1. 技术文章
  2. Android build apk: control MANIFEST.MF

Android build apk: control MANIFEST.MF

痞子三分冷 提交于 2020-02-02 11:22:25

问题


Android build apk:

Suppose an apk contains a library jar(e.g. foo.jar) that has META-INF/MANIFEST.MF, which is important for it to function. But in APK there is a MANIFEST.MF that contains signing data, and the lib jar MANIFEST.MF is lost.

APK
   META-INF/MANIFEST.MF

Is there a way to add more attributes to the MANIFEST.MF or merge lib jar MANIFEST.MF into it?

UPDATE

After unpacking apk, adding some attributes to MANIFEST.MF and repacking apk,

packageDebug {
   doLast {
      // add attributes to MANIFEST.MF
   }
}

error:

Installation failed with message INSTALL_PARSE_FAILED_NO_CERTIFICATES: 
Failed to collect certificates from /data/app/vmdl1096113886.tmp/base.apk: 
META-INF/CERT.SF indicates /data/app/vmdl1096113886.tmp/base.apk is signed 
using APK Signature Scheme v2, but no such signature was found. Signature stripped?.

both MANIFEST.MF and CERT.SF contain the same digest hash. Do I need to re-sign the apk after modifying MANIFEST.MF? There is no digest hash for MANIFEST.MF itself.

where is the Scheme V2 signature supposed to be?

Is there a way to modify apk before the apk is signed? doLast of packageDebug is too late.


回答1:


You should check out the packagingOptions config block for Android Gradle plugin.

It is basically a DSL object that can be configured in a similar way

android { 
    packagingOptions {
        excludes {
            pickfirsts = [/file1, ...]
            excludes = []
        }
    } 
}

Have a look at the documentation

Usually there is a default filter that excludes a regex under META-INF for third-party libs(in the above example we're setting it to empty).

What is your usecase though? since I haven't come across a jar that'd need to lookup manifest.mf except for validating the integrity of the contents.

And yes if you re-package an apk, you need to sign it using a keystore to be able to successfully install it. You can choose to sign it with either of the v2/v1(or both for apps targeting a lower api) signing schemes using apksigner from build tools in your sdk.

Though there isn't a need to do(if you've setup signing configs in your buildscript) so if packagingOptions works for you.



来源:https://stackoverflow.com/questions/45767328/android-build-apk-control-manifest-mf

标签
android
jar
apk
manifest
sign
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!