Google (Velvet package) broken signature in final image
hawkeyexp opened this issue · 11 comments
I included the opengapps as vendor tree in lineageos 17.1 with a oneplus 7 pro. Until sep 24 2020 all was fine - after that date the velvet package was not liner installed after flash but it was present in priv-apps.
i chacked the package and the apk signature was broken. I replaced the apk with the original from git lfs storage and all is working fine again. It seems during building the source tree for the image something wen't wrong.
The original apk is ~ 200MB while the included apk in to target is ~ 240MB - both apk's are same version so it sems it is resigned or repacked during build run. Orighinal apk is 301109107.apk from arm64 SDK29.
Now the big question: is something failing in the opengapps tree or is something failing in the lineage build process.
All other google parts are working fine - only velvet is affected in my case so it looks to me on opengapps side is something going wrong.
OpenGapps marks the package as having LOCAL_CERTIFICATE := PRESIGNED, so it shouldn't get signed again.
You can check if you do
make -j8 apkcerts-list
You'll then get a file out/target/product/*/obj/PACKAGING/apkcerts_intermediates/*apkcerts*.txt, and in there you can search for Velvet. It should then say:
name="Velvet.apk" certificate="PRESIGNED" private_key=""
Same here. I don't know if zipaligning is the issue
I checked the logs and signature in packaging looks good.
I agree with @davidtrpcevski - possible a zipalign problem?
I run into the same problem. Velvet is in priv-apps but doesn't get installed on first first time boot or after factory reset.
Just for clarification, what is the actual problem with zipalign?
As far as I understand it, zipalign is mandatory for apks to get accepted in the Google Play Store.
So is it...
a) Velvet provided here by openGapps is in fact NOT properly zipaligned and something is done wrong by Lineage
b) Velvet is zipaligned (cause it's the official apk from Google) and zipaligning it again by Lineage does the deep
c) Some changes in Velvet itself causes zipalign to go haywire
d) Zipalign (included in Lineage? or on my local System?) is somehow outdated and needs to be replaced or patched
wkr ADT
I was doing some research and tried a little bit of tinkering in the /out/target/product/device directory.
The apk in system/priv-app/Velvet always gets replaced by the one in obj/APPS/Velvet_intermediates so I replaced both of them with the smaller version from /vendor/opengapps/sources/arm64/priv-app/com.google.android.googlequicksearchbox.
After doing a new build and testing it on my phone velvet was installed right away.
This got me a little bit curious about the contents of that folder Velvet_intermediates and what happens in there.
There is a package.apk.unaligned zip-file in there with the problematic bigger size, something i did not find in any of the other gapps intermediates folders. So I suspected dex preoptimization but disabling it in my config didn't help at all.
Does anybody know what else is done in these intermediates folders? Something that might be failing because of the size of the apk?
@ADeadTrousers You might want to look at the build rules for it in out/build-<name passed to lunch>.ninja. One of my devices for example (even though I do not include this file in my personal builds):
build device_Velvet_all_targets: phony _kati_always_build_ out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk out/target/product/griffin/system/priv-app/Velvet/Velvet.apk
rule rule286233
description = target Prebuilt: Velvet (out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk)
command = /bin/bash -c "(rm -f out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk ) && (cp \"vendor/opengapps/sources/arm64/priv-app/com.google.android.googlequicksearchbox/29/nodpi/301109107.apk\" \"out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk\" ) && (if (zipinfo out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk 'lib/*.so' 2>/dev/null | grep -v ' stor ' >/dev/null) ; then out/soong/host/linux-x86/bin/zip2zip -i out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk -o out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.tmp -0 'lib/**/*.so' && mv -f out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.tmp out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk ; fi ) && (if (zipinfo out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk '*.dex' 2>/dev/null | grep -v ' stor ' >/dev/null) ; then out/soong/host/linux-x86/bin/zip2zip -i out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk -o out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.tmp -0 \"classes*.dex\" && mv -f out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.tmp out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk ; fi ) && (if ! out/soong/host/linux-x86/bin/zipalign -c -p 4 out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk >/dev/null ; then mv out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.unaligned; out/soong/host/linux-x86/bin/zipalign -f -p 4 out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.unaligned out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.aligned; mv out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk.aligned out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk; fi )"
build out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk: rule286233 vendor/opengapps/sources/arm64/priv-app/com.google.android.googlequicksearchbox/29/nodpi/301109107.apk || out/soong/host/linux-x86/bin/zipalign out/soong/host/linux-x86/bin/zip2zip out/soong/host/linux-x86/framework/signapk.jar
rule rule286234
description = Install: out/target/product/griffin/system/priv-app/Velvet/Velvet.apk
command = /bin/bash -c "(rm -f out/target/product/griffin/system/priv-app/Velvet/Velvet.apk ) && (cp out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk out/target/product/griffin/system/priv-app/Velvet/Velvet.apk )"
build out/target/product/griffin/system/priv-app/Velvet/Velvet.apk: rule286234 out/target/product/griffin/obj/APPS/Velvet_intermediates/package.apk
The second command block does the deed (I shortend the paths for readability)
(if (zipinfo package.apk '*.dex' 2>/dev/null | grep -v ' stor ' >/dev/null) ; then
zip2zip -i package.apk -o package.apk.tmp -0 "classes*.dex"
mv -f package.apk.tmp package.apk
; fi )After that the file got a significant raise in size and the zipalign in the next block got triggered because of the misalignment of the new apk but does no (additional) harm I guess.
The option -0 uncompresses the designated files so that explains the raise in file size.
Does anyone know why this is needed here?
Is that "dex preoptimization"? I tried to deactivate it with DONT_DEXPREOPT_PREBUILTS := true but that didn't change a thing.
@ADeadTrousers I think you want to set LOCAL_DEX_PREOPT := false, just like in modules/PixelLauncherIcons/Android.mk.
@MarijnS95
Nope. This only prevents the oat subfolder but not the repackaging of Velvet.apk.
Anyway, in my opinion the "problem" of the broken signature is associated with the aforementioned repackaging.
But why is this done? That's the question.
I tried it without this modification and everything was running smoothly. So it isn't really needed, or is it?
Does anyone know the commit where this was included?
Is it from LineageOS, AOSP or openGapps?
Searching the build directory I found the code for uncompressing the dex files in definitions.mk as the macro uncompress-dexs. This is used in package_internal.mk and controlled by the variable LOCAL_UNCOMPRESS_DEX. But this is reset by the global variable DONT_UNCOMPRESS_PRIV_APPS_DEXS and LOCAL_PRIVILEGED_MODULE in dex_preopt_odex_install.mk.
For those interested in a (temporary?) fix I created a little patch that you could use:
https://github.com/ADeadTrousers/android_device_Unihertz_Atom_XL/blob/master/patch/vendor_opengapps_build/0003-Temporary-workaround-for-failing-during-first-time-i.patch
You would need this AND set DONT_UNCOMPRESS_PRIV_APPS_DEXS := true in your BoardConfig.mk.
(The patch also changes StorageManager and PixelLauncher because I had some problems with those too)