有同事反馈集成apk时安装失败
PackageManager: Failed to scan /product/app/test: No APK Signature Scheme v2 signature in package /product/app/test/test.apk
查看编译后的apk签名信息
DOES NOT VERIFY
ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.SF indicates the APK is signed using APK Signature Scheme v2 but no such signature was found. Signature stripped?
但是用命令查看我的apk是正常的apksigner verify -v test.apk | grep Verified
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v3.1 scheme (APK Signature Scheme v3.1): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
那么应该是编译过程做了某些变动。
解决办法
通过预编译的方法
android_app_import {name: "test",apk: "test.apk",// 保留apk自己的签名presigned: true,preprocessed: true,// 打开将放到对应分区目录的priv-app文件夹下// privileged: true,// 打开将放到system_ext分区// system_ext_specific: true,// 打开将放到product分区// product_specific: true,// 打开将放到vendor分区// proprietary: true,// odm分区// device_specific: true// apk优化,内置三方apk时建议关闭dex_preopt: {enabled: false,},
}
在安卓15上新增了app_import.go - OpenGrok cross reference for /build/soong/java/app_import.go
validatePresignedApk检测
如果加了presigned,但不加preprocessed,同时targetSdk大于等于30就会编译报错,更加方便开发者定位问题:
[100% 5/5 0s remaining] Check presigned apkFAILED: out/soong/.intermediates/packages/test/test/android_common/validated-prebuilt/check.stampbuild/soong/scripts/check_prebuilt_presigned_apk.py --aapt2 out/host/linux-x86/bin/aapt2 --zipalign out/host/linux-x86/bin/zipalign packages/test/test.apk out/soong/.intermediates/packages/test/test/android_common/validated-prebuilt/check.stamppackages/test/test.apk: Prebuilt, presigned apks with targetSdkVersion >= 30 (or a codename targetSdkVersion) must set preprocessed: true in the Android.bp definition (because they must be signed with signature v2, and the build system would wreck that signature otherwise)
另外apk里面的so不能压缩,否则会报错
FAILED: out/soong/.intermediates/packages/test/test/android_common/validated-prebuilt/check.stamp
build/soong/scripts/check_prebuilt_presigned_apk.py --aapt2 out/host/linux-x86/bin/aapt2 --zipalign out/host/linux-x86/bin/zipalign --preprocessed packages/test/test.apk out/soong/.intermediates/packages/test/test/android_common/validated-prebuilt/check.stamp
packages/test/test.apk: Contains compressed JNI libraries
因为安卓6开始支持直接加载apk里面的so,如果压缩的话,预编译会在apk内部进行解压,那么就会破坏apk签名。
其实,如果apk的minSdkVersion >= 23 并且 Android Gradle plugin >= 3.6.0情况下,打包时android:extractNativeLibs=false,apk的so默认是不压缩的。
在minSdkVersion < 23 或 Android Gradle plugin < 3.6.0情况下,打包时 android:extractNativeLibs=true,apk的so默认是压缩的。
参考:https://juejin.cn/post/6943920550125420558
Android13解决android_app_import内置第三方APK安装失败问题_but no such signature was found. signature strippe-CSDN博客
浅谈extractNativeLibs
通过直接拷贝的方法
参考:https://blog.csdn.net/wangwei6227/article/details/123727372
同样要注意apk so的压缩问题,如果是压缩过的,必须提取出来,并拷贝到apk机器目录。
可能遇到的selinux权限问题
01-01 12:00:39.520000 5326 5326 W om.skype.raider: type=1400 audit(0.0:64): avc: denied { read } for name=“libSkypeAndroid.so” dev=“mmcblk0p22” ino=770074 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
#====================== untrusted_app.te ======================
allow untrusted_app system_data_file:file r_file_perms;
参考:采用Signature Scheme v2签名方式的APK预置失败