The origin of

As an Android developer, you must encounter too many channels package, a lot of channel packages out, to reinforce, after reinforcement also need to re-sign the situation, some friends to say, is a few command things, so easy. But I as a lazy person, also in order to lose a few hair, I am too lazy to do a few orders. I took some time to write a reinforced and signed script and shared it briefly.

  • Plugin provides 360 and Tencent Legu script, Legu reinforcement at the same time using Ali Cloud, this is modified according to the actual situation

Start with a brief overview of the project structure and configuration

  • The directory structure
  • Channel and buildType configurations, modified as needed
/ / configuration signature, the signature of the information such as password in/keystore/signconfig. / / here in the properties configuration, SigningConfigs {Properties Properties = new Properties() properties.load(new FileInputStream(rootProject.projectDir.absolutePath +"/keystore/signconfig.properties"))

        release {
            keyAlias properties.getProperty("ALIAS")
            keyPassword properties.getProperty("KEY_PASS")
            storeFile file(properties.getProperty("KEYSTORE"))
            storePassword properties.getProperty("STORE_PASS"}} // If you want to build a new build, you can install a new build with a new build. If you want to build a new build with a new build, you can install a new build with a new build. // debugMinify--> Test package, like formal package, confuse reinforcement, but enable debugging buildTypes {debug {applicationIdSuffix'.debug'
            debuggable true
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            manifestPlaceholders = [
                    APP_NAME: "@string/app_name_dev",
            ]
        }
        debugMinify {
            applicationIdSuffix '.debug'
            zipAlignEnabled true
            shrinkResources true
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            signingConfig signingConfigs.release
            manifestPlaceholders = [
                    APP_NAME: "@string/app_name_debug",
            ]
        }
        release {
            zipAlignEnabled true
            shrinkResources true
            minifyEnabled true
            debuggable false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            signingConfig signingConfigs.release
            manifestPlaceholders = [
                    APP_NAME: "@string/app_name",]}} // Huawei and Tencent two channels flavorDimensions'app'
    productFlavors {
        huawei {
            dimension 'app'
        }
        tx {
            dimension 'app'}}Copy the code

The preparatory work

  • The first is the signature script, which simply encapsulates the apksigner command
#! /bin/sh
keystore=The $1
alias=$2
storePass=$3
keypass=$4

output=A $5 # output address
origin=$6 # original APK addressjarPath=.. /reinforce/signature/lib/apksigner.jarV1 +v2 signature
java -jar ${jarPath} sign --ks "${keystore}" --ks-key-alias "${alias}" --ks-pass pass:"${storePass}" --key-pass pass:"${keypass}" --out "${output}" "${origin}"

Verify signature
#java -jar ${jarPath} verify -v "${output}"

rm -f "$origin"
Copy the code
  • Create plug-in module, many online tutorials, here is no nonsense. Once you’ve created it, apply it to your project’s build file, for example:
apply plugin: 'com.yu1tiao.reinforce'
Copy the code

Next, upload the plug-in code

  • ReinforcePlugin
class ReinforcePlugin implements Plugin<Project> { private Project project ReinforceExtension360 m360Extension ReinforceExtensionLegu mLeguExtension @Override void apply(Project project) { this.project = project // First reads two strengthening and solid reinforcement configuration file m360Extension = 360 project. The extensions. Create ("reinforceConfig360", ReinforceExtension360)
        mLeguExtension = project.extensions.create("reinforceConfigLegu", ReinforceExtensionLegu) project. AfterEvaluate {project. Android. ApplicationVariants. All {variant - > / / traverse all variants, Find signature information and name def flavorName. = the variant flavorName def buildTypeName. = the variant buildType. The getName () def signConfig = Varie.getsigningconfig () varie.outputs. Each {String outputFilePath = it.getOutputFile().absolutePath  println"outputFilePath = ${outputFilePath}"Def assembleTask = project.tasks. Find {it. Name =="assemble${Util.toUpperFirstChar(flavorName)}${Util.toUpperFirstChar(buildTypeName)}"Create360Task (it, signConfig, assembleTask, outputFilePath) createLeguTask(it, signConfig, assembleTask, outputFilePath) } } } } private void createLeguTask(output, signConfig, assembleTask, apkPath) { def subName = assembleTask.name.replace("assemble"."")
        def taskName = "_leguJiagu${subName}"ReinforceTaskLegu leguTask = project.tasks.create(taskName, ReinforceTaskLegu) leguTask.secretId = mLeguExtension.secretId leguTask.secretKey = mLeguExtension.secretKey leguTask.endPoint = mLeguExtension.endPoint leguTask.accessKeyId = mLeguExtension.accessKeyId leguTask.accessKeySecret =  mLeguExtension.accessKeySecret leguTask.bucketName = mLeguExtension.bucketName leguTask.apkPath = apkPath leguTask.signingConfig = signConfig leguTask.dependsOn(assembleTask) println"To create${taskName}The completion of"
    }

    private void create360Task(output, signConfig, assembleTask, apkPath) {

        def subName = assembleTask.name.replace("assemble"."")
        def taskName = "_360Jiagu${subName}"

        ReinforceTask360 m360Task = project.tasks.create(taskName, ReinforceTask360)
        m360Task.signingConfig = signConfig
        m360Task.account = m360Extension.account
        m360Task.password = m360Extension.password
        m360Task.apkPath = apkPath

        m360Task.dependsOn(assembleTask)
        println "To create${taskName}The completion of"}}Copy the code
  • Key methods of reinforcing task
    void doReinforceAndSign() {
        def rootDir = project.rootProject.projectDir.absolutePath
        def jarPath = rootDir + "/reinforce/jiagu/jiagu.jar"
        println "360 reinforce jarPath = ${jarPath}"// the output is a directory path, (jarPath, apkPath, account, password) def output = project.file(dir).listFiles().find { it.getName().contains("jiagu"AbsolutePath // Call the signed scriptif (Util.isNotEmpty(output)) {
            def signShellPath = rootDir + "/reinforce/signature/apksigner.sh"
            println "sign shell path = ${signShellPath}"
            Util.signApk(output, signShellPath, signingConfig)
        } else {
            println '360 hardened APK not found! 'C: mandatory // c: mandatory // c: mandatory //pwd) {
        println "Start 360 hardening ->> apkPath =${apkPath}"

        def outputDir = new File(apkPath).getParentFile().absolutePath
        Util.doCommand('java -jar ' + jarPath + ' -login ' + account + ' ' + pwd)
        Util.doCommand('java -jar ' + jarPath + ' -jiagu ' + apkPath + ' ' + outputDir)

        println "360 Hardening complete ->> outputDir =${outputDir}"

        return outputDir
    }
Copy the code
  • Le Gu code will not be posted, very simple, we can see the project

Next, configure 360 and Legu account information in build

reinforceConfig360 {
    account = "xxx"
    password = "xxx"Mandatory {// Install secretId ='xxx'
    secretKey = 'xxx'// Aliyun configure endPoint ='xxx'
    accessKeyId = 'xxx'
    accessKeySecret = 'xxx'
    bucketName = 'xxx'
}
Copy the code

The last

Click the Sync button to generate the corresponding task. Click the sync button to automatically harden the signature. It can also be configured to Jekins to automatically trigger the hardening task.

Summarize the process

  • 360
    • Invoke jar command for hardening
    • The signature again
  • Le solid
    • Upload APK to Ali Cloud (or other cloud servers, as long as the download address is generated, Legu background will download and consolidate)
    • Invoking SDK Hardening
    • Download the hardened APK
    • The signature again

Detail code –>The project address