Android build apk:控制MANIFEST.MF [英] Android build apk: control MANIFEST.MF

问题描述

Android 构建 apk:

Android build apk:

假设一个 apk 包含一个库 jar(例如 foo.jar)，它具有 META-INF/MANIFEST.MF，这对其功能很重要.但是在 APK 中有一个包含签名数据的 MANIFEST.MF，并且 lib jar MANIFEST.MF 丢失了.

Suppose an apk contains a library jar(e.g. foo.jar) that has META-INF/MANIFEST.MF, which is important for it to function. But in APK there is a MANIFEST.MF that contains signing data, and the lib jar MANIFEST.MF is lost.

APK
   META-INF/MANIFEST.MF

有没有办法给 MANIFEST.MF 添加更多的属性或将 lib jar MANIFEST.MF 合并到其中?

Is there a way to add more attributes to the MANIFEST.MF or merge lib jar MANIFEST.MF into it?

解压apk后，在MANIFEST.MF中添加一些属性并重新打包apk，

After unpacking apk, adding some attributes to MANIFEST.MF and repacking apk,

packageDebug {
   doLast {
      // add attributes to MANIFEST.MF
   }
}

错误:

Installation failed with message INSTALL_PARSE_FAILED_NO_CERTIFICATES: 
Failed to collect certificates from /data/app/vmdl1096113886.tmp/base.apk: 
META-INF/CERT.SF indicates /data/app/vmdl1096113886.tmp/base.apk is signed 
using APK Signature Scheme v2, but no such signature was found. Signature stripped?.

MANIFEST.MF 和 CERT.SF 都包含相同的摘要哈希.修改MANIFEST.MF后需要重新签名apk吗?MANIFEST.MF 本身没有摘要哈希.

both MANIFEST.MF and CERT.SF contain the same digest hash. Do I need to re-sign the apk after modifying MANIFEST.MF? There is no digest hash for MANIFEST.MF itself.

Scheme V2 签名应该在哪里?

where is the Scheme V2 signature supposed to be?

在apk签名之前有没有办法修改apk?packageDebug 的 doLast 为时已晚.

Is there a way to modify apk before the apk is signed? doLast of packageDebug is too late.

推荐答案

您应该查看 Android Gradle 插件的 packagingOptions 配置块.

You should check out the packagingOptions config block for Android Gradle plugin.

它基本上是一个可以以类似方式配置的 DSL 对象

It is basically a DSL object that can be configured in a similar way

android { 
    packagingOptions {
        excludes {
            pickfirsts = [/file1, ...]
            excludes = []
        }
    } 
}

查看文档

通常有一个默认过滤器可以排除第三方库的 META-INF 下的正则表达式(在上面的示例中，我们将其设置为空).

Usually there is a default filter that excludes a regex under META-INF for third-party libs(in the above example we're setting it to empty).

你的用例是什么?因为除了验证内容的完整性之外，我还没有遇到过需要查找 manifest.mf 的 jar.

What is your usecase though? since I haven't come across a jar that'd need to lookup manifest.mf except for validating the integrity of the contents.

是的，如果您重新打包 apk，则需要使用密钥库对其进行签名才能成功安装它.您可以选择使用 sdk 中构建工具中的 apksigner 使用 v2/v1 中的任一种(或针对面向较低 api 的应用程序)签名方案进行签名.

And yes if you re-package an apk, you need to sign it using a keystore to be able to successfully install it. You can choose to sign it with either of the v2/v1(or both for apps targeting a lower api) signing schemes using apksigner from build tools in your sdk.

虽然没有必要这样做(如果您在 buildscript 中设置了签名配置)，所以如果 packagingOptions 适合您.

Though there isn't a need to do(if you've setup signing configs in your buildscript) so if packagingOptions works for you.

这篇关于Android build apk:控制MANIFEST.MF的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！