From acf7097fdad8804e73cfd235335ae9257b8fc9b6 Mon Sep 17 00:00:00 2001
From: Eric House <xwords@eehouse.org>
Date: Tue, 23 May 2017 18:32:52 -0700
Subject: [PATCH] sign release apks outside of gradle

My sign-inside-gradle is an uncommon trick and unnecessary. Better to
follow the old convention of using jarsigner and zipalign.
---
 xwords4/android/app/build.gradle      | 50 ---------------------------
 xwords4/android/scripts/arelease.sh   |  9 +++--
 xwords4/android/scripts/sign-align.sh | 39 +++++++++++++++++++++
 3 files changed, 43 insertions(+), 55 deletions(-)
 create mode 100755 xwords4/android/scripts/sign-align.sh

diff --git a/xwords4/android/app/build.gradle b/xwords4/android/app/build.gradle
index 78a025e9e..d217a553c 100644
--- a/xwords4/android/app/build.gradle
+++ b/xwords4/android/app/build.gradle
@@ -1,5 +1,3 @@
-import groovy.swing.SwingBuilder
-
 def INITIAL_CLIENT_VERS = 8
 def VERSION_CODE_BASE = 114
 def VERSION_NAME = '4.4.118'
@@ -85,16 +83,6 @@ android {
     }
 
     signingConfigs {
-        release {
-            storeFile file(System.getenv("HOME") + "/.keystore")
-            keyAlias "mykey"
-
-            // These two lines make gradle believe that the signingConfigs
-            // section is complete. Without them, tasks like installRelease
-            // will not be available!
-            storePassword "notReal"
-            keyPassword "notReal"
-        }
         debug {
             def path = System.getenv("DEBUG_KEYSTORE_PATH")
             if (! path) {
@@ -109,7 +97,6 @@ android {
 
     buildTypes {
         release {
-            signingConfig signingConfigs.release
             debuggable false
             minifyEnabled false // PENDING
             proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
@@ -237,43 +224,6 @@ task cleanNDK(type: Exec) {
     commandLine lst
 }
 
-gradle.taskGraph.whenReady { taskGraph ->
-    if ( taskGraph.hasTask(':app:validateSigningXw4Release') ) {
-        def pass
-        if (System.getenv("ANDROID_RELEASE_PASSWORD")) {
-            pass = System.getenv("ANDROID_RELEASE_PASSWORD")
-        } else if ( null != System.console() ) {
-            pass = System.console().readPassword("\nPlease enter key passphrase: ")
-            pass = new String(pass)
-        } else {
-            new SwingBuilder().edt {
-                dialog(modal: true, // Otherwise the build will continue running before you closed the dialog
-                title: 'Enter password', // Dialog title
-                alwaysOnTop: true, // pretty much what the name says
-                resizable: false, // Don't allow the user to resize the dialog
-                locationRelativeTo: null, // Place dialog in center of the screen
-                pack: true, // We need to pack the dialog (so it will take the size of it's children
-                show: true // Let's show it
-                      ) {
-                    vbox { // Put everything below each other
-                        label(text: "Please enter key passphrase:")
-                        input = passwordField();
-                        button(defaultButton: true, text: 'OK', actionPerformed: {
-                                   pass = new String(input.password); // Set pass variable to value of input field
-                                   // println "myPass: $myPass"
-
-                                   dispose(); // Close dialog
-                               })
-                    }
-                }
-            }
-        }
-
-        android.signingConfigs.release.storePassword = pass
-        android.signingConfigs.release.keyPassword = pass
-    }
-}
-
 // def getVersionName() {
 //     try {
 //         def stdout = new ByteArrayOutputStream()
diff --git a/xwords4/android/scripts/arelease.sh b/xwords4/android/scripts/arelease.sh
index b9f464f37..d51f1d464 100755
--- a/xwords4/android/scripts/arelease.sh
+++ b/xwords4/android/scripts/arelease.sh
@@ -15,11 +15,7 @@ usage() {
 }
 
 do_build() {
-    WD=$(pwd)
-    cd $(dirname $0)/../
-    rm -rf bin/ gen/
-	./gradlew clean assembleXw4Rel
-    cd $WD
+    (cd $(dirname $0)/../ && ./gradlew clean assembleXw4Rel)
 }
 
 while [ "$#" -gt 0 ]; do
@@ -58,6 +54,9 @@ fi
 
 if [ -z "$FILES" ]; then
     do_build
+	for f in $(dirname $0)/../app/build/outputs/apk/*-unsigned-*.apk; do
+		$(dirname $0)/sign-align.sh --apk $f
+	done
 fi
 
 if [ -n "$TAGNAME" ]; then
diff --git a/xwords4/android/scripts/sign-align.sh b/xwords4/android/scripts/sign-align.sh
new file mode 100755
index 000000000..e2e0548c7
--- /dev/null
+++ b/xwords4/android/scripts/sign-align.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -u -e
+
+APKS=''
+XW_WWW_PATH=${XW_WWW_PATH:-''}
+LIST_FILE=1
+
+usage() {
+	[ $# -gt 0 ] && echo "ERROR: $1"
+	echo "usage: $0 [--apk path/to/unsigned.apk]*"
+	}
+
+while [ $# -gt 0 ]; do
+	case $1 in
+		--apk)
+			[ -e $2 ] || usage "no such file $2"
+			APKS="$APKS $2"
+			shift
+			;;
+		*)
+			usage "Unexpected flag $1"
+			;;
+	esac
+	shift
+done
+
+for APK in $APKS; do
+	if [ ${APK/-unsigned} == $APK ]; then
+		echo "$APK not unsigned; skipping"
+		continue
+	fi
+    APK_SIGNED=/tmp/$$_tmp.apk
+	cp $APK $APK_SIGNED
+    jarsigner -verbose -digestalg SHA1 -keystore ~/.keystore $APK_SIGNED mykey
+	rm -f ${APK/-unsigned/-signed}
+    zipalign -v 4 $APK_SIGNED ${APK/-unsigned/-signed}
+	rm -f $APK_SIGNED
+done