 17 20:58 libbrillo-stream.so
-rwxrwxr-x 1 user user    97840 May 17 20:58 libcgrouprc.so
-rwxrwxr-x 1 user user 18948392 May 17 20:58 libchrome.so
-rwxrwxr-x 1 user user 12570832 May 17 20:58 libconscrypt_openjdk_jni.so
-rwxrwxr-x 1 user user  7067056 May 17 20:58 libcrypto-host.so
-rwxrwxr-x 1 user user    19376 May 17 20:58 libcrypto_utils.so
-rwxrwxr-x 1 user user  5334576 May 17 20:58 libc++.so
-rwxrwxr-x 1 user user   212312 May 17 20:58 libcutils.so
-rwxrwxr-x 1 user user  1288304 May 17 20:58 libevent-host.so
-rwxrwxr-x 1 user user   197224 May 17 20:58 libext2_blkid-host.so
-rwxrwxr-x 1 user user    31392 May 17 20:58 libext2_com_err-host.so
-rwxrwxr-x 1 user user   109184 May 17 20:58 libext2_e2p-host.so
-rwxrwxr-x 1 user user  1579128 May 17 20:58 libext2fs-host.so
-rwxrwxr-x 1 user user   255208 May 17 20:58 libext2_quota-host.so
-rwxrwxr-x 1 user user    44688 May 17 20:58 libext2_uuid-host.so
-rwxrwxr-x 1 user user    45744 May 17 20:58 libext4_utils.so
-rwxrwxr-x 1 user user   574784 May 17 20:58 libfec.so
-rwxrwxr-x 1 user user   357824 May 17 20:58 libhidl-gen-utils.so
-rwxrwxr-x 1 user user   433136 May 17 20:58 libhidlmetadata.so
-rwxrwxr-x 1 user user 16669600 May 17 20:58 libicui18n-host.so
-rwxrwxr-x 1 user user  9982520 May 17 20:58 libicuuc-host.so
-rwxrwxr-x 1 user user   530264 May 17 20:58 liblog.so
-rwxrwxr-x 1 user user  2237584 May 17 20:58 liblp.so
-rwxrwxr-x 1 user user   979528 May 17 20:58 libpcre2.so
-rwxrwxr-x 1 user user  3460288 May 17 20:58 libprocessgroup.so
-rwxrwxr-x 1 user user  4465064 May 17 20:58 libprotobuf-cpp-lite.so
-rwxrwxr-x 1 user user   405824 May 17 20:58 libselinux.so
-rwxrwxr-x 1 user user   148848 May 17 20:58 libsparse-host.so
-rwxrwxr-x 1 user user  5821664 May 17 20:58 libsqlite.so
-rwxrwxr-x 1 user user    11488 May 17 20:58 libsquashfs_utils.so
-rwxrwxr-x 1 user user  3042256 May 17 20:58 libssl-host.so
-rwxrwxr-x 1 user user   312624 May 17 20:58 libz-host.so
-rwxrwxr-x 1 user user   773648 May 17 20:58 libziparchive.so
user@swd:~/samba/coding/targetxxx/out/target/product/targetxxx_k419/obj/PACKAGING/otatools_intermediates/otatools/lib64$

以上两个目录均可获取，拷贝到本地目录。

【签名命令】

/usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar -Djava.library.path=. signapk.jar ./platform.x509.pem ./platform.pk8 Testdemo.apk Testdemo_signed.apk

格式：

java -jar -Djava.library.path=. 当前目录 signapk.jar [公钥] [私钥] [老输入apk名称]  [新输出签名apk名称]