make signapk strip other signatures
Change signapk to not propagate other signatures to the output
archive. Multiple signatures seem to confuse the package manager, as
we saw with Maps, and other partners are checking in prebuilt APKs for
google experience devices signed with random other things.
diff --git a/tools/signapk/SignApk.java b/tools/signapk/SignApk.java
index 340a9f5..fb55028 100644
--- a/tools/signapk/SignApk.java
+++ b/tools/signapk/SignApk.java
@@ -62,6 +62,7 @@
import java.util.jar.JarFile;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
+import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
@@ -75,6 +76,10 @@
private static final String CERT_SF_NAME = "META-INF/CERT.SF";
private static final String CERT_RSA_NAME = "META-INF/CERT.RSA";
+ // Files matching this pattern are not copied to the output.
+ private static Pattern stripPattern =
+ Pattern.compile("^META-INF/(.*)[.](SF|RSA|DSA)$");
+
private static X509Certificate readPublicKey(File file)
throws IOException, GeneralSecurityException {
FileInputStream input = new FileInputStream(file);
@@ -193,7 +198,9 @@
for (JarEntry entry: byName.values()) {
String name = entry.getName();
if (!entry.isDirectory() && !name.equals(JarFile.MANIFEST_NAME) &&
- !name.equals(CERT_SF_NAME) && !name.equals(CERT_RSA_NAME)) {
+ !name.equals(CERT_SF_NAME) && !name.equals(CERT_RSA_NAME) &&
+ (stripPattern == null ||
+ !stripPattern.matcher(name).matches())) {
InputStream data = jar.getInputStream(entry);
while ((num = data.read(buffer)) > 0) {
md.update(buffer, 0, num);