diff options
27 files changed, 377 insertions, 132 deletions
@@ -80,5 +80,6 @@ jniLibs app/ovpnlibs app/.externalNativeBuild releases +currentReleases go/golang/go
\ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c044c673..65ae0a25 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -104,7 +104,7 @@ build: script: - ./cleanProject.sh - ./build_deps.sh >> build_deps.log 2>&1 - - ./gradlew clean assembleDebug --stacktrace >> build.log 2>&1 + - ./gradlew clean assembleNormalProductionFatDebug --stacktrace >> build.log 2>&1 artifacts: paths: - app/build/outputs/ @@ -121,6 +121,7 @@ build_release: artifacts: paths: - app/build/outputs/ + - currentReleases/ - normalRelease.log when: always expire_in: 1 week @@ -134,6 +135,7 @@ build_fdroid_beta_release: artifacts: paths: - app/build/outputs/ + - currentReleases/ - normalBeta.log when: always expire_in: 1 week @@ -143,10 +145,11 @@ build_custom_release: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./prepareForDistribution.sh build -no-tag -custom RiseupVPN >> customRelease.log 2>&1 + - ./prepareForDistribution.sh build -no-tag -custom >> customRelease.log 2>&1 artifacts: paths: - app/build/outputs/ + - currentReleases/ - customRelease.log when: always expire_in: 1 week @@ -156,10 +159,11 @@ build_fdroid_custom_beta_release: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./prepareForDistribution.sh build -no-tag -beta -custom RiseupVPN >> customBeta.log 2>&1 + - ./prepareForDistribution.sh build -no-tag -beta -custom >> customBeta.log 2>&1 artifacts: paths: - app/build/outputs/ + - currentReleases/ - customBeta.log when: always expire_in: 1 week diff --git a/app/build.gradle b/app/build.gradle index 7e4a6e03..0726cca8 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -56,10 +56,11 @@ android { } } - flavorDimensions "branding", "implementation" + flavorDimensions "branding", "implementation", "abi" productFlavors { productFlavors.all { - ext.appName = null; + ext.appName = null + ext.splitApk = false } production { dimension "implementation" @@ -67,12 +68,13 @@ android { insecure { dimension "implementation" } + normal { dimension "branding" appName = "Bitmask" + splitApk = true } - custom { dimension "branding" @@ -106,10 +108,69 @@ android { //The duration in days to trigger the donation reminder buildConfigField 'int', 'donation_reminder_duration', '30' + // Build apks for each architecture, in addition to one 'fat' apk containing libraries for all all architectures + // enable this if you're publishing in gplay + ext { + splitApk = false + } + //************************************************************************** //************************************************************************** } + + + fat { + dimension "abi" + ext { + abiVersionCode = 0 + abiFilter = "" + } + } + + x86 { + dimension "abi" + ndk { + abiFilters "x86" + } + ext { + abiVersionCode = 1 + abiFilter = "x86" + } + } + + armv7 { + dimension "abi" + ndk { + abiFilters "armeabi-v7a" + } + ext { + abiVersionCode = 2 + abiFilter = "armeabi-v7a" + } + } + + x86_64 { + dimension "abi" + ndk { + abiFilters "x86_64" + } + ext { + abiVersionCode = 3 + abiFilter = "x86_64" + } + } + + arm64 { + dimension "abi" + ndk { + abiFilters "arm64-v8a" + } + ext { + abiVersionCode = 4 + abiFilter = "arm64-v8a" + } + } } buildTypes { @@ -120,6 +181,8 @@ android { //runProguard true if(signingConfigs.contains(release)) signingConfig signingConfigs.release.isSigningReady() ? signingConfigs.release : signingConfigs.debug + //minifyEnabled = true + //shrinkResources true } beta { initWith release @@ -159,8 +222,61 @@ android { java.srcDirs += ['src/sharedTest/java'] } } + + /** + * BUILD VARAIANTS: + * ================= + * Development builds: + * -------------------- + * customProductionFatDebug -> branded development build, includes all ABIs + * normalProductionFatDebug -> Bitmask development build, includes all ABIS + * customInsecureFatDebug -> branded development build, doesn't checks certificates (for test server setup w/o valid certificates), includes all ABIs + * normalInsecureFatDebug -> Bitmask development build, doesn't checks certificates (for test server setup w/o valid certificates), includes all ABIs + * + * Branded Releases: + * ----------------- + * customProductionFatBeta -> branded build, includes all ABI's, Beta release + * customProductionFatRelease -> branded build, includes all ABI's, stable release (-> F-Droid, GPlay if not splitApk is set to true) + * + * Bitmask Beta releases: + * ---------------------- + * normalProductionArm64Beta -> Bitmask build, only for ABI arm64, for GPlay Beta channel with split apks (1 of 4) + * normalProductionArmv7Beta -> Bitmask build, only for ABI armeabi-v7a, for GPlay Beta channel with split apks (2 of 4) + * normalProductionX86Beta -> Bitmask build, only for ABI x86, for GPlay Beta channel with split apks (3 of 4) + * normalProductionX86_64Beta -> Bitmask build, only for ABI x86 64 bit, for GPlay Beta channel with split apks (4 of 4) + * normalProductionFatBeta -> Bitmask build, including all ABIS, for izzysoft's F-Droid repo and beta link on download page + * + * Bitmask Stable releases: + * ------------------------ + * normalProductionArm64Release -> Bitmask build, only for ABI arm64, for GPlay releases with split apks (1 of 4) + * normalProductionArmv7Release -> Bitmask build, only for ABI armeabi-v7a, for GPlay releases with split apks (2 of 4) + * normalProductionX86Release -> Bitmask build, only for ABI x86, for GPlay releases with split apks (3 of 4) + * normalProductionX86_64Release -> Bitmask build, only for ABI x86 64 bit, for GPlay releases with split apks (4 of 4) + * normalProductionFatRelease -> Bitmask build, including all ABIS, for official F-Droid repo and stable link on download page + */ + + variantFilter { variant -> + + def names = variant.flavors*.name + def buildTypeName = variant.buildType.name + // flavorDimensions "branding" -> 0, "implementation" -> 1, "abi" -> 2 + def supportsSplitApk = variant.flavors[0].splitApk + // To check for a certain build type, use variant.buildType.name == "<buildType>" + if (((names.contains("insecure") && !names.contains("fat")) || + (names.contains("insecure") && buildTypeName.contains("beta")) || + (names.contains("insecure") && buildTypeName.contains("release")) || + (buildTypeName.contains("debug") && !names.contains("fat")) || + (!supportsSplitApk && !names.contains("fat"))) + ) { + // Gradle ignores any variants that satisfy the conditions above. + setIgnore(true) + } + } } + + + dependencies { testImplementation 'junit:junit:4.12' //outdated mockito-core version due to powermock dependency @@ -205,11 +321,48 @@ dependencies { } android.applicationVariants.all { variant -> + // configure app name and apk file name for different build variants def flavors = variant.productFlavors - // flavorDimensions "branding" -> 0, "implementation" -> 1 + // flavorDimensions "branding" -> 0, "implementation" -> 1, "abi" -> 2 def branding = flavors[0] + def trimmedAppName = branding.appName.replaceAll(' ', '') + def abiDimension = flavors[2] + def abiFilter = abiDimension.abiFilter + if (abiFilter.length() > 0) { + abiFilter = "_"+abiFilter + } def buildType = variant.buildType + def tag = getTag() + if (tag.length() > 0) { + tag = "_"+tag + } + variant.resValue "string", "app_name", "\"${branding.appName}${buildType.appSuffix}\"" + + variant.outputs.all { output -> + output.outputFileName = "${trimmedAppName}${abiFilter}_${buildType.name}${tag}.apk" + } + + // reconfigure version codes for split builds + variant.outputs.each { output -> + // if not a fat build + if (abiDimension.abiVersionCode > 0) { + output.versionCodeOverride = android.defaultConfig.versionCode * 1000 + abiDimension.abiVersionCode + } + } + + // remove unrelated abi specific assets + variant.mergeAssets.doLast { + // if not a fat build + if (abiDimension.abiVersionCode > 0) { + def filesToDelete = fileTree(dir: variant.mergeAssets.outputDir, excludes: ["*pie_openvpn.${abiDimension.abiFilter}", + 'urls/', + '*.url', + '*.json', + '*.pem']) + delete(filesToDelete) + } + } } @@ -334,7 +487,7 @@ def removeDuplicatedStrings() { def replaceDuplicatesForSource(File it, String type) { def ics_openvpn_file = file(it.absolutePath.replace(type+'.xml', type+'-icsopenvpn.xml')) if(ics_openvpn_file.exists()) { - def ics_openvpn_strings_names = (new XmlParser()).parse(ics_openvpn_file) + def ics_openvpn_strings_names = new XmlParser().parse(ics_openvpn_file) def current_file = it ics_openvpn_strings_names.string.each { @@ -381,11 +534,11 @@ task mergeUntranslatable(dependsOn: 'copyIcsOpenVPNFiles', type: Copy ) { task copyIcsOpenVPNFiles(dependsOn: 'updateIcsOpenVpn') { println "copyIcsOpenVPNFiles" -/* copyIcsOpenVPNClasses + copyIcsOpenVPNClasses copyIcsOpenVPNXml copyIcsOpenVPNImages //mergeUntranslatable.execute() - removeDuplicatedStrings()*/ + removeDuplicatedStrings() } task updateIcsOpenVpn( type: Exec ) { @@ -394,6 +547,11 @@ task updateIcsOpenVpn( type: Exec ) { } +def getTag() { + String commit = "git log --pretty=format:'%h' -n 1".execute().text.trim().replaceAll("'", "") + return ("git describe --tags --exact-match "+ commit).execute().text.trim() +} + task cleanNative( type: Delete ) { def shouldClean = getCurrentFlavorForBetaOrRelease() == "production" @@ -431,4 +589,4 @@ def getCurrentFlavorForBetaOrRelease() { { return ""; } -}
\ No newline at end of file +} diff --git a/app/src/custom/res/drawable-land/background_main.png b/app/src/custom/res/drawable-land/background_main.png Binary files differdeleted file mode 100644 index ce11f5b4..00000000 --- a/app/src/custom/res/drawable-land/background_main.png +++ /dev/null diff --git a/app/src/custom/res/drawable-land/background_main.webp b/app/src/custom/res/drawable-land/background_main.webp Binary files differnew file mode 100644 index 00000000..c28c2183 --- /dev/null +++ b/app/src/custom/res/drawable-land/background_main.webp diff --git a/app/src/custom/res/drawable-land/ic_splash_background.png b/app/src/custom/res/drawable-land/ic_splash_background.png Binary files differdeleted file mode 100644 index 09103e4b..00000000 --- a/app/src/custom/res/drawable-land/ic_splash_background.png +++ /dev/null diff --git a/app/src/custom/res/drawable-land/ic_splash_background.webp b/app/src/custom/res/drawable-land/ic_splash_background.webp Binary files differnew file mode 100644 index 00000000..f939c114 --- /dev/null +++ b/app/src/custom/res/drawable-land/ic_splash_background.webp diff --git a/app/src/custom/res/drawable-sw600dp-port/background_main.png b/app/src/custom/res/drawable-sw600dp-port/background_main.png Binary files differdeleted file mode 100644 index 23c7ffa6..00000000 --- a/app/src/custom/res/drawable-sw600dp-port/background_main.png +++ /dev/null diff --git a/app/src/custom/res/drawable-sw600dp-port/background_main.webp b/app/src/custom/res/drawable-sw600dp-port/background_main.webp Binary files differnew file mode 100644 index 00000000..6d23e9e1 --- /dev/null +++ b/app/src/custom/res/drawable-sw600dp-port/background_main.webp diff --git a/app/src/custom/res/drawable-sw600dp-port/ic_splash_background.png b/app/src/custom/res/drawable-sw600dp-port/ic_splash_background.png Binary files differdeleted file mode 100644 index c5abd96a..00000000 --- a/app/src/custom/res/drawable-sw600dp-port/ic_splash_background.png +++ /dev/null diff --git a/app/src/custom/res/drawable-sw600dp-port/ic_splash_background.webp b/app/src/custom/res/drawable-sw600dp-port/ic_splash_background.webp Binary files differnew file mode 100644 index 00000000..227fcb24 --- /dev/null +++ b/app/src/custom/res/drawable-sw600dp-port/ic_splash_background.webp diff --git a/app/src/custom/res/drawable-sw600dp/background_main.png b/app/src/custom/res/drawable-sw600dp/background_main.png Binary files differdeleted file mode 100644 index d11acde1..00000000 --- a/app/src/custom/res/drawable-sw600dp/background_main.png +++ /dev/null diff --git a/app/src/custom/res/drawable-sw600dp/background_main.webp b/app/src/custom/res/drawable-sw600dp/background_main.webp Binary files differnew file mode 100644 index 00000000..aa6b452b --- /dev/null +++ b/app/src/custom/res/drawable-sw600dp/background_main.webp diff --git a/app/src/custom/res/drawable-sw600dp/ic_splash_background.png b/app/src/custom/res/drawable-sw600dp/ic_splash_background.png Binary files differdeleted file mode 100644 index b3fb1f9c..00000000 --- a/app/src/custom/res/drawable-sw600dp/ic_splash_background.png +++ /dev/null diff --git a/app/src/custom/res/drawable-sw600dp/ic_splash_background.webp b/app/src/custom/res/drawable-sw600dp/ic_splash_background.webp Binary files differnew file mode 100644 index 00000000..f1a035ec --- /dev/null +++ b/app/src/custom/res/drawable-sw600dp/ic_splash_background.webp diff --git a/app/src/custom/res/drawable/background_drawer.png b/app/src/custom/res/drawable/background_drawer.png Binary files differdeleted file mode 100644 index ed138c42..00000000 --- a/app/src/custom/res/drawable/background_drawer.png +++ /dev/null diff --git a/app/src/custom/res/drawable/background_drawer.webp b/app/src/custom/res/drawable/background_drawer.webp Binary files differnew file mode 100644 index 00000000..8e0c4a6f --- /dev/null +++ b/app/src/custom/res/drawable/background_drawer.webp diff --git a/app/src/custom/res/drawable/background_main.png b/app/src/custom/res/drawable/background_main.png Binary files differdeleted file mode 100644 index 23c7ffa6..00000000 --- a/app/src/custom/res/drawable/background_main.png +++ /dev/null diff --git a/app/src/custom/res/drawable/background_main.webp b/app/src/custom/res/drawable/background_main.webp Binary files differnew file mode 100644 index 00000000..6d23e9e1 --- /dev/null +++ b/app/src/custom/res/drawable/background_main.webp diff --git a/app/src/custom/res/drawable/ic_splash_background.png b/app/src/custom/res/drawable/ic_splash_background.png Binary files differdeleted file mode 100644 index c5abd96a..00000000 --- a/app/src/custom/res/drawable/ic_splash_background.png +++ /dev/null diff --git a/app/src/custom/res/drawable/ic_splash_background.webp b/app/src/custom/res/drawable/ic_splash_background.webp Binary files differnew file mode 100644 index 00000000..227fcb24 --- /dev/null +++ b/app/src/custom/res/drawable/ic_splash_background.webp diff --git a/app/src/custom/res/drawable/logo_square.png b/app/src/custom/res/drawable/logo_square.png Binary files differdeleted file mode 100644 index d20cedd5..00000000 --- a/app/src/custom/res/drawable/logo_square.png +++ /dev/null diff --git a/app/src/custom/res/drawable/logo_square.webp b/app/src/custom/res/drawable/logo_square.webp Binary files differnew file mode 100644 index 00000000..cd3ad9d0 --- /dev/null +++ b/app/src/custom/res/drawable/logo_square.webp diff --git a/app/src/main/java/se/leap/bitmaskclient/EipFragment.java b/app/src/main/java/se/leap/bitmaskclient/EipFragment.java index 0485e907..a6f8040f 100644 --- a/app/src/main/java/se/leap/bitmaskclient/EipFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/EipFragment.java @@ -324,13 +324,17 @@ public class EipFragment extends Fragment implements Observer { return; } - AlertDialog.Builder alertBuilder = new AlertDialog.Builder(getActivity()); - showPendingStartCancellation = true; - alertDialog = alertBuilder.setTitle(activity.getString(R.string.eip_cancel_connect_title)) - .setMessage(activity.getString(R.string.eip_cancel_connect_text)) - .setPositiveButton((android.R.string.yes), (dialog, which) -> stopEipIfPossible()) - .setNegativeButton(activity.getString(android.R.string.no), (dialog, which) -> { - }).setOnDismissListener(dialog -> showPendingStartCancellation = false).show(); + try { + AlertDialog.Builder alertBuilder = new AlertDialog.Builder(getActivity()); + showPendingStartCancellation = true; + alertDialog = alertBuilder.setTitle(activity.getString(R.string.eip_cancel_connect_title)) + .setMessage(activity.getString(R.string.eip_cancel_connect_text)) + .setPositiveButton((android.R.string.yes), (dialog, which) -> stopEipIfPossible()) + .setNegativeButton(activity.getString(android.R.string.no), (dialog, which) -> { + }).setOnDismissListener(dialog -> showPendingStartCancellation = false).show(); + } catch (IllegalStateException e) { + e.printStackTrace(); + } } @@ -340,13 +344,18 @@ public class EipFragment extends Fragment implements Observer { Log.e(TAG, "activity is null when asking to stop EIP"); return; } - AlertDialog.Builder alertBuilder = new AlertDialog.Builder(activity); - showAskToStopEip = true; - alertDialog = alertBuilder.setTitle(activity.getString(R.string.eip_cancel_connect_title)) - .setMessage(activity.getString(R.string.eip_warning_browser_inconsistency)) - .setPositiveButton((android.R.string.yes), (dialog, which) -> stopEipIfPossible()) - .setNegativeButton(activity.getString(android.R.string.no), (dialog, which) -> { - }).setOnDismissListener(dialog -> showAskToStopEip = false).show(); + try { + AlertDialog.Builder alertBuilder = new AlertDialog.Builder(activity); + showAskToStopEip = true; + alertDialog = alertBuilder.setTitle(activity.getString(R.string.eip_cancel_connect_title)) + .setMessage(activity.getString(R.string.eip_warning_browser_inconsistency)) + .setPositiveButton((android.R.string.yes), (dialog, which) -> stopEipIfPossible()) + .setNegativeButton(activity.getString(android.R.string.no), (dialog, which) -> { + }).setOnDismissListener(dialog -> showAskToStopEip = false).show(); + } catch (IllegalStateException e) { + e.printStackTrace(); + } + } @Override diff --git a/cleanProject.sh b/cleanProject.sh index 000026dd..703788cc 100755 --- a/cleanProject.sh +++ b/cleanProject.sh @@ -7,5 +7,6 @@ rm -r ./ics-openvpn rm -r ./build rm -r ./app/build rm -r ./go/lib/* +rm -r ./currentReleases git submodule sync --recursive git submodule update --init --recursive diff --git a/go/lib/README b/go/lib/README new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/go/lib/README diff --git a/prepareForDistribution.sh b/prepareForDistribution.sh index b0d9ef21..cd5dc288 100755 --- a/prepareForDistribution.sh +++ b/prepareForDistribution.sh @@ -1,8 +1,23 @@ #!/bin/bash +# Copyright (c) 2019 LEAP Encryption Access Project and contributers +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + function quit { - echo "Task failed. Exit value: $?." + echo -e "${RED}Task failed. Exit value: $?.${NC}" cleanUp exit 1 } @@ -18,17 +33,83 @@ function cleanUp { fi } +function sign { + #---- ALIGN AND JARSIGN APK ----- + if [[ -z $FILE_NAME_STRING ]] + then + FILE_NAME_STRING=$1 + FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' + FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' + fi + + FINAL_APK="${FILE_DIR}/${FILE_NAME}" + ALIGNED_UNSIGNED_APK="${FILE_DIR}/aligned-${FILE_NAME}" + ALIGNED_SIGNED_APK="${FILE_DIR}/aligned-signed-${FILE_NAME}" + + echo -e "${GREEN} -> zip align ${ALIGNED_UNSIGNED_APK}${NC}" + ${ANDROID_BUILD_TOOLS}/zipalign -v -p 4 "${FINAL_APK}" ${ALIGNED_UNSIGNED_APK} > /dev/null && echo "zip alignment successful" || quit + echo -e "${GREEN} -> apksign ${ALIGNED_UNSIGNED_APK}${NC}" + ${ANDROID_BUILD_TOOLS}/apksigner sign --ks "${KEY_STORE_STRING}" --out ${ALIGNED_SIGNED_APK} ${ALIGNED_UNSIGNED_APK} || quit + rm ${ALIGNED_UNSIGNED_APK} + + FINGERPRINT=$(unzip -p ${ALIGNED_SIGNED_APK} META-INF/*.RSA | keytool -printcert | grep "SHA256" | tr -d '[:space:]') || quit + + if [[ ${FINGERPRINT} == ${EXPECTED_FINGERPRINT} ]] + then + echo "Certificate fingerprint matches: ${FINGERPRINT}" + else + echo -e "${RED}Certificate fingerprint \n${FINGERPRINT} \ndid not match expected fingerprint \n\t${EXPECTED_FINGERPRINT}${NC}" + quit + fi + + echo -e "${GREEN} -> rename aligned signed apk to ${FINAL_APK}${NC}" + cp ${ALIGNED_SIGNED_APK} ${FINAL_APK} || quit + cleanUp + + #---- GPG SIGNING ---- + if [[ -z ${GPG_KEY} && -z ${GPG_KEY_USER} ]] + then + echo -e "${ORANGE}WARNING: Could not do gpg signing!${NC}" + exit + fi + + if [[ ${GPG_KEY} ]] + then + echo -e "${GREEN} -> gpg sign using key ${GPG_KEY}${NC}" + gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit + else + echo -e "${GREEN} -> gpg sign using pub key of user ${GPG_KEY_USER}${NC}" + GPG_KEY=$(gpg --list-keys $GPG_KEY_USER | grep pub | cut -d '/' -f 2 | cut -d ' ' -f 1) || quit + #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit + gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + fi + + echo -e "${GREEN} -> gpg verify ${FINAL_APK}${NC}" + gpg --verify "${FINAL_APK}.sig" || quit +} + # ----Main----- DO_BUILD=false DO_SIGN=false BETA=false NO_TAG=false -APP_NAME="Bitmask" FLAVOR="Normal" FLAVOR_LOWERCASE="normal" EXPECTED_FINGERPRINT="SHA256:9C:94:DB:F8:46:FD:95:97:47:57:17:2A:6A:8D:9A:9B:DF:8C:40:21:A6:6C:15:11:28:28:D1:72:39:1B:81:AA" +GREEN='\033[0;32m' +RED='\033[0;31m' +ORANGE='\033[0;33m' +NC='\033[0m' +export GREEN=${GREEN} +export RED=${RED} +export ORANGE=${ORANGE} +export EXPECTED_FINGERPRINT=${EXPECTED_FINGERPRINT} +export -f sign +export -f quit +export -f cleanUp # init parameters @@ -49,34 +130,38 @@ do FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' + elif [[ ${!i} = "-d" || ${!i} = "-dir" ]] + then + ((i++)) + FILE_DIR=${!i} + MULTIPLE_APKS=true elif [[ ${!i} = "-ks" || ${!i} = "-keystore" ]] then ((i++)) KEY_STORE_STRING=${!i}; KEY_STORE_NAME=${KEY_STORE_STRING##*/} KEY_STORE_DIR=${KEY_STORE_STRING%/*} - + export KEY_STORE_STRING=${KEY_STORE_STRING} + elif [[ ${!i} = "-v" || ${!i} = "-version" ]] then ((i++)) VERSION_NAME=${!i}; if [[ -z $(git tag --list | grep -w ${VERSION_NAME}) ]] then - echo "ERROR: Version name has to be a git tag!" + echo -e "${RED}ERROR: Version name has to be a git tag!${NC}" exit fi elif [[ ${!i} = "-k" || ${!i} = "-key" ]]; then ((i++)) - GPG_KEY=${!i} - elif [[ ${!i} = "-k" || ${!i} = "-key" ]]; - then - ((i++)) GPG_KEY=${!i} + export GPG_KEY=${GPG_KEY} elif [[ ${!i} = "-u" || ${!i} = "-user" ]]; then ((i++)) GPG_KEY_USER=${!i} + export GPG_KEY_USER=${GPG_KEY_USER} elif [[ ${!i} = "-b" || ${!i} = "-beta" ]]; then BETA=true @@ -86,24 +171,17 @@ do elif [[ ${!i} = "-c" || ${!i} = "-custom" ]] then ((i++)) - APP_NAME=${!i} FLAVOR="Custom" FLAVOR_LOWERCASE="custom" elif [[ ${!i} = "-h" || ${!i} = "-help" ]]; then echo -e " - sign [-ks -fp -f -b -c -u -k] sign a given apk (both app signing and GPG signing) - -b / -beta -------------------------- add 'Beta' to filename of resulting apk (optional) - -c / -custom [appName] -------------- mark build as custom branded Bitmask client and add - custom app name to resulting apk (required for custom - branded builds) + sign [-ks -fp -f -b -u -k] sign a given apk (both app signing and GPG signing) -ks / -keystore [path] -------------- define path to keystore for signing (required) -fp / -fingerprint [fingerprint] ---- define the fingerprint for the app (required for non-LEAP signed apps) - -f / -file [inputfile] -------------- define path to apk going to be signed (required if - sign command is not used in conjuction with build) - -v / -version [gittag] -------------- define app version as part of the resulting apk file - name. If not used, 'latest' will be added instead + -f / -file [inputfile] -------------- define path to apk going to be signed + -d / -dir [path] -------------------- define path to directory including apks to be signed -u / -user [gpguser] ---------------- define the gpg user whose key will be used for GPG signing (optional) -k / -key [gpgkey] ------------------ define the key used for GPG signing. Using this option, @@ -128,19 +206,22 @@ do --------------- * jarsign only: - ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -v 0.9.7 + ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore * jarsign and gpg sign only: - ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -u GPG_USER -v 0.9.7 - + ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -u GPG_USER + + * jarsign and gpg sign all apks in directory: + ./prepareForDistribution.sh sign -d currentReleases/ -ks ~/path/to/bitmask-android.keystore -u GPG_USER + * build custom stable - ./prepareForDistribution.sh build -v 0.9.7 -c RiseupVPN + ./prepareForDistribution.sh build -v 0.9.7 -c * build and sign custom stable: - ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -v 0.9.7 -c RiseupVPN + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -c -v 0.9.7 * build and sign custom beta: - ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -b -v 0.9.7RC2 -c RiseupVPN + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -c -b -v 0.9.7RC2 * build and sign stable: ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -v 0.9.7 @@ -150,7 +231,7 @@ do exit else - echo "Invalid argument: ${!i}" + echo -e "${RED}Invalid argument: ${!i}${NC}" exit fi @@ -160,15 +241,18 @@ done; # check what to do if [[ ${DO_BUILD} == false && ${DO_SIGN} == false ]] then - echo "ERROR: No action set. Please check ./prepareForDistribution -help!" + echo -e "${RED}ERROR: No action set. Please check ./prepareForDistribution -help!${NC}" exit fi +BASE_FILE_DIR="$(pwd)/app/build/outputs/apk" +RELEASES_FILE_DIR="$(pwd)/currentReleases" + if [[ ${DO_BUILD} == true ]] then if [[ ${NO_TAG} == false && -z ${VERSION_NAME} ]] then - echo "ERROR: You didn't enter the version (git tag) to be built. If you really want to force building the current checked out commit, use -no-tag." + echo -e "${RED}ERROR: You didn't enter the version (git tag) to be built. If you really want to force building the current checked out commit, use -no-tag.${NC}" quit fi if [[ ${NO_TAG} == false ]] @@ -185,12 +269,60 @@ then ./cleanProject.sh || quit ./build_deps.sh || quit - + ./fix_gradle_lock.sh || quit + + if [[ ! -d $RELEASES_FILE_DIR ]] + then + mkdir $RELEASES_FILE_DIR + fi + rm -rf $RELEASES_FILE_DIR/* + if [[ ${BETA} == true ]] then - ./gradlew clean assemble${FLAVOR}ProductionBeta --stacktrace || quit + echo -e "${GREEN} -> build beta releases for flavor ${FLAVOR}${NC}" + ./gradlew clean assemble${FLAVOR}ProductionFatBeta --stacktrace || quit + # echo "copy file: $(ls $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/beta/*.apk)" + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/beta/*.apk $RELEASES_FILE_DIR/. + + # custom builds might have disabled split apks -> check if build task exist + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86Beta) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionX86Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86/beta/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86_64Beta) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionX86_64Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86_64/beta/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Beta) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionArmv7Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArmv7/beta/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Beta) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionArm64Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArm64/beta/*.apk $RELEASES_FILE_DIR/. + fi else - ./gradlew clean assemble${FLAVOR}ProductionRelease --stacktrace || quit + echo -e "${GREEN} -> build stable releases for flavor ${FLAVOR}${NC}" + ./gradlew clean assemble${FLAVOR}ProductionFatRelease --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/release/*.apk $RELEASES_FILE_DIR/. + + # custom builds might have disabled split apks -> check if build task exist + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86Release) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionX86Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86/release/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86_64Release) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionX86_64Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86_64/release/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Release) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionArmv7Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArmv7/release/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArm64Release) ]]; then + ./gradlew clean assemble${FLAVOR}ProductionArm64Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArm64/release/*.apk $RELEASES_FILE_DIR/. + fi fi fi @@ -199,99 +331,39 @@ then # check global vars if [[ -z ${ANDROID_BUILD_TOOLS} ]] then - echo "ERROR: Environment variable ANDROID_BUILD_TOOLS not set! Please add it to your environment variables. Exiting." + echo -e "${RED}ERROR: Environment variable ANDROID_BUILD_TOOLS not set! Please add it to your environment variables. Exiting.${NC}" exit fi - if [[ -z ${FILE_NAME} && ${DO_BUILD} == false ]] + if [[ -z ${FILE_NAME} && -z ${FILE_DIR} && ${DO_BUILD} == false ]] then - echo -e "ERROR: Sign only needs a file name. Please check ./prepareForDistribution -help!" + echo -e "${RED}ERROR: Sign only needs a file name or a directory. Please check ./prepareForDistribution -help!${NC}" exit fi if [[ -z ${KEY_STORE_NAME} ]] then - echo "ERROR: Key store not set. Please check ./prepareForDistribution -help" + echo -e "${RED}ERROR: Key store not set. Please check ./prepareForDistribution -help${NC}" exit fi if [[ -n ${FILE_NAME_STRING} && ${DO_BUILD} == true ]] then - echo "WARNING: Ignoring parameter -file. Built APK will be used instead." + echo -e "${ORANGE}WARNING: Ignoring parameter -file. Built APK will be used instead.${NC}" fi #---- OPT: SELECT APK FROM LAST BUILD ---- if [[ ${DO_BUILD} == true ]] then - BASE_FILE_DIR="$(pwd)/app/build/outputs/apk" - if [[ ${BETA} == true ]] - then - FILE_NAME="app-${FLAVOR_LOWERCASE}-production-beta.apk" - BUILD_TYPE_DIR="beta" - else - FILE_NAME="app-${FLAVOR_LOWERCASE}-production-release.apk" - BUILD_TYPE_DIR="release" - fi - if [[ ${FLAVOR_LOWERCASE} == "normal" ]] - then - FLAVOR_DIR="normalProduction" - else - FLAVOR_DIR="customProduction" - fi - FILE_DIR="${BASE_FILE_DIR}/${FLAVOR_DIR}/${BUILD_TYPE_DIR}" - fi - - #---- ALIGN AND JARSIGN APK ----- - ALIGNED_UNSIGNED_APK="${FILE_DIR}/aligned-${FILE_NAME}" - ALIGNED_SIGNED_APK="${FILE_DIR}/aligned-signed-${FILE_NAME}" - - ${ANDROID_BUILD_TOOLS}/zipalign -v -p 4 "${FILE_DIR}/${FILE_NAME}" ${ALIGNED_UNSIGNED_APK} || quit - ${ANDROID_BUILD_TOOLS}/apksigner sign --ks "${KEY_STORE_STRING}" --out ${ALIGNED_SIGNED_APK} ${ALIGNED_UNSIGNED_APK} || quit - rm ${ALIGNED_UNSIGNED_APK} - - FINGERPRINT=$(unzip -p ${ALIGNED_SIGNED_APK} META-INF/*.RSA | keytool -printcert | grep "SHA256" | tr -d '[:space:]') || quit - - if [[ ${FINGERPRINT} == ${EXPECTED_FINGERPRINT} ]] - then - echo "Certificate fingerprint matches: ${FINGERPRINT}" - else - echo -e "Certificate fingerprint \n${FINGERPRINT} \ndid not match expected fingerprint \n\t${EXPECTED_FINGERPRINT}" - quit - fi - - #---- RENAME TO VERSION_NAME ---- - FINAL_APK=${ALIGNED_SIGNED_APK} - if [[ -z ${VERSION_NAME} ]] - then - VERSION_NAME="latest" - fi - - if [[ ${BETA} == true ]] - then - FINAL_FILE_NAME="${APP_NAME}-Android-Beta-${VERSION_NAME}.apk" - else - FINAL_FILE_NAME="${APP_NAME}-Android-${VERSION_NAME}.apk" - fi - FINAL_APK="${FILE_DIR}/${FINAL_FILE_NAME}" - cp ${ALIGNED_SIGNED_APK} ${FINAL_APK} || quit - cleanUp - - - #---- GPG SIGNING ---- - if [[ -z ${GPG_KEY} && -z ${GPG_KEY_USER} ]] - then - echo "WARNING: Could not do gpg signing!" - exit - fi - - if [[ ${GPG_KEY} ]] + FILE_DIR=$RELEASES_FILE_DIR + echo -e "${GREEN} -> sign apks:${NC}" + ls -w 1 $FILE_DIR/*\.apk | xargs -I {} echo {} + xargs -I _ -ra <(ls -w 1 $FILE_DIR/*\.apk) bash -c 'sign _' + elif [[ ${MULTIPLE_APKS} == true ]] then - gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit - #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit - else - GPG_KEY=$(gpg --list-keys $GPG_KEY_USER | grep pub | cut -d '/' -f 2 | cut -d ' ' -f 1) || quit - #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit - gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + echo -e "${GREEN} -> sign apks:${NC}" + ls -w 1 $FILE_DIR/*\.apk | xargs -I {} echo {} + xargs -I _ -ra <(ls -w 1 $FILE_DIR/*\.apk) bash -c 'sign _' + else + echo -e "${GREEN} -> sign apk: ${FILE_NAME_STRING}${NC}" + sign $FILE_NAME_STRING fi - - gpg --verify "${FINAL_APK}.sig" || quit - -fi
\ No newline at end of file +fi |
