http://allstarschh.blogspot.com/2009/08/blog-post.html
這次要來看看 把Apk sign多個certificate的問題
雖然Apk是可以被多個certificate sign的
但是Android Group裡一直不建議用multiple certificates來sign
應該跟指定process(uid)有關就是了
在Android上的document寫
http://neacm.fe.up.pt/docs/android/guide/publishing/app-signing.html
When the system is installing an update to an application, if any of the certificates in the new version match any of the certificates in the old version, then the system allows the update
code就是在
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=blob;f=services/java/com/android/server/PackageManagerService.java;h=86504a095daf999724611f77ec6ba924dc744d7a;hb=refs/heads/eclair-release#l1349
要注意 s1是新的 s2是本來的
所以新的signature裡 只要有一個跟舊的signature中某一個match
就可以install了
不過這件code到froyo上就改了
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=blob;f=services/java/com/android/server/PackageManagerService.java;h=b70d69bab7d81c72e9a84a736befeeb455e61609;hb=refs/heads/froyo-release#l1853
變成用HashSet.equals
所以現在變成兩個apk的certificates要完全一樣(不按照順序)才能upgrade了
PS.
要sign multiple certificates的話應該要用jarsigner了
signapk.jar只能用固定的alias
http://android.git.kernel.org/?p=platform/build.git;a=blob;f=tools/signapk/SignApk.java;h=c4d73c8cfba5a7784b4ad9196e4a388ebd8920df;hb=HEAD#l76
No comments:
Post a Comment