Creating Release Keys and Signing Builds
来源:互联网 发布:软件功能模块设计文档 编辑:程序博客网 时间:2024/06/13 12:32
Introduction
Android requires that each application be signed with the developer's digital keys to enforce signature permissions and application request to use shared user ID or target process. For more information on the general Android security principles and signing requirements, see the Android Security and Permissions section in the Android Developer Guide). The core Android platform uses four keys to maintain security of core platform components:
- platform: a key for packages that are part of the core platform.
- shared: a key for things that are shared in the
home/contacts
process. - media: a key for packages that are part of the
media/download
system. - releasekey: the default key to sign with if not otherwise specified
These keys are used to sign applications separately for release images and are not used by the Android build system. The build system signs packages with the testkeys provided inbuild/target/product/security/
. Because the testkeys are part of the standard Android open source distribution, they should never be used for production devices. Instead, device manufacturers should generate their own private keys for shipping release builds.
Generating keys
A device manufacturer's keys for each product should be stored under vendor/<vendor_name>/security/<product_name>
, where<vendor_name>
and<product_name>
represent the manufacturer and product names. To simplify key creation, copy the script below to this directory in a file calledmkkey.sh
. To customize your keys, change the line that starts with AUTH to reflect the correct information for your company:
#!/bin/shAUTH='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'if [ "$1" == "" ]; then echo "Create a test certificate key." echo "Usage: $0 NAME" echo "Will generate NAME.pk8 and NAME.x509.pem" echo " $AUTH" exitfiopenssl genrsa -3 -out $1.pem 2048openssl req -new -x509 -key $1.pem -out $1.x509.pem -days 10000 \ -subj "$AUTH"echo "Please enter the password for this key:"openssl pkcs8 -in $1.pem -topk8 -outform DER -out $1.pk8 -passout stdin
mkkey.sh
is a helper script to generate the platform's keys. NOTE: the password you type will be visible in your terminal window. Note the passwords you use as you will need them to sign release builds.
To generate the required 4 platform keys, run mkkey.sh
four times specifying the key name and password for each:
sh mkkey.sh platform # enter passwordsh mkkey.sh media # enter passwordsh mkkey.sh shared # enter passwordsh mkkey.sh release # enter password
You should now have new keys for your product.
Signing a build for release
Signing a build for a release is a two-step process.
- Sign all the individual parts of the build.
- Put the parts back together into image files.
Signing applications
Use build/tools/releasetools/sign_target_files_apks
to sign a target_files
package. The target_files
package isn't built by default, you need to make sure to specify the "dist" target when you call make. For example:
make -j4 PRODUCT-<product_name>-user dist
The command above creates a a file under out/dist
called <product_name>-target_files.zip
. This is the file you need to pass to thesign_target_files_apks
script.
You would typically run the script like this:
./build/tools/releasetools/sign_target_files_apks -d vendor/<vendor_name>/security/<product_name> <product_name>-target_files.zip signed-target-files.zip
If you have prebuilt and pre-signed apk's in your build that you don't want re-signed, you must explicitly ignore them by adding-e Foo.apk=
to the command line for each apk you wish to ignore.
sign_target_files_apks
also has many other options that could be useful for signing release builds. Run it with-h
as the only option to see the full help.
Creating image files
Once you have signed-target-files.zip
, create the images so you can put it onto a device with the command below:
build/tools/releasetools/img_from_target_files signed-target-files.zip signed-img.zip
signed-img.zip
contains all the .img
files. You can usefastboot update signed-img.zip
to use fastboot to get them on the device.
from: http://www.kandroid.org/online-pdk/guide/release_keys.html
- Creating Release Keys and Signing Builds
- Creating Release Keys and Signing Builds
- Creating Release Keys and Signing Builds
- Creating Release Keys and Signing Builds
- Creating Release Keys and Signing Builds
- Using and Creating Builds
- Android官方资料--Signing Builds for Release
- dojo:creating builds
- Creating tables accelerator keys
- Linking different libraries for Debug and Release builds in Cmake on windows?
- Avoid hardcoding the debug mode; leaving it out allows debug and release builds to automatically a
- Avoid hardcoding the debug mode; leaving it out allows debug and release builds to automatically a
- Design Accessible Web Sites: 36 Keys to Creating Content for All Audiences and Platforms
- Unity3d and automated builds
- Sticky Keys, Toggle Keys and Filter Keys
- Partitioning Keys, Primary Keys, and Unique Keys
- Implementing and Promoting Daily Builds
- Source Code Tags and Builds
- Struts2.18标签--s:url详解
- CALayer中AnchorPoint 与 Position 的关系与区别
- AJAX中文乱码解决
- 微软将在10月26日发布下一代操作系统Windows 8
- c#各种时间转换
- Creating Release Keys and Signing Builds
- [java]Spring AOP
- 构造函数中,类的成员函数中出现了异常,析构函数能否正常调用
- Trace files
- 编程规范的作用
- Android读取assets目录下的资源
- hdu1240
- 让Python在Android系统上飞一会儿
- How to Customize UITabBar on iOS 5