Apkindex format: Difference between revisions
(→Creating signature.tar.gz: added link to key creation doc) |
|||
| Line 6: | Line 6: | ||
The APKINDEX.tar.gz is created by concatenating 2 other tar.gz files, signature.tar.gz and APKINDEX.unsigned.tar.gz. | The APKINDEX.tar.gz is created by concatenating 2 other tar.gz files, signature.tar.gz and APKINDEX.unsigned.tar.gz. | ||
cat signature.tar.gz APKINDEX.unsigned.tar.gz > APKINDEX.tar.gz | |||
=== Creating signature.tar.gz === | === Creating signature.tar.gz === | ||
Revision as of 13:11, 21 July 2009
The APKINDEX.tar.gz format
From apk-tools-2.0_pre15 there was added support for package signing. The caused the index format to chage, as it needs to contain a signature for the repository. This document explains how the new index works and how it is created.
Creating APKINDEX.tar.gz
The APKINDEX.tar.gz is created by concatenating 2 other tar.gz files, signature.tar.gz and APKINDEX.unsigned.tar.gz.
cat signature.tar.gz APKINDEX.unsigned.tar.gz > APKINDEX.tar.gz
Creating signature.tar.gz
First we create a signature file for APKINDEX.unsigned.tar.gz, using our private key.
openssl dgst -sha1 sign privatekeyfile -out .SIGN.RSA.nameofpublickey APKINDEX.unsigned.tar.gz
Then we put this in a tar file, without the end-of-tar record at the end of the file. This is because we will concatenate this tar archive with the index tar archive.
tar -c .SIGN.RSA.nameofpublickey | abuild-tar --cut | gzip -9 > signature.tar.gz
The name of public key should be the email address of the developer.
Creating APKINDEX.unsigned.tar.gz
The APKINDEX.unsigned.tar.gz is an old 1.9 style index file in a tar archive. This is created with:
apk index -o APKINDEX.unsigned.tar.gz *.apk