diff options
author | Ville Voutilainen <ville.voutilainen@qt.io> | 2022-11-23 10:39:08 +0200 |
---|---|---|
committer | Ville Voutilainen <ville.voutilainen@qt.io> | 2022-11-23 18:01:01 +0200 |
commit | e3e8267db4c3f7e4f82e88fe73b62fea7b714f16 (patch) | |
tree | 928631950957416902b99236cd44f0d1e59991e0 | |
parent | 9374d96406679163923080c1dc47bfb89c783e0c (diff) |
Android: Fix signing of APKs that are generated when an AAB is also built
To simplify matters, this removes the support for signing APKs with
just jarsigner. apksigner is always used for APKs, and jarsigner is
used for AABs. I consider that to be just fine, you _have_ to start
using apksigner eventually, and the time for that is long past.
Task-number: QTBUG-91255
Change-Id: I211ae796db0f2619265deb1f30ab3cc5d1ecfbc9
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
(cherry picked from commit b82c5f9b7f21ddfe5d7f3053dd422c38ccd3187d)
Reviewed-by: Rami Potinkara <rami.potinkara@qt.io>
-rw-r--r-- | src/tools/androiddeployqt/main.cpp | 68 |
1 files changed, 8 insertions, 60 deletions
diff --git a/src/tools/androiddeployqt/main.cpp b/src/tools/androiddeployqt/main.cpp index e51d244237..dfbac5a662 100644 --- a/src/tools/androiddeployqt/main.cpp +++ b/src/tools/androiddeployqt/main.cpp @@ -129,7 +129,6 @@ struct Options , internalSf(false) , sectionsOnly(false) , protectedAuthenticationPath(false) - , jarSigner(false) , installApk(false) , uninstallApk(false) {} @@ -214,7 +213,6 @@ struct Options bool internalSf; bool sectionsOnly; bool protectedAuthenticationPath; - bool jarSigner; QString apkPath; // Installation information @@ -423,7 +421,6 @@ Options parseOptions() } else if (argument.compare(QLatin1String("--aab"), Qt::CaseInsensitive) == 0) { options.buildAAB = true; options.build = true; - options.jarSigner = true; } else if (!options.buildAAB && argument.compare(QLatin1String("--no-build"), Qt::CaseInsensitive) == 0) { options.build = false; } else if (argument.compare(QLatin1String("--install"), Qt::CaseInsensitive) == 0) { @@ -526,8 +523,6 @@ Options parseOptions() options.sectionsOnly = true; } else if (argument.compare(QLatin1String("--protected"), Qt::CaseInsensitive) == 0) { options.protectedAuthenticationPath = true; - } else if (argument.compare(QLatin1String("--jarsigner"), Qt::CaseInsensitive) == 0) { - options.jarSigner = true; } else if (argument.compare(QLatin1String("--aux-mode"), Qt::CaseInsensitive) == 0) { options.auxMode = true; } @@ -598,8 +593,7 @@ void printHelp() " --internalsf: Include the .SF file inside the signature block.\n" " --sectionsonly: Don't compute hash of entire manifest.\n" " --protected: Keystore has protected authentication path.\n" - " --jarsigner: Force jarsigner usage, otherwise apksigner will be\n" - " used if available.\n" + " --jarsigner: Deprecated, ignored.\n" " --jdk <path/to/jdk>: Used to find the jarsigner tool when used\n" " in combination with the --release argument. By default,\n" " an attempt is made to detect the tool using the JAVA_HOME and\n" @@ -2606,7 +2600,7 @@ bool copyStdCpp(Options *options) return copyFileIfNewer(stdCppPath, destinationFile, *options); } -bool jarSignerSignPackage(const Options &options) +bool signAAB(const Options &options) { if (options.verbose) fprintf(stdout, "Signing Android package.\n"); @@ -2665,7 +2659,7 @@ bool jarSignerSignPackage(const Options &options) if (options.protectedAuthenticationPath) jarSignerTool += QLatin1String(" -protected"); - auto signPackage = [&](const QString &file) { + auto jarSignPackage = [&](const QString &file) { fprintf(stdout, "Signing file %s\n", qPrintable(file)); fflush(stdout); QString command = jarSignerTool @@ -2695,52 +2689,9 @@ bool jarSignerSignPackage(const Options &options) return true; }; - if (!signPackage(packagePath(options, UnsignedAPK))) + if (options.buildAAB && !jarSignPackage(packagePath(options, AAB))) return false; - if (options.buildAAB && !signPackage(packagePath(options, AAB))) - return false; - - QString zipAlignTool = options.sdkPath + QLatin1String("/tools/zipalign"); -#if defined(Q_OS_WIN32) - zipAlignTool += QLatin1String(".exe"); -#endif - - if (!QFile::exists(zipAlignTool)) { - zipAlignTool = options.sdkPath + QLatin1String("/build-tools/") + options.sdkBuildToolsVersion + QLatin1String("/zipalign"); -#if defined(Q_OS_WIN32) - zipAlignTool += QLatin1String(".exe"); -#endif - if (!QFile::exists(zipAlignTool)) { - fprintf(stderr, "zipalign tool not found: %s\n", qPrintable(zipAlignTool)); - return false; - } - } - - zipAlignTool = QLatin1String("%1%2 -f 4 %3 %4") - .arg(shellQuote(zipAlignTool), - options.verbose ? QLatin1String(" -v") : QLatin1String(), - shellQuote(packagePath(options, UnsignedAPK)), - shellQuote(packagePath(options, SignedAPK))); - - FILE *zipAlignCommand = openProcess(zipAlignTool); - if (zipAlignCommand == 0) { - fprintf(stderr, "Couldn't run zipalign.\n"); - return false; - } - - char buffer[512]; - while (fgets(buffer, sizeof(buffer), zipAlignCommand) != 0) - fprintf(stdout, "%s", buffer); - - int errorCode = pclose(zipAlignCommand); - if (errorCode != 0) { - fprintf(stderr, "zipalign command failed.\n"); - if (!options.verbose) - fprintf(stderr, " -- Run with --verbose for more information.\n"); - return false; - } - - return QFile::remove(packagePath(options, UnsignedAPK)); + return true; } bool signPackage(const Options &options) @@ -2749,12 +2700,6 @@ bool signPackage(const Options &options) #if defined(Q_OS_WIN32) apksignerTool += QLatin1String(".bat"); #endif - - if (options.jarSigner || !QFile::exists(apksignerTool)) - return jarSignerSignPackage(options); - - // APKs signed with apksigner must not be changed after they're signed, therefore we need to zipalign it before we sign it. - QString zipAlignTool = options.sdkPath + QLatin1String("/tools/zipalign"); #if defined(Q_OS_WIN32) zipAlignTool += QLatin1String(".exe"); @@ -2867,6 +2812,9 @@ bool signPackage(const Options &options) QLatin1String("%1 verify --verbose %2") .arg(shellQuote(apksignerTool), shellQuote(packagePath(options, SignedAPK))); + if (options.buildAAB && !signAAB(options)) + return false; + // Verify the package and remove the unsigned apk return apkSignerRunner() && QFile::remove(packagePath(options, UnsignedAPK)); } |