scripts to make apks reproducible
Project description
reproducible-apk-tools
scripts to make apks reproducible
fix-newlines.py
If the signed APK was built on Windows and has e.g. META-INF/services/
files
with CRLF line endings whereas the unsigned APK was build on Linux/macOS and has
LF line endings, this script may help.
$ fix-newlines.py --help
Usage: fix-newlines.py [--from-crlf] [--verbose] INPUT_APK OUTPUT_APK PATTERN...
$ apksigcopier compare signed.apk --unsigned unsigned.apk
DOES NOT VERIFY
[...]
$ fix-newlines.py unsigned.apk fixed.apk 'META-INF/services/*'
fixing 'META-INF/services/foo'...
fixing 'META-INF/services/bar'...
$ zipalign -f 4 fixed.apk fixed-aligned.apk
$ apksigcopier compare signed.apk --unsigned fixed-aligned.apk && echo OK
OK
sort-apk.py
Sorts (and w/o --no-realign
also realigns) the ZIP entries of an APK.
$ sort-apk.py --help
Usage: sort-apk.py [--no-realign] [--no-force-align] INPUT_APK OUTPUT_APK
$ unzip -l some.apk
Archive: some.apk
Length Date Time Name
--------- ---------- ----- ----
6 2017-05-15 11:24 lib/armeabi/fake.so
1672 2009-01-01 00:00 AndroidManifest.xml
896 2009-01-01 00:00 resources.arsc
1536 2009-01-01 00:00 classes.dex
--------- -------
4110 4 files
$ sort-apk.py some.apk sorted.apk
$ unzip -l sorted.apk
Archive: sorted.apk
Length Date Time Name
--------- ---------- ----- ----
1672 2009-01-01 00:00 AndroidManifest.xml
1536 2009-01-01 00:00 classes.dex
6 2017-05-15 11:24 lib/armeabi/fake.so
896 2009-01-01 00:00 resources.arsc
--------- -------
4110 4 files
CLI
NB: you can just use the scripts stand-alone; alternatively, you can install the
repro-apk
Python package and use them as subcommands of repro-apk
:
$ repro-apk fix-newlines unsigned.apk fixed.apk 'META-INF/services/*'
$ repro-apk sort-apk some.apk sorted.apk
Help
$ repro-apk --help
$ repro-apk fix-newlines --help
$ repro-apk sort-apk --help
Installing
Using pip
$ pip install repro-apk
NB: depending on your system you may need to use e.g. pip3 --user
instead of just pip
.
From git
NB: this installs the latest development version, not the latest release.
$ git clone https://github.com/obfusk/reproducible-apk-tools.git
$ cd reproducible-apk-tools
$ pip install -e .
NB: you may need to add e.g. ~/.local/bin
to your $PATH
in order
to run repro-apk
.
To update to the latest development version:
$ cd reproducible-apk-tools
$ git pull --rebase
Dependencies
- Python >= 3.8 + click (
repro-apk
package only, the stand-alone scripts have no dependencies besides Python).
Debian/Ubuntu
$ apt install python3-click
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for repro_apk-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1a3066fc40a5c78199067e7cfbc25a757f11e20cd65daaddac161101a99181e7 |
|
MD5 | 0a1cfb3ac86c2f73bdea3cb77e46f652 |
|
BLAKE2b-256 | 1924d2e958e0af3913379ee2fcad05b64948945c51adcf5c3749be1dd3fe11fb |