一、背景
自己或者客户的第三方apk需要用到很多系统权限,所以要内置到系统目录下,变成系统自带的APP,如果不用系统文件生成的签名安装,会导致APP远程更新失败提示签名错误。
二、环境准备
1.Ubuntu系统(推荐1804版本及以上)
-
安装JAVA-JDK11(如果已经有可以跳过)
先检查JDK版本,不是11的话往下看
java -version运行下面的命令安装Jdk11,要选择的地方选择Y,等待安装完成即可
sudo apt install openjdk-11-jdk
2.Android系统源码一套
需要用到源码根目录以下几个文件
- signapk.jar(系统路径:/prebuilts/sdk/tools/lib/signapk.jar)
- libconscrypt_openjdk_jni.so (系统路径:/out/soong/host/linux-x86/lib64/libconscrypt_openjdk_jni.so)
- platform.pk8 (系统路径:build/target/product/security)
- platform.x509.pem (系统路径:build/target/product/security)
另外需要准备不带签名的第三方APK文件
- Test.apk
3.操作步骤
-
将第2步的libconscrypt_openjdk_jni.so文件改名为:conscrypt_openjdk_jni-windows-x86_64.so
-
在ubuntu新建一个文件夹apk_sign,将第2步列举的文件都放进去
-
执行命令
java -Djava.library.path=. -jar signapk.jar platform.x509.pem platform.pk8 Test.apk signed.apk这步会生成一个文件叫signed.apk,就是已经完成系统签名的APK,但是这个是一次性的,下面继续介绍生成证书的步骤
-
依次执行下面的命令
1.生成shared.priv.pem 文件openssl pkcs8 -in platform.pk8 -inform DER -outform PEM -out shared.priv.pem -nocrypt2.生成shared.pk12文件
openssl pkcs12 -export -in platform.x509.pem -inkey shared.priv.pem -out shared.pk12 -name bubble3.生成jks 或者 keystone文件
keytool -importkeystore -deststorepass android -destkeypass android -destkeystore bubble.jks -srckeystore shared.pk12 -srcstoretype PKCS12 -srcstorepass android -alias bubble生成的bundle.jks拷贝到app源代码目录下,并在app文件夹下面的build.gradle加入以下配置
android{
signingConfigs {
release {
keyAlias 'bubble'
keyPassword 'android'
storePassword 'android'
storeFile file('../keystore/bubble.jks')
}
}
}
编译生成的APK就可以放到系统目录下正常使用了
三、报错提示
- 没有openssl环境
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34)
at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119)
at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220)
at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216)
at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94)
at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at com.android.signapk.SignApk.readPublicKey(SignApk.java:184)
at com.android.signapk.SignApk.main(SignApk.java:1007)
Caused by: java.lang.IllegalArgumentException: Failed to load any of the given libraries: [conscrypt_openjdk_jni-linux-x86_64, conscrypt_openjdk_jni-linux-x86_64-fedora, conscrypt_openjdk_jni]
at org.conscrypt.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:160)
at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:49)
at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:53)
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34)
at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119)
at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220)
at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216)
at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94)
at org.conscrypt.OpenSSLX509Certificat
- JDK版本不对,升级到1.8+,推荐11
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError:
com/android/signapk/SignApk has been
compiled by a more recent version of the Java Runtime (class file version 53.0),
this version of the Java Runtime only recognizes class file versions up to 52.0
- 缺少conscrypt_openjdk_jni-windows-x86_64.so文件(系统文件libconscrypt_openjdk_jni.so改名而来)
Exception in thread "main" java.lang.UnsatisfiedLinkError:
no conscrypt_openjdk_jni-linux-x86_64 in java.library.path:
[/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib, /usr/lib]
参考连接
