[Xamarin.Android.Build.Tasks] fix signing for App Bundles with multi-dex (#4038)

jonathanpeppers · web-flow · commit 7e7f0ba410d9 · 2019-12-16T10:55:10.000-06:00
Fixes: #3993 After 16.4 shipped, we started getting reports that App Bundle signing was broken. Google Play was not accepting the file: You uploaded an APK or Android App Bundle with invalid or missing signing information for some of its files. You need to create a valid signed APK or Android App Bundle. Both @pjcollins and myself tested this, but it worked for us? Finally we discovered the issue only occurred when multi-dex was enabled! I was able to reproduce the issue and do a diff of the file contents of good and bad `.aab` files. These two files were present in the broken App Bundle: +1969-12-31 18:00:00 ..... 1480 716 base\root\META-INF\MSFTSIG.SF +1969-12-31 18:00:00 ..... 8546 5469 base\root\META-INF\MSFTSIG.RSA These definitely look signing related! In c4f032a, I ported some Java code from Android Studio to C# that allowed Kotlin libraries to function. Specifically files such as: META-INF/services/kotlinx.coroutines.internal.MainDispatcherFactory META-INF/services/kotlinx.coroutines.CoroutineExceptionHandler Needed to be present in the APK. This inadvertently added files like `META-INF\MSFTSIG.SF` also! I checked the latest source I was review before from Android Studio: https://android.googlesource.com/platform/tools/base/+/refs/heads/master/build-system/gradle-core/src/main/groovy/com/android/build/gradle/internal/tasks/ExtractJavaResourcesTask.java#199 https://android.googlesource.com/platform/tools/base/+/refs/heads/master/sdk-common/src/main/java/com/android/ide/common/packaging/PackagingUtils.java#24 I see nothing accounting for these files... For now I think we should ignore: * For files under `META-INF` * Ignore `.SF`, `.MF`, and `.RSA` files I updated a test to validate these changes.
diff --git a/src/Xamarin.Android.Build.Tasks/Tests/Xamarin.Android.Build.Tests/Utilities/PackagingUtilsTests.cs b/src/Xamarin.Android.Build.Tasks/Tests/Xamarin.Android.Build.Tests/Utilities/PackagingUtilsTests.cs
@@ -17,9 +17,18 @@ void AssertIsNotValid (string path)
 		}
 
 		[Test]
-		public void JarManifest ()
+		public void SigningFiles ()
 		{
 			AssertIsNotValid ("META-INF/MANIFEST.MF");
+			AssertIsNotValid ("META-INF/MANIFEST.SF");
+			AssertIsNotValid ("META-INF/MSFTSIG.SF");
+			AssertIsNotValid ("META-INF/MSFTSIG.RSA");
+			AssertIsNotValid ("META-INF/GOOG.RSA");
+			AssertIsNotValid ("META-INF\\MANIFEST.MF");
+			AssertIsNotValid ("META-INF\\MANIFEST.SF");
+			AssertIsNotValid ("META-INF\\MSFTSIG.SF");
+			AssertIsNotValid ("META-INF\\MSFTSIG.RSA");
+			AssertIsNotValid ("META-INF\\GOOG.RSA");
 		}
 
 		[Test]
diff --git a/src/Xamarin.Android.Build.Tasks/Utilities/PackagingUtils.cs b/src/Xamarin.Android.Build.Tasks/Utilities/PackagingUtils.cs
@@ -28,11 +28,6 @@ namespace Xamarin.Android.Tasks
 	/// </summary>
 	internal class PackagingUtils
 	{
-		static readonly string [] InvalidEntryPaths = new []{
-			// http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/0fc878b99541/src/share/classes/java/util/jar/JarFile.java#l91
-			"META-INF/MANIFEST.MF",
-		};
-
 		static readonly Regex pathRegex = new Regex (@"\\|\/", RegexOptions.Compiled);
 
 		/// <summary>
@@ -42,9 +37,6 @@ internal class PackagingUtils
 		/// <returns>true if the entry is valid for packaging.</returns>
 		public static bool CheckEntryForPackaging (string entryName)
 		{
-			if (InvalidEntryPaths.Contains (entryName))
-				return false;
-
 			var segments = pathRegex.Split (entryName);
 			for (int i = 0; i < segments.Length - 1; i++) {
 				if (!CheckFolderForPackaging (segments [i])) {
@@ -55,7 +47,9 @@ public static bool CheckEntryForPackaging (string entryName)
 			var fileName = segments [segments.Length - 1];
 			if (string.IsNullOrEmpty (fileName))
 				return false;
-			return CheckFileForPackaging (fileName, Path.GetExtension (fileName));
+			var extension = Path.GetExtension (fileName);
+			return CheckSignatureFile (segments [0], extension) &&
+				CheckFileForPackaging (fileName, extension);
 		}
 
 		/// <summary>
@@ -71,6 +65,20 @@ static bool CheckFolderForPackaging (string folderName)
 				!folderName.StartsWith ("_");
 		}
 
+		/// <summary>
+		/// Checks for signing related files such as META-INF/MANIFEST.MF or META-INF/GOOG.RSA
+		/// </summary>
+		/// <param name="folderName">the name of the folder.</param>
+		/// <param name="extension">the extension of the file (including '.')</param>
+		/// <returns></returns>
+		static bool CheckSignatureFile (string folderName, string extension)
+		{
+			return folderName != "META-INF" ||
+				!EqualsIgnoreCase (".SF", extension) &&
+				!EqualsIgnoreCase (".MF", extension) &&
+				!EqualsIgnoreCase (".RSA", extension);
+		}
+
 		/// <summary>
 		/// Checks a file to make sure it should be packaged as standard resources.
 		/// </summary>

Original file line number	Diff line number	Diff line change
`@@ -17,9 +17,18 @@ void AssertIsNotValid (string path)`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`[Test]`
`20`		`- public void JarManifest ()`
	`20`	`+ public void SigningFiles ()`
`21`	`21`	`{`
`22`	`22`	`AssertIsNotValid ("META-INF/MANIFEST.MF");`
	`23`	`+ AssertIsNotValid ("META-INF/MANIFEST.SF");`
	`24`	`+ AssertIsNotValid ("META-INF/MSFTSIG.SF");`
	`25`	`+ AssertIsNotValid ("META-INF/MSFTSIG.RSA");`
	`26`	`+ AssertIsNotValid ("META-INF/GOOG.RSA");`
	`27`	`+ AssertIsNotValid ("META-INF\\MANIFEST.MF");`
	`28`	`+ AssertIsNotValid ("META-INF\\MANIFEST.SF");`
	`29`	`+ AssertIsNotValid ("META-INF\\MSFTSIG.SF");`
	`30`	`+ AssertIsNotValid ("META-INF\\MSFTSIG.RSA");`
	`31`	`+ AssertIsNotValid ("META-INF\\GOOG.RSA");`
`23`	`32`	`}`
`24`	`33`
`25`	`34`	`[Test]`