介绍签名的两种方式:
1、signapk.jar命令行方式:
如果你需要开发一个带有系统权限的app,往往需要配置SharedUserId,比如:
- </pre><pre name="code" class="html"><?xml version="1.0" encoding="utf-8"?>
- <manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.cxq.signdemo"
- android:sharedUserId="android.uid.shell">
- <application
- android:allowBackup="true"
- android:icon="@mipmap/ic_launcher"
- android:label="@string/app_name"
- android:supportsRtl="true"
- android:theme="@style/AppTheme">
- <activity android:name=".MainActivity">
- <intent-filter>
- <action android:name="android.intent.action.MAIN" />
- <category android:name="android.intent.category.LAUNCHER" />
- </intent-filter>
- </activity>
- </application>
此时,如果直接在AS中run,app是装不上的,需要先生成app,然后再使用系统文件对apk进行签名,
java -jar signapk.jar platform.x509.pem platform.pk8 signDemo.apk signDemo_signed.apk
虽然能够满足使用,但是作为开发者,不免会遇到需要调试的情况,然后这种离线的签名方式,就没法调试。。。严重影响了开发的效率。
2、在线自动打包签名的方式:
需要准备的文件:
keytool-importkeypair (下载),或者COPY下面脚本。
platform.x509.pem、platform.pk8(位于../build/target/product/security)
其本质的原理是给apk加上开发者签名(jks文件),使用keytool-importkeypair 对jks文件进行系统签名,在出包的时候,直接使用带有系统签名的jks对apk进行签名,这样编译生成的apk文件就自带系统签名了
1、使用keytool-importkeypair对jks文件引入系统签名
把platform.x509.pem、platform.pk8和上一部生成的jks文件统一放到一个文件夹下,比如我的是放在工程目录的signApk目录下
将下载好的keytool-importkeypair配置一下,其实主要就是配置一下环境变量,不熟悉的可以阅读官方文档,然后使用下面这条命令(需要在linux下,用windows的可以去在linux下生成jks,然后复制出新的jks回原目录也可以)对jks文件引入系统签名
./keytool-importkeypair -k [jks文件名] -p [jks的密码] -pk8 platform.pk8 -cert platform.x509.pem -alias [jks的别名]
例如我的对应的就是:
./keytool-importkeypair -k SignKitking.jks -p 123456 -pk8 platform.pk8 -cert platform.x509.pem -alias SignKitking
运行完这条命令之后,我们就得到了有系统签名的jks
2、配置gradle(app)
在在android区域下(与defaultConfig同级)添加signingConfigs配置:
依次填写jks的路径,密码,别名等
apply plugin: 'com.android.application' android { compileSdkVersion 22 buildToolsVersion "27.0.3" defaultConfig { applicationId "com.android.factorytest" } signingConfigs { release { storeFile file("../signApk/SignKitking.jks") storePassword '123456' keyAlias 'SignKitking' keyPassword '123456' } debug { storeFile file("../signApk/SignKitking.jks") storePassword '123456' keyAlias 'SignKitking' keyPassword '123456' } } buildTypes { release { minifyEnabled false proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt' } } } dependencies { implementation files('src/main/libs/classes.jar') implementation files('src/main/libs/upgrade_ja.jar') }
3、运行
经过以上配置之后,点击run,app就可以直接安装到目标机器上了
keytool-importkeypair脚本内容:
#! /bin/bash # # This file is part of keytool-importkeypair. # DEFAULT_KEYSTORE=$HOME/.keystore keystore=$DEFAULT_KEYSTORE pk8="" cert="" alias="" passphrase="" tmpdir="" scriptname=`basename $0` usage() { cat << EOF usage: ${scriptname} [-k keystore] [-p storepass] -pk8 pk8 -cert cert -alias key_alias This script is used to import a key/certificate pair into a Java keystore. If a keystore is not specified then the key pair is imported into ~/.keystore in the user's home directory. The passphrase can also be read from stdin. EOF } cleanup() { if [ ! -z "${tmpdir}" -a -d ${tmpdir} ]; then rm -fr ${tmpdir} fi } while [ $# -gt 0 ]; do case $1 in -p | --passphrase | -passphrase) passphrase=$2 shift 2 ;; -h | --help) usage exit 0 ;; -k | -keystore | --keystore) keystore=$2 shift 2 ;; -pk8 | --pk8 | -key | --key) pk8=$2 shift 2 ;; -cert | --cert | -pem | --pem) cert=$2 shift 2 ;; -a | -alias | --alias) alias=$2 shift 2 ;; *) echo "${scriptname}: Unknown option $1, exiting" 1>&2 usage exit 1 ;; esac done if [ -z "${pk8}" -o -z "${cert}" -o -z "${alias}" ]; then echo "${scriptname}: Missing option, exiting..." 1>&2 usage exit 1 fi for f in "${pk8}" "${cert}"; do if [ ! -f "$f" ]; then echo "${scriptname}: Can't find file $f, exiting..." 1>&2 exit 1 fi done if [ ! -f "${keystore}" ]; then storedir=`dirname "${keystore}"` if [ ! -d "${storedir}" -o ! -w "${storedir}" ]; then echo "${scriptname}: Can't access ${storedir}, exiting..." 1>&2 exit 1 fi fi # Create temp directory ofr key and pkcs12 bundle tmpdir=`mktemp -q -d "/tmp/${scriptname}.XXXX"` if [ $? -ne 0 ]; then echo "${scriptname}: Can't create temp directory, exiting..." 1>&2 exit 1 fi key="${tmpdir}/key" p12="${tmpdir}/p12" if [ -z "${passphrase}" ]; then # Request a passphrase read -p "Enter a passphrase: " -s passphrase echo "" fi # Convert PK8 to PEM KEY openssl pkcs8 -inform DER -nocrypt -in "${pk8}" -out "${key}" # Bundle CERT and KEY openssl pkcs12 -export -in "${cert}" -inkey "${key}" -out "${p12}" -password pass:"${passphrase}" -name "${alias}" # Print cert echo -n "Importing \"${alias}\" with " openssl x509 -noout -fingerprint -in "${cert}" # Import P12 in Keystore keytool -importkeystore -deststorepass "${passphrase}" -destkeystore "${keystore}" -srckeystore "${p12}" -srcstoretype PKCS12 -srcstorepass "${passphrase}" # Cleanup cleanup