Android构建APK:控制MANIFEST.MF [英] Android build apk: control MANIFEST.MF

问题描述

Android构建APK:

Android build apk:

假设apk包含一个具有META-INF/MANIFEST.MF的库jar(例如foo.jar)，这对于它的运行很重要.但是在APK中，有一个MANIFEST.MF包含签名数据，并且lib jar MANIFEST.MF丢失了.

Suppose an apk contains a library jar(e.g. foo.jar) that has META-INF/MANIFEST.MF, which is important for it to function. But in APK there is a MANIFEST.MF that contains signing data, and the lib jar MANIFEST.MF is lost.

APK
   META-INF/MANIFEST.MF

是否可以将更多属性添加到MANIFEST.MF或将lib jar MANIFEST.MF合并到其中?

Is there a way to add more attributes to the MANIFEST.MF or merge lib jar MANIFEST.MF into it?

解包apk后，向MANIFEST.MF添加一些属性并重新打包apk，

After unpacking apk, adding some attributes to MANIFEST.MF and repacking apk,

packageDebug {
   doLast {
      // add attributes to MANIFEST.MF
   }
}

错误:

Installation failed with message INSTALL_PARSE_FAILED_NO_CERTIFICATES: 
Failed to collect certificates from /data/app/vmdl1096113886.tmp/base.apk: 
META-INF/CERT.SF indicates /data/app/vmdl1096113886.tmp/base.apk is signed 
using APK Signature Scheme v2, but no such signature was found. Signature stripped?.

MANIFEST.MF和CERT.SF都包含相同的摘要哈希.修改MANIFEST.MF后是否需要重新签名apk? MANIFEST.MF本身没有摘要哈希.

both MANIFEST.MF and CERT.SF contain the same digest hash. Do I need to re-sign the apk after modifying MANIFEST.MF? There is no digest hash for MANIFEST.MF itself.

Scheme V2签名应该在哪里?

where is the Scheme V2 signature supposed to be?

是否可以在apk签名之前修改apk? packageDebug的doLast为时已晚.

Is there a way to modify apk before the apk is signed? doLast of packageDebug is too late.

推荐答案

您应该检出Android Gradle插件的packagingOptions配置块.

You should check out the packagingOptions config block for Android Gradle plugin.

基本上是一个DSL对象，可以通过类似的方式进行配置

It is basically a DSL object that can be configured in a similar way

android { 
    packagingOptions {
        excludes {
            pickfirsts = [/file1, ...]
            excludes = []
        }
    } 
}

看看文档

通常，默认过滤器会在META-INF下排除第三方libs的正则表达式(在上面的示例中，我们将其设置为空).

Usually there is a default filter that excludes a regex under META-INF for third-party libs(in the above example we're setting it to empty).

您的用例是什么?因为除了验证内容的完整性之外，我没有遇到需要查找manifest.mf的jar.

What is your usecase though? since I haven't come across a jar that'd need to lookup manifest.mf except for validating the integrity of the contents.

是的，如果您重新打包apk，则需要使用密钥库对其进行签名才能成功安装.您可以使用sdk中构建工具中的apksigner选择使用v2/v1(或针对较低api的应用都使用)v2/v1签名方案进行签名.

And yes if you re-package an apk, you need to sign it using a keystore to be able to successfully install it. You can choose to sign it with either of the v2/v1(or both for apps targeting a lower api) signing schemes using apksigner from build tools in your sdk.

虽然没有必要这样做(如果您已经在buildscript中设置了签名配置)，那么packagingOptions是否适合您.

Though there isn't a need to do(if you've setup signing configs in your buildscript) so if packagingOptions works for you.

这篇关于Android构建APK:控制MANIFEST.MF的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！