From 59303f0452ff79bcf57f0cbec472c608916e8bfd Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 13 Nov 2017 15:05:38 +0100 Subject: add script that helps to build and sign stable and beta releases --- prepareForDistribution.sh | 216 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100755 prepareForDistribution.sh diff --git a/prepareForDistribution.sh b/prepareForDistribution.sh new file mode 100755 index 00000000..37c387b7 --- /dev/null +++ b/prepareForDistribution.sh @@ -0,0 +1,216 @@ +#!/bin/bash + + +function quit { + echo "Task failed. Exit value: $?." + cleanUp + exit 1 +} + +function cleanUp { + if [[ -f ${ALIGNED_UNSIGNED_APK} ]] + then + rm ${ALIGNED_UNSIGNED_APK} + fi + if [[ -f ${ALIGNED_SIGNED_APK} ]] + then + rm ${ALIGNED_SIGNED_APK} + fi +} + +# ----Main----- + +DO_BUILD=false +DO_SIGN=false +BETA=false + + +# check global vars +if [[ -z ${ANDROID_BUILD_TOOLS} ]] +then + echo "ERROR: Environment variable ANDROID_BUILD_TOOLS not set! Please add it to your .bashrc file. Exiting." + exit +fi + +# init parameters +for ((i=1;i<=$#;i++)); +do + if [[ ${!i} = "b" || ${!i} = "build" ]] + then + DO_BUILD=true + + elif [[ ${!i} = "s" || ${!i} = "sign" ]] + then + DO_SIGN=true + + elif [[ ${!i} = "-f" || ${!i} = "-file" ]] + then + ((i++)) + FILE_NAME_STRING=${!i} + FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' + FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' + + elif [[ ${!i} = "-ks" || ${!i} = "-keystore" ]] + then + ((i++)) + KEY_STORE_STRING=${!i}; + KEY_STORE_NAME=${KEY_STORE_STRING##*/} + KEY_STORE_DIR=${KEY_STORE_STRING%/*} + + elif [[ ${!i} = "-v" || ${!i} = "-version" ]] + then + ((i++)) + VERSION_NAME=${!i}; + if [[ -z $(git tag --list | grep -w ${VERSION_NAME}) ]] + then + echo "ERROR: Version name has to be a git tag!" + exit + else + #---- COMPARE TAG COMMIT WITH CURRENT COMMIT AND CHECK OUT TAG COMMIT IF NECESSARY ---- + TAG_COMMIT=$(git log -n 1 ${VERSION_NAME} --format="%H") + CURRENT_COMMIT=$(git log -n 1 --format="%H") + if [[ ${TAG_COMMIT} != ${CURRENT_COMMIT} ]] + then + echo "CHECKING OUT VERSION: ${VERSION_NAME} ..." + git checkout ${VERSION_NAME} || quit + fi + fi + + elif [[ ${!i} = "-k" || ${!i} = "-key" ]]; + then + ((i++)) + GPG_KEY=${!i} + elif [[ ${!i} = "-u" || ${!i} = "-user" ]]; + then + ((i++)) + GPG_KEY_USER=${!i} + + elif [[ ${!i} = "-b" || ${!i} = "-beta" ]]; + then + BETA=true + + elif [[ ${!i} = "-h" || ${!i} = "-help" ]]; + then + echo -e "example Usages: \n + jarsign only: + ------------- + ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -b -v 0.9.7RC2 \n + jarsign and gpg sign only: + -------------------------- + ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -u GPG_USER -b -v 0.9.7RC2 \n + build and sign beta: + -------------------- + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -b -v 0.9.7RC2 \n + build and sign stable: + ---------------------- + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -v 0.9.7" + exit + + else + echo "Invalid argument: ${!i}" + exit + fi + +done; + + +# check what to do +if [[ ${DO_BUILD} == false && ${DO_SIGN} == false ]] +then + echo "ERROR: No action set. Please check ./prepareForDistribution -help!" + exit +fi + +if [[ ${DO_BUILD} == true ]] +then + if [[ ${BETA} == true ]] + then + ./gradlew clean assembleProductionBeta --stacktrace || quit + else + ./gradlew clean assembleProductionRelease --stacktrace || quit + fi +fi + +if [[ ${DO_SIGN} == true ]] +then + if [[ -z ${FILE_NAME} && ${DO_BUILD} == false ]] + then + echo -e "ERROR: Sign only needs a file name. Please check ./prepareForDistribution -help!" + exit + fi + if [[ -z ${KEY_STORE_NAME} ]] + then + echo "ERROR: Key store not set. Please check ./prepareForDistribution -help" + exit + fi + if [[ -n ${FILE_NAME_STRING} && ${DO_BUILD} == true ]] + then + echo "WARNING: Ignoring parameter -file. Built APK will be used instead." + fi + + #---- OPT: SELECT APK FROM LAST BUILD ---- + if [[ ${DO_BUILD} == true ]] + then + FILE_DIR="app/build/outputs/apk/" + if [[ ${BETA} == true ]] + then + FILE_NAME="app-production-beta.apk" + else + FILE_NAME="app-production-release.apk" + fi + fi + + #---- ALIGN AND JARSIGN APK ----- + ALIGNED_UNSIGNED_APK="$(pwd)/${FILE_DIR}/aligned-${FILE_NAME}" + ALIGNED_SIGNED_APK="$(pwd)/${FILE_DIR}/aligned-signed-${FILE_NAME}" + + ${ANDROID_BUILD_TOOLS}/zipalign -v -p 4 "$(pwd)/${FILE_DIR}/${FILE_NAME}" ${ALIGNED_UNSIGNED_APK} || quit + ${ANDROID_BUILD_TOOLS}/apksigner sign --ks "${KEY_STORE_STRING}" --out ${ALIGNED_SIGNED_APK} ${ALIGNED_UNSIGNED_APK} || quit + rm ${ALIGNED_UNSIGNED_APK} + + FINGERPRINT=$(unzip -p ${ALIGNED_SIGNED_APK} META-INF/*.RSA | keytool -printcert | grep "SHA256" | tr -d '[:space:]') || quit + EXPECTED_FINGERPRINT="SHA256:9C:94:DB:F8:46:FD:95:97:47:57:17:2A:6A:8D:9A:9B:DF:8C:40:21:A6:6C:15:11:28:28:D1:72:39:1B:81:AA" + + if [[ ${FINGERPRINT} == ${EXPECTED_FINGERPRINT} ]] + then + echo "Certificate fingerprint matches: ${FINGERPRINT}" + else + echo -e "Certificate fingerprint \n${FINGERPRINT} \ndid not match expected fingerprint \n\t${EXPECTED_FINGERPRINT}" + quit + fi + + #---- RENAME TO VERSION_NAME ---- + FINAL_APK=${ALIGNED_SIGNED_APK} + if [[ -n ${VERSION_NAME} ]] + then + if [[ ${BETA} == true ]] + then + FINAL_FILE_NAME="Bitmask-Android-Beta-${VERSION_NAME}.apk" + else + FINAL_FILE_NAME="Bitmask-Android-${VERSION_NAME}.apk" + fi + FINAL_APK="$(pwd)/${FILE_DIR}/${FINAL_FILE_NAME}" + cp ${ALIGNED_SIGNED_APK} ${FINAL_APK} || quit + cleanUp + fi + + #---- GPG SIGNING ---- + if [[ -z ${GPG_KEY} && -z ${GPG_KEY_USER} ]] + then + echo "WARNING: Could not do gpg signing!" + exit + fi + + if [[ ${GPG_KEY} ]] + then + gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit + else + GPG_KEY=$(gpg --list-keys $GPG_KEY_USER | grep pub | cut -d '/' -f 2 | cut -d ' ' -f 1) || quit + #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit + gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + fi + + gpg --verify "${FINAL_APK}.sig" || quit + +fi \ No newline at end of file -- cgit v1.2.3