今天昇級到cordova 5.0,但是原本使用ant.properties在APK簽名的方法卻失敗了。
指令「cordova build androird --release」仍然可以使用,但是沒有產生singer的apk。
在platforms\android\build\outputs\apk底下只有android-release-unsigned.apk,
而沒有android-release.apk,而且編譯的過程中也沒有出現輸入金鑰密碼的提示。
另一個方法是直接以JDK的工具jarsigner來將key加入apk中,語法如下:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore [KEYSTORE_NAME]
-signedjar [SIGNED_APK_NAME] [UNSIGNED_APK_FILE] [ALIAS_NAME]
例如keystore是mykey.keystore、Alias是mykey,與unsigned.apk在同一個目錄下:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1
-keystore mykey.keystore -signedjar release.apk unsigned.apk mykey
執行過程大致如下:
Enter Passphrase for keystore:
updating: META-INF/TWTNN02.SF
updating: META-INF/TWTNN02.RSA
signing: AndroidManifest.xml
signing: assets/_where-is-www.txt
signing: assets/www/cordova.js
(略…)
jar signed.
Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a times
tamp, users may not be able to validate this jar after the signer certificate's
expiration date (2097-06-26) or after any future revocation date.
上述流程完成後,應該就會產生簽名過的release.apk。
查詢簽名的release.apk,可以知道簽名的詳細訊息:
jarsigner -verify -verbose -certs release.apk
(略…)
sm 135608 Fri May 08 10:06:10 CST 2015 classes.dex
X.509, CN=mykey, O=Android, C=US
[certificate is valid from 2015/1/6 下午 2:16 to 2044/12/29 下午 2:16]
[CertPath not validated: Path does not chain with any of the trust anchors]
(略…)
最後再以Android SDK的工具zipalign來進行APK的優化,zipalign.exe的路徑在:
C:\[Android SDK安裝目錄]\sdk\build-tools\[版本]\
如果沒有找到build-tools或版本太低時,可以藉由Android SDK Manager來下載更新:
語法: zipalign -v 4 [APK_NAME] [NEW_APK_NAME]
例如:zipalign -v 4 release.apk release1.apk
查詢優化的結果:zipalign -c 4 release1.apk
(略…)
Verifying alignment of twtnn1.apk (4)...
50 META-INF/MANIFEST.MF (OK - compressed)
1043 META-INF/TWTNN02.SF (OK - compressed)
2140 META-INF/TWTNN02.RSA (OK - compressed)
3283 META-INF/TWTNN.SF (OK - compressed)
4378 META-INF/TWTNN.RSA (OK - compressed)
如上可得知,release1.apk已經過優化(OK - compressed)