Unnecessary external com.android:apksigner dependency

[rob-X1]

pom.xml contains the system dependency

        <dependency>
            <groupId>com.android</groupId>
            <artifactId>apksigner</artifactId>
            <version>1.0</version>
            <scope>system</scope>
            <systemPath>${project.basedir}/src/main/resources/lib/apksigner_33_0_2.jar</systemPath>
        </dependency>

which makes building uber-apk-signer unnecessary complicated. Google releases the library version of apksigner in it's maven repository: https://mvnrepository.com/artifact/com.android.tools.build/apksig?repo=google

So you only have to add

    <repositories>
        <repository>
            <id>Google</id>
            <name>Google</name>
            <url>https://maven.google.com/</url>
        </repository>
    </repositories>

and then use the dependency

<dependency>
    <groupId>com.android.tools.build</groupId>
    <artifactId>apksig</artifactId>
    <version>8.0.2</version>
</dependency>

You can then directly com.android.apksig.ApkSigner and com.android.apksig.ApkVerifier within your code.

[patrickfav]

Good point, didnt know that, thank you!

Will change it to an non-system depdency!

[patrickfav]

So, currently Im using the com.android.apksigner.ApkSignerTool as interface with the signer, which is basically using it as CLI. The dependency only has the internal signer code, without the CLI interface, so I need to refactor the code a bit (thecom.android.apksig.ApkSigner interface is not super trivial)

[rob-X1]

You can use the original ApkSigner source code to see what parameter causes what code to be executed: https://android.googlesource.com/platform/tools/apksig/+/refs/heads/main/src/apksigner/java/com/android/apksigner/ApkSignerTool.java