appium-boneyard/sign

Sign.jar automatically signs an apk with the Android test certificate.

Download

Step 1. Add the JitPack repository to your build file

Add it in your root settings.gradle at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url 'https://jitpack.io' }
		}
	}

Add it in your settings.gradle.kts at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url = uri("https://jitpack.io") }
		}
	}

Add to pom.xml

	<repositories>
		<repository>
		    <id>jitpack.io</id>
		    <url>https://jitpack.io</url>
		</repository>
	</repositories>

Add it in your build.sbt at the end of resolvers:

 
    resolvers += "jitpack" at "https://jitpack.io"

Add it in your project.clj at the end of repositories:

 
    :repositories [["jitpack" "https://jitpack.io"]]

Step 2. Add the dependency

	dependencies {
		implementation 'com.github.appium:sign:1.0'
	}
	dependencies {
		implementation("com.github.appium:sign:1.0")
	}
	<dependency>
	    <groupId>com.github.appium</groupId>
	    <artifactId>sign</artifactId>
	    <version>1.0</version>
	</dependency>

                            
    libraryDependencies += "com.github.appium" % "sign" % "1.0"
        
        

                            
    :dependencies [[com.github.appium/sign "1.0"]]

Readme

Apk Sign

Automatically sign an apk with the Android test certificate. The public and private keys are embedded within the jar.

Development

Building:

./build.sh

Testing:

./test.sh

Usage

  • sign my.apk

my.s.apk is created next to my.apk

  • sign my.apk --override

my.apk is replaced with a signed version

Verify signature.

jarsigner -verify my.s.apk

Release

New releases are published to GitHub automatically by CI agent. It is only necessary to push a new version tag to master:

git tag -a 1.0 -m 1.0
git push --tags origin master
git push --tags remote master

License

Released under the Apache 2.0 License (the same as Android's SignApk.java).

Based on the following AOSP 4.1.1 files & sources

https://github.com/android/platform_build/blob/master/tools/signapk/SignApk.java
http://androidxref.com/4.1.1/xref/build/tools/signapk/
http://androidxref.com/4.1.1/xref/build/tools/signapk/test/run
http://androidxref.com/4.1.1/xref/cts/tests/assets/otacerts.zip
http://androidxref.com/4.1.1/xref/external/quake/tools/packagesharedlib#11
http://androidxref.com/4.1.1/raw/build/target/product/security/testkey.pk8
http://androidxref.com/4.1.1/xref/build/target/product/security/

The following commands are equivalent.

sign my.apk

java -classpath sign.jar orig.SignApk testkey.x509.pem testkey.pk8 my.apk my.s.apk

java -jar SignApk.jar testkey.x509.pem testkey.pk8 my.apk my.s.apk

Similar Projects

ApkSign by Panxiaobo. dex2jar's ApkSign has many dependencies and does not fit into one source file. While the name ApkSign is similar to apks, no source from dex2jar is used in this project.

Tiny Sign by Panxiaobo. Simple jar signing that can run on Android.