NAME

apksigcopier - copy/extract/patch android apk signatures & compare apks

SYNOPSIS

apksigcopier copy [options] signed_apk unsigned_apk output_apk
apksigcopier extract [options] signed_apk output_dir
apksigcopier patch [options] metadata_dir unsigned_apk output_apk
apksigcopier compare [options] first_apk second_apk
apksigcopier --version
apksigcopier --help
apksigcopier [command] --help

DESCRIPTION

A command line tool for copying android APK signatures from a signed APK to an unsigned one (in order to verify reproducible builds). It can also be used to compare two APKs with different signatures.

COMMANDS

copy

Copy (extract & patch) signatures from signed to unsigned APK.

extract

Extract APK signatures from signed APK.

patch

Patch extracted APK signatures onto unsigned APK.

compare

Compare two APKs by copying the signature from the first to a copy of the second and checking if the resulting APK verifies.
This command requires apksigner(1).
NB: copying from an APK v1-signed with signflinger to an APK signed with apksigner works, whereas the reverse fails; see the FAQ in the README.

OPTIONS

copy/extract/patch

--v1-only [no|auto|yes]
Whether to expect only a v1 signature: no means a v2 signature is expected as well, auto means the presence of a v2 signature is detected automatically, and yes means a v2 signature is not expected (and ignored if it does exist). Default: no.
You can also set the environment variable APKSIGCOPIER_V1_ONLY instead.

compare

--unsigned
Accept unsigned second_apk.
--min-sdk-version
Passed to apksigner(1) when verifying.
--verify-cmd
Command (with arguments) used to verify APKs. Default: apksigner verify.

ENVIRONMENT VARIABLES

The following environment variables can be set to 1, yes, or true to override the default behaviour.

APKSIGCOPIER_EXCLUDE_ALL_META

Exclude all metadata files, not just MANIFEST.MF.

APKSIGCOPIER_COPY_EXTRA_BYTES

Copy extra bytes after data (e.g. an existing v2 signature).

APKSIGCOPIER_SKIP_REALIGNMENT

Skip realignment of ZIP entries.

EXAMPLES

extract

$ mkdir meta
$ apksigcopier extract signed.apk meta
$ ls -1 meta
8BEA2A77.RSA
8BEA2A77.SF
APKSigningBlock
APKSigningBlockOffset
MANIFEST.MF

patch

$ apksigcopier patch meta unsigned.apk out.apk

copy

$ apksigcopier copy signed.apk unsigned.apk out.apk

compare

$ apksigcopier compare foo-from-fdroid.apk foo-built-locally.apk
$ apksigcopier compare foo.apk --unsigned foo-unsigned.apk

SEE ALSO

apksigner(1) Copyright © 2023 FC Stegerman. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

AUTHORS

FC Stegerman <[email protected]>.

Recommended readings

Pages related to apksigcopier you should read also:
apksigner(1)

Questions & Answers

Helpful answers and articles about apksigcopier you may found on these sites:
Stack Overflow Server Fault Super User Unix & Linux Ask Ubuntu Network Engineering DevOps Raspberry Pi Webmasters Google Search