I'm just wondering if step 4 is included in Corona's build process, or if you have to do it manually.
https://developer.android.com/tools/help/zipalign.html
[4.] Align the final APK package
Once you have signed the APK with your private key, run zipalign on the file. This tool ensures that all uncompressed data starts with a particular byte alignment, relative to the start of the file. Ensuring alignment at 4-byte boundaries provides a performance optimization when installed on a device. When aligned, the Android system is able to read files with mmap(), even if they contain binary data with alignment restrictions, rather than copying all of the data from the package. The benefit is a reduction in the amount of RAM consumed by the running application.
The zipalign tool is provided with the Android SDK, inside the tools/ directory. To align your signed APK, execute:
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
The -v flag turns on verbose output (optional). 4 is the byte-alignment (don't use anything other than 4). The first file argument is your signed .apk file (the input) and the second file is the destination .apk file (the output). If you're overriding an existing APK, add the -f flag.
Caution: Your input APK must be signed with your private key before you optimize the package with zipalign. If you sign it after using zipalign, it will undo the alignment.
For more information, read about the zipalign tool.
I think that both Corona and ADT build processes do alignment automatically.
The output from zipalign looks the same before and after alignment but I'm not sure what the output means exactly.
They both say "Verification succesful", and have either (OK) or (OK - compressed) after each file.
Also on http://developer.coronalabs.com/demo/2.0BetaGuide.pdf
It says:
"Also, you do not need to use jarsigner
or zipalign. "
I think that they left this sentence out of their official docs, it looks like it is only in the 2.0 Beta guide.
Related
Is there any option to set new icon for a signed PE executable in windows without re-signing it all over again?
This means that the icon image, although fully embedded into the PE file, won't change the hash value as it's appears in the file signature part.
perhaps there's a concept where one can sign only the code and data section of the file and avoid other parts ? or maybe there's an option to exclude unwanted parts from the signature cover ?
Maybe it's possible to place the icon somehow inside the certificate section itself which is created by SignTool, so that it would be excluded from signing?
thanks
No, the signTool provided by microsoft that is used to sign binary files is not able to partially sign files. And it wouldn't make much sense to sign a binary if anyone could just change the embedded resources - the application code might rely on the data in those resources. So if the resource's integrity is not covered by the signature, the executable code would also be untrusted, thus defeating the purpose of the signature.
A solution would be to externalize the resources, so it's not part of the signature. It just might be possible by specifying an external path to the icon in the application's manifest file - but I'm not sure.
I am not a Mac owner and am putting myself through a crash course to get up to speed (e.g., reading "Switching to the Mac"), to give you an indication of my current level of understanding. The access I have to a physical Mac is limited, so I am trying to connect as many dots as possible before my next session with my friend's computer.
I have: a file folder containing all resources needed for a self-contained application written with Java (OpenJDK 11, JavaFX 11). The JLINK tool was successfully used to create this file folder, and it holds all necessary Java libraries as well as the code I wrote for the application. The executable resides in a subfolder: /bin. The program runs perfectly well on the Mac when the executable is run.
I want: something that is easy to download, install and run.
I'm unclear about what needs to be done to get this. The road map seems to have two main steps:
the file folder needs to be converted into something that responds as if it were an application (e.g., a Bundle? or an .app?)
the resulting folder-as-executable can be shipped via either .dmg or .pkg
For the second part, I've researched and found tools such as Packages or create-dmg. It seems to me these tools are pretty straightforward and shouldn't be too difficult to learn to use. (Just have to pick one or the other or something similar.)
For the first part, I'm on shaky conceptual ground. I've found info about Bundles, but no tutorials, walk-throughs or examples. It looks like a key step is understanding how to make a proper Info.plist file, but doing this properly looks tricky. Also, I'm not clear on how the resulting Bundle will become an .app file or if it needs to, or if there is another, more direct way to make my file folder be viewed by the OS as an application.
Some hand-holding or references to tutorials or even assurance that I am on the right track (if that is the case) would be much appreciated. Thanks!
The Java Deployment guide from Oracle relies heavily on ANT, but doesn't cover the case of a self-contained, customized JVM via JLINK well enough for me to decipher. So, I've taken the approach of trying to learn/understand the necessary steps using command-line commands.
While creating a Bundle is certainly an option, there is an easier way.
Step one is to make an .app manually. An answer to this question: "How to make a Mac OS X .app with a shell script?" goes over the basic steps. The Java file system that results from jlinking has a folder /bin in which there is a bash file that runs the program. This file should be moved to the outermost folder, and it should be named the desired name of the application. The bash file itself will have to be edited and "/bin" added to the address in last command so that the executable will be found. In addition, the folder itself will have to be renamed to be the same as the bash file, but with .app added as an extension.
The next thing I wanted to have was a custom icon. The question "Include icon in manually created app bundle" shows how to do this.
For the next step I made use of the program "Packages". I'm a bit confused about where I downloaded this from (there seem to be multiple sites), but here is a link to the manual. This tool allowed me to create a .pkg file that, when executed, installs my .app in the Applications folder. Then I compressing the .pkg file (to .zip) and made it available at a URL for downloading.
I've had a friend do a test download and install, and the program works!
This isn't meant to be a complete tutorial, and there are a few steps more that I want to figure out pertaining to sandboxing and sealing, but I believe this is a reasonable roadmap that can be used for simpler jlinked Java applications for Mac distribution.
I'm building an OS X Installer package for a product. When it is run, the 'Select a Destination' pane has an 'Installing this software requires X MB of space' label. But I can run the same package twice on the same machine, and see the claimed usage vary from, i.e. 85 to 127 MB, neither of which is the actual ~65MB usage of the product.
How does Installer calculate required space?
The installer .pkg file contains several components:
the archive of files to install
a bill of materials (metadata listing all the installable files)
resources for the installation itself (images, scripts, etc)
an Info.plist containing version information and defaults
The bill of materials, or "BOM", contains information such as permissions, file sizes, checksum, and so on. When the installer runs for a package the very first time, the total of the file sizes listed in the BOM is used to estimate the required size. (If there are any shared components, this will obviously affect the total.)
After an installation is complete, the BOM is saved in the package receipts folder (/Library/Receipts/boms) as a record of what was installed. The lsbom utility can be used to inspect the contents of these files.
On subsequent installations of the same package (as determined by the package identifier), the BOM receipts are consulted to determine what files are already installed, and their total size. The existing unchanged files are totalled and subtracted from the new files to be installed, while updated files that need to replace older files are taken into account too. The pkgutil tool can be used to display information about installed packages.
So this is why the installation size estimate can vary across installations. New and existing files add to the total, while existing unchanged files subtract from the installation requirements.
Could the installer be including any other files (Frameworks, StartupItems, Drivers, etc) that your program uses in the file size? If so, then the changes in sizes you are experiencing may be due to you not having those files at one point, and having them at another?
Of course, I could be wrong =]
I may be wrong but I'm guessing it's an aproxamation set by you the developer. You would put something like "Installing this software requires 120 MB of Space"
I know that when I install a product on my mac, I see what it says it will take, and I see what is currently available, however I NEVER go in and actually check that the software used EXACTLY what it said it would. especially if it's only about 50MB.
I want to know what is the standard way of doing it.
currently I'm thinking in add a series of defines in a header file and inlcudie that file in the main resource file win win32 to update the version resource in win32 and in *nix make some global functions to return this information.
and in windows make the msi install file also reflect the same version.
That sounds like a reasonable way to do it. I don't think there IS a standard way of doing this; there aren't any real standards for version reporting that are cross-platform.
Since we wanted to avoid the overhead of changing a "version.cpp" or equivalent every time we hit build -- and thereby taking the time to do at least one compile and link -- we modify the binary after the build.
If you're outputting to e.g. ELF or PE format executables, you can use some basic knowledge of ELF or PE and a linker map to figure out what to replace, otherwise you can scan through the binary looking for a set pattern (we use something like static const char VERSION[] = "[VERSIONBLOCK xxxxxxxxxxxxx]";) and replace a portion (e.g. the xxxx part above) with relevant info:
build date and time
build machine
username
output of e.g. svnversion
Note that this won't work very well if your binaries are signed or compressed before this step, but usually you can engineer your build process so the signing/compressing happens after this step.
I'm sure a variant of this could be extended to hit the Win32 PE version metadata as well as any embedded version string.
My installer build "signs" a DLL using a Code Signing certificate during the build process.
I've noticed that if I try to build twice in succession, the second build fails because the DLL is already signed so signcode chokes. Obviously I can fix this by signing a copy of the DLL in the build, but the problem intrigued me:
Is it possible to "unsign" a DLL, and if not, why not...?
signtool remove /s C:\path\to.exe.or.dll
signtool is available in Windows SDK, and must be at least from Windows 8 SDK kit (version 6.2.9200.20789) to have the remove command supported.
You can use delcert.exe from the this XDA Forum post.
here is a small tool that strips (removes) digital sign (Authenticode)
from PE executable files like *.exe, *.dll, *.mui, etc.
It's fairly easy to remove the signature from a .dll file using the ImageRemoveCertificate API.
You don't have any language specified in your tags but this article shows how to implement it in C#. Remove digital signature from a file using C#
Other than that, if you are looking for a simple tool to do the work for you, you can use FileUnsigner.
Another possible option is to switch to the SignTool.exe. It comes with the Windows SDK and signing a binary that has already been signed does not generate an error. I use signtool.exe in my build process and haven't any difficulties with it, even when something is already signed.
Also, check out the question What's the main difference between signcode.exe and signtool.exe?
Sure it's possible, but not trivial.
Although it would be easier to save a copy of the presigned DLL.
This digital signature is little more than an extra section appended to the end of a PE file. You could write a program that deleted the signature, if you want.
It's not quite as simple as truncating the file; you have to remove references to the signature in the file header. It could get complicated if the DLL has multiple signatures and you just want to remove one.
The format of a PE file is publicly documented here
Check if your build tool supports "Re-signing". This should replace all existing signatures.
If not, you can use Stud_PE to remove the signature block.
Open the DLL or EXE in Stud_PE, go to the sections tab, right click the digital signature section and select "Delete section". However, this needs user interaction. Old versions of the tool could destroy the file.