Redex is not compatible with v2 Signing

[kageiit]

https://source.android.com/security/apksigning/v2.html is enabled by default from android gradle plugin 2.2.0 onwards.

v2 signed Gradle built apks will fail to install if any modifications are made to the original apk. There seems to be no commandline utility to re-sign modified apks yet. This makes redex incompatible with apks built using 2.2.0 of the android gradle plugin.

[bertmaher]

Ouch. I'm not terribly familiar with the gradle build process, since we use buck at FB. Is it possible to hook redex into the build either (1) after the APK is created but before it is signed, or (2) after the dex files are created, but before they are packed into an APK? (1) would be the easiest, of course, but redex can operate on dex files directly, too.

[kageiit]

actually, (2) would be the easiest in gradle to hook in. If Redex can operate on Dex files, that would be the best. We use both buck and gradle. Can you add docs to the readme on how to use redex to operate solely on Dex files and take the apk out of the picture?

[klyubin]

There are a couple of workarounds available until Redex starts modifying DEX files before the APK is signed:

• v2 signing can be disabled in build.gradle by setting v2SigningEnabled to false. See https://developer.android.com/studio/releases/gradle-plugin.html.
• APKs can be re-signed using apksigner command-line tool which is part of Android SDK Build Tools 24.0.3 or higher. See https://developer.android.com/studio/releases/build-tools.html and https://developer.android.com/studio/command-line/apksigner.html.

[justinjhendrick]

Sorry for the extremely delayed reply.

The cpp binary redex-all operates on a directory of dex files.

and here's the help text for that binary

jhendrick-mbp:~/fbsource/fbandroid$ redex-all --help
usage: redex-all [opts...] dexes...

  -a --apkdir  directory containing unzipped APK
  -c --config  JSON-formatted config file
  -o --outdir  output directory for optimized dexes
  -j --jarpath Classpath jar
  -p --proguard-config proguard config file
  -s --seeds seeds file specifiying roots of classes to kept
  -q --printseeds file to report seeds computed by redex
  -w --warn    warning level:
                   0: no warnings
                   1: count of warnings
                   2: full text of warnings
  -Skey=string  Add a string value to the global config, overwriting the existing value if any
                 Example: -Smy_param_name=foo
  -SSomePassName.key=string
               Add a string value to a pass config, overwriting the existing value if any
                 Example: -SRenameClassesPass.class_rename=/foo/bar/data.txt
  -Jkey=<json value>
               Add a json value to the global config, overwriting the existing value if any.
                 Example: -Smy_param_name={"foo": true}
  -JSomePassName.key=<json value>
               Add a json value to a pass config, overwriting the existing value if any
                 Example: -SRenameClassesPass.class_rename=[1, 2, 3]

 Note: Be careful to properly escape JSON parameters, e.g. strings must be quoted.

I'm not sure exactly where the open source build puts that binary, but you should be able to find it with which redex-all and `find -name 'redex-all'.