Difference between revisions of "Build D for Android"

From D Wiki
Jump to: navigation, search
(Note latest beta)
(Add directions for future and link to tweaked LLVM)
Line 12: Line 12:
 
** A recent version of the NDK, 15c or later, is required.  Older versions like r13b will not work.
 
** A recent version of the NDK, 15c or later, is required.  Older versions like r13b will not work.
 
* The ldc D compiler, version 1.12 or later
 
* The ldc D compiler, version 1.12 or later
** It's best to use [https://github.com/ldc-developers/ldc/releases the official release from github], as it's built against a slightly tweaked LLVM that supports emulated TLS on Android. If using ldc from your distro or elsewhere, make sure it was built against our tweaked LLVM, otherwise it will not compile properly for Android.
+
** It's best to use [https://github.com/ldc-developers/ldc/releases the official release from github], as it's built against [https://github.com/ldc-developers/llvm/releases a slightly tweaked LLVM] that supports emulated TLS on Android. If using ldc from your distro or elsewhere, make sure it was built against our tweaked LLVM, otherwise it will not compile properly for Android.
 
** Note that all the samples below pass the <tt>-mcpu=cortex-a8</tt> flag to ldc when compiling for 32-bit Android/ARM. That is needed because ldc will otherwise choose LLVM's <tt>generic</tt> ARM CPU, which can sometimes break code-generation. You can pick a more recent 32-bit ARM CPU than <tt>cortex-a8</tt> as the baseline, but make sure both the runtime libraries and your code are built with the same baseline CPU.
 
** Note that all the samples below pass the <tt>-mcpu=cortex-a8</tt> flag to ldc when compiling for 32-bit Android/ARM. That is needed because ldc will otherwise choose LLVM's <tt>generic</tt> ARM CPU, which can sometimes break code-generation. You can pick a more recent 32-bit ARM CPU than <tt>cortex-a8</tt> as the baseline, but make sure both the runtime libraries and your code are built with the same baseline CPU.
 
** The final ldc 1.12 release has a bug in the way emulated TLS is accessed by the runtime libraries on 32-bit ARM. Either use the ldc 1.13 beta instead or patch one file and rebuild the runtime libraries for 32-bit Android/ARM, ie do this after running the commands in the Setup section below.
 
** The final ldc 1.12 release has a bug in the way emulated TLS is accessed by the runtime libraries on 32-bit ARM. Either use the ldc 1.13 beta instead or patch one file and rebuild the runtime libraries for 32-bit Android/ARM, ie do this after running the commands in the Setup section below.
Line 528: Line 528:
  
 
The OpenSSL commands to generate a certificate and sign the apk were taken [http://qistoph.blogspot.com/2012/01/manual-verify-pkcs7-signed-data-with.html from this 2012 blog post], you can follow it further to see what the signature consists of and verify it for yourself.  [https://nelenkov.blogspot.com/2013/04/android-code-signing.html This 2013 blog post was critical for me to understand how apk signing works], I used to run all those commands by hand until the <tt>apksigner</tt> package was added to the Termux package repo.
 
The OpenSSL commands to generate a certificate and sign the apk were taken [http://qistoph.blogspot.com/2012/01/manual-verify-pkcs7-signed-data-with.html from this 2012 blog post], you can follow it further to see what the signature consists of and verify it for yourself.  [https://nelenkov.blogspot.com/2013/04/android-code-signing.html This 2013 blog post was critical for me to understand how apk signing works], I used to run all those commands by hand until the <tt>apksigner</tt> package was added to the Termux package repo.
 +
 +
==Directions for future work==
 +
 +
* I'm working on getting rid of the three requirements for emulated TLS, by changing the way it's initialized on Android.
 +
 +
* Integrate the linux shared library support in druntime's <tt>rt.sections_elf_shared</tt>, so that multiple D shared libraries can be used.
 +
 +
* Now that we can write D code for Android, it'll make building easier if ldc cross-compilation is integrated with [https://github.com/dlang/dub the D package manager and build tool, dub].
 +
 +
* Fix [https://github.com/ldc-developers/ldc/issues/2153 the remaining stdlib incompatibilities on 64-bit ARM].
  
 
[[Category: Android]]
 
[[Category: Android]]

Revision as of 10:41, 10 November 2018

These instructions show you how to build D command-line executables and OpenGL ES GUI apps for Android, either by using the desktop D compilers for Windows, Mac, or linux available here or a native Android compiler. There are separate steps for cross-compilation, ie building apps on a Windows/linux PC or Mac and running the app on Android, versus native compilation, both building and running on your Android device itself.

Since you cannot install the Android SDK on Android, I end by showing how to package a GUI Android app, a zip file called an .apk, from scratch, by using the tools available in the Termux app for Android, a terminal emulator app and open-source package manager/repository for Android devices.

Prerequisites

Cross-compilation

  • A command shell on your host PC/Mac, where you'll run the ldc D compiler
    • Either a DOS command prompt or Powershell should work on Windows.
    • Any shell should work on Mac and linux, typical commands for the bash shell are shown.
  • Android native toolchain, the NDK and optionally the SDK
    • The SDK is necessary to package a GUI app; the NDK is enough if you just want to build a command-line binary.
    • A recent version of the NDK, 15c or later, is required. Older versions like r13b will not work.
  • The ldc D compiler, version 1.12 or later
    • It's best to use the official release from github, as it's built against a slightly tweaked LLVM that supports emulated TLS on Android. If using ldc from your distro or elsewhere, make sure it was built against our tweaked LLVM, otherwise it will not compile properly for Android.
    • Note that all the samples below pass the -mcpu=cortex-a8 flag to ldc when compiling for 32-bit Android/ARM. That is needed because ldc will otherwise choose LLVM's generic ARM CPU, which can sometimes break code-generation. You can pick a more recent 32-bit ARM CPU than cortex-a8 as the baseline, but make sure both the runtime libraries and your code are built with the same baseline CPU.
    • The final ldc 1.12 release has a bug in the way emulated TLS is accessed by the runtime libraries on 32-bit ARM. Either use the ldc 1.13 beta instead or patch one file and rebuild the runtime libraries for 32-bit Android/ARM, ie do this after running the commands in the Setup section below.
cd droid32/ldc-src/
curl -L -O https://raw.githubusercontent.com/termux/termux-packages/master/packages/ldc/ldc-druntime-tls.patch

patch -p1 < ldc-druntime-tls.patch
cd ../..

# add the --reset flag to the command for your OS
ldc-build-runtime --targetPreset=Android-arm --dFlags="-w;-mcpu=cortex-a8" --buildDir=droid32 --reset
  • Common build tools
    • CMake and either Make or Ninja are required to build the D runtime libraries for Android. There are instructions below on setting these tools up for Windows, Mac, and linux.
  • Android, whether a device or emulator, to run your D code
    • The SDK comes with an emulator. I use actual hardware, so that's what I'll discuss.
    • If using a device, you need some way to transfer the app over. There are several ways to do this, here are a few I've tried:
  1. Install an ssh server app on your Android device and scp the app over. Alternately, set up an ssh server on your host PC/Mac, and use an ssh/scp client on Android to get the app. This is what I do, by using the OpenSSH package in Termux.
  2. Host the app in a web server and get it by using your Android browser or a downloader app.
  3. Setup the Android Debug Bridge (adb) on your device and use the SDK tools to push your files over.

Native compilation

Setup

Once you're at a command prompt or have the Termux app installed, get the ldc compiler for your OS and the NDK for cross-compilation, set some needed environment variables, and generate the runtime libraries for Android.

Cross-compilation

Windows

Download CMake and the zip files for one of the Android NDKs for Windows, the latest ldc, and either Make or Ninja (the following instructions assume Ninja). You will need 7-Zip to unpack recent ldc releases. Make sure unzip is available to unpack the rest of the build tools, then add them to your path, set the path of the NDK and its C cross-compiler, and run ldc-build-runtime. I show the commands for 64-bit Windows, should be similar for 32-bit, except the Ninja zip only comes with a 64-bit version.

cd droid   # assuming all the zip files have been placed in a folder called droid

unzip cmake-3.11.4-win64-x64.zip
7z x ldc2-1.11.0-windows-x64.7z
unzip android-ndk-r17b-windows-x86_64.zip
unzip ninja-win.zip

set PATH=%PATH%;C:\Users\you\droid\cmake-3.11.4-win64-x64\bin;C:\Users\you\droid\ldc2-1.11.0-windows-x64\bin;C:\Users\you\droid

ldmd2 --version   # run this to check that ldc is in your path

set CC=C:\Users\you\droid\android-ndk-r17b\toolchains\llvm\prebuilt\windows-x86_64\bin\clang

ldc-build-runtime --ninja --targetPreset=Android-arm --dFlags="-w;-mcpu=cortex-a8" --buildDir=droid32

ldc-build-runtime --ninja --targetPreset=Android-aarch64 --buildDir=droid64

set NDK=C:\Users\you\droid\android-ndk-r17b

Mac

Download CMake, the zip file for the Android NDK, the latest ldc, and either Make or Ninja (the following instructions assume Ninja). CMake and Ninja can be installed from a package manager like Homebrew, but I'll show the manual install here. Make sure unzip is available to unpack the NDK and tar for everything else. After unpacking, add these tools to your path, including setting the path of the NDK and its C cross-compiler, and run ldc-build-runtime.

cd droid   # assuming all the zip and tar files have been placed in a folder called droid

tar xf cmake-3.11.4-Darwin-x86_64.tar.gz
tar xf ldc2-1.11.0-osx-x86_64.tar.xz
unzip android-ndk-r17b-darwin-x86_64.zip
unzip ninja-mac.zip

export PATH=$PATH:/Users/you/droid/cmake-3.11.4-Darwin-x86_64/CMake.app/Contents/bin:/Users/you/droid/ldc2-1.11.0-osx-x86_64/bin:/Users/you/droid

ldmd2 --version   # run this to check that ldc is in your path

export CC=/Users/you/droid/android-ndk-r17b/toolchains/llvm/prebuilt/darwin-x86_64/bin/clang

ldc-build-runtime --ninja --targetPreset=Android-arm --dFlags="-w;-mcpu=cortex-a8" --buildDir=droid32

ldc-build-runtime --ninja --targetPreset=Android-aarch64 --buildDir=droid64

export NDK=/Users/you/droid/android-ndk-r17b
export HOST=darwin-x86_64

linux

Install needed packages, including optionally Ninja, as shown here for Ubuntu. You will need tar to unpack ldc and unzip for the NDK. Add ldc to your path and export the path of the NDK and its C cross-compiler, as shown here for bash, and run ldc-build-runtime.

sudo apt-get install cmake curl ninja-build unzip

curl -L -O https://dl.google.com/android/repository/android-ndk-r17b-linux-x86_64.zip

unzip android-ndk-r17b-linux-x86_64.zip

curl -L -O https://github.com/ldc-developers/ldc/releases/download/v1.11.0/ldc2-1.11.0-linux-x86_64.tar.xz

tar xf ldc2-1.11.0-linux-x86_64.tar.xz
export PATH=$PATH:/path/to/your/ldc2-1.11.0-linux-x86_64/bin

ldmd2 --version   # check that ldc is in your path

export CC=/path/to/your/android-ndk-r17b/toolchains/llvm/prebuilt/linux-x86_64/bin/clang

ldc-build-runtime --targetPreset=Android-arm --dFlags="-w;-mcpu=cortex-a8" --buildDir=droid32

ldc-build-runtime --targetPreset=Android-aarch64 --buildDir=droid64

export NDK=/path/to/your/android-ndk-r17b
export HOST=linux-x86_64

Set environment variables

The environment variables vary based on whether you want to target 32-bit or 64-bit ARM.

32-bit ARM

On linux or macOS:

export TRIPLE=armv7-none-linux-androideabi
export DFLAGS="-mtriple=$TRIPLE -mcpu=cortex-a8"
export LIBDIR=droid32

export NDK_ARCH=arch-arm
export NDK_LINKER=arm-linux-androideabi-4.9
export APK_DIR=armeabi-v7a

On Windows:

set TRIPLE=armv7-none-linux-androideabi
set DFLAGS=-mtriple=%TRIPLE% -mcpu=cortex-a8
set LIBDIR=droid32

set NDK_ARCH=arch-arm
set NDK_LINKER=arm-linux-androideabi-4.9
set APK_DIR=armeabi-v7a
64-bit ARM

On linux/macOS:

export TRIPLE=aarch64-none-linux-android
export DFLAGS="-mtriple=$TRIPLE"
export LIBDIR=droid64

export NDK_ARCH=arch-arm64
export NDK_LINKER=aarch64-linux-android-4.9
export APK_DIR=arm64-v8a

On Windows:

set TRIPLE=aarch64-none-linux-android
set DFLAGS=-mtriple=%TRIPLE%
set LIBDIR=droid64

set NDK_ARCH=arch-arm64
set NDK_LINKER=aarch64-linux-android-4.9
set APK_DIR=arm64-v8a
Set path to runtime

Finally, set the path to the runtime libraries you just built:

# On linux
export RTDIR=/path/to/your/$LIBDIR

# On Mac
export RTDIR=/Users/you/droid/$LIBDIR

# On Windows
set RTDIR=C:\Users\you\droid\%LIBDIR%

Native compilation

Just install ldc from the Termux app, which will automatically pull in the clang compiler and a linker, as ldc tries to use the local C compiler for linking.

apt install ldc

These instructions show you how to compile a GUI app for your device, but you'll need to know whether you're running 32-bit or 64-bit ARM. Run

uname -m

in Termux and if it says aarch64, you're running 64-bit ARM. armv7l means you're running 32-bit ARM.

Note that you should pass the -mcpu=cortex-a8 flag to ldc when compiling for 32-bit Android/ARM, even though the few samples below don't require it. See the explanation above in the Cross-compilation section for more details.

Set the APK_DIR environment variable to the right platform for your device:

32-bit ARM

export APK_DIR=armeabi-v7a

64-bit ARM

export APK_DIR=arm64-v8a

Build a command-line executable

Now that we have a D compiler and runtime libraries for Android, let's try building a small program, the classic Sieve of Eratosthenes single-core benchmark, which finds all prime numbers up to a number you choose. Install the curl package in Termux if you're natively compiling, apt install curl.

# Load this link in your browser and download the file otherwise 
curl -L -O
https://raw.githubusercontent.com/dlang/dmd/master/samples/sieve.d

# On linux/macOS
ldmd2 -L-L$RTDIR/lib -Xcc=--sysroot=$NDK/platforms/android-21/$NDK_ARCH
-Xcc=-fuse-ld=bfd -Xcc=-gcc-toolchain
-Xcc=$NDK/toolchains/$NDK_LINKER/prebuilt/$HOST
-Xcc=-target -Xcc=$TRIPLE -Xcc=-fpie -Xcc=-pie sieve.d

# On 64-bit Windows
ldmd2 -L-L%RTDIR%\lib -Xcc=--sysroot=%NDK%\platforms\android-21\%NDK_ARCH%
-Xcc=-fuse-ld=bfd.exe -Xcc=-gcc-toolchain
-Xcc=%NDK%\toolchains\%NDK_LINKER%\prebuilt\windows-x86_64
-Xcc=-target -Xcc=%TRIPLE% -Xcc=-fpie -Xcc=-pie sieve.d

# Natively compiling in the Termux app for Android
ldmd2 sieve.d

Cross-compilation

Copy this sieve program onto an Android device or emulator and set its permissions with the chmod command. Here's how I do it in Termux, with an ssh server running on the host PC/Mac with IP address 192.168.1.37:

apt install openssh
cd
scp jo@192.168.1.37:sieve .
chmod 700 sieve

Run the sieve program

The sieve program will tell you how many prime numbers there are in the first n integers, a limit you can specify. Run this command to find how many primes there are in the first million integers:

./sieve 1000000

If you built sieve successfully, it should return

78498 primes

Build a sample OpenGL ES 1.0 GUI app ported to D

Clone my android repository or download its source in a zip file, which contains several headers and sample OpenGL apps from the NDK translated to D, and build the Native Activity app, which is written completely in D. As you'll see below, D code for an apk must be compiled to a shared library, which the Android runtime will call.

On linux or the Termux app, you can just clone my git repo (the same can be done on Mac and Windows if you install git first):

sudo apt-get install git # In Termux, apt install git

git clone https://github.com/joakim-noah/android.git

cd android/

Otherwise, simply get and unpack the zip file:

curl -L -O https://github.com/joakim-noah/android/archive/build.zip

unzip build.zip
cd android-build/

After getting the source, go to the sample app, compile the D source, then link the objects into a shared library and place it in the right directory for your platform.

cd samples/native-activity/

ldmd2 -I../../ -c jni/main.d

ldmd2 -I../../ -c ../../android/sensor.d

ldmd2 -I../../ -c ../../android_native_app_glue.d

mkdir -p libs/$APK_DIR/   # On Windows, mkdir libs\%APK_DIR%

# On linux/macOS
$CC -Wl,-soname,libnative-activity.so -shared --sysroot=$NDK/platforms/android-21/$NDK_ARCH
main.o sensor.o android_native_app_glue.o $RTDIR/lib/libphobos2-ldc.a
$RTDIR/lib/libdruntime-ldc.a -gcc-toolchain
$NDK/toolchains/$NDK_LINKER/prebuilt/$HOST -fuse-ld=bfd -target $TRIPLE -llog -landroid -lEGL -lGLESv1_CM
-o libs/$APK_DIR/libnative-activity.so

# On 64-bit Windows
%CC% -Wl,-soname,libnative-activity.so -shared --sysroot=%NDK%\platforms\android-21\%NDK_ARCH%
main.o sensor.o android_native_app_glue.o %RTDIR%\lib\libphobos2-ldc.a
%RTDIR%\lib\libdruntime-ldc.a -gcc-toolchain
%NDK%\toolchains\%NDK_LINKER%\prebuilt\windows-x86_64 -fuse-ld=bfd.exe -target
%TRIPLE% -llog -landroid -lEGL -lGLESv1_CM
-o libs\%APK_DIR%\libnative-activity.so

# In Termux
mkdir -p lib/$APK_DIR/

$PREFIX/bin/clang -Wl,-soname,libnative-activity.so -shared main.o sensor.o
android_native_app_glue.o $PREFIX/lib/libphobos2-ldc.a $PREFIX/lib/libdruntime-ldc.a
-llog -landroid -lEGL -lGLESv1_CM -o lib/$APK_DIR/libnative-activity.so

Cross-compilation

Finally, package the app as the SDK directs: at this point, it's just like building a regular Android app. I document the older Ant approach, which is deprecated, replace it with the Gradle command from a newer SDK. With Ant on Mac or linux, set the path to your SDK, then run these commands:

export SDK=/path/to/your/android-sdk
$SDK/tools/android update project -p . -s --target 1
ant debug

Transfer the resulting bin/NativeActivity-debug.apk to your Android device, again shown here by using scp from the Termux app.

scp jo@192.168.1.37:android/samples/native-activity/bin/NativeActivity-debug.apk /sdcard/Download/

Native compilation

Follow the instructions below to package this native shared library into an Android apk.

Install and run the sample GUI app

Go to Settings->Security on your Android device and allow installation of apps from unknown sources, ie from outside the Play Store, then go to /sdcard/Download in your file manager and choose the NativeActivity-debug apk to install it. Open the app after installing or go to your app folder and run the app named NativeActivity: it'll show a black screen initially, then flash a bunch of colors when the screen is touched.

Build a sample OpenGL ES 2.0 GUI app mostly written in D, with some Java

This D app has not been ported to 64-bit Android/ARM yet, only 32-bit ARM compilation will work for now.

The app comes with a simple build script, which will build the D shared library for you, as long as the environment variables are set.

cd samples/Teapot/

# On linux/macOS
./build-apk

# On 64-bit Windows
call build-apk.bat

Here are the contents of that script, so you can see what it's doing. The Windows version, build-apk.bat, and the linux/macOS version, build-apk, only differ on the final link command, which I've pasted below.

ldmd2 -I../../ -c ../../ndk_helper/GLContext.d
ldmd2 -I../../ -c ../../ndk_helper/JNIHelper.d
ldmd2 -I../../ -c ../../ndk_helper/gestureDetector.d
ldmd2 -I../../ -c ../../ndk_helper/perfMonitor.d
ldmd2 -I../../ -c ../../ndk_helper/shader.d
ldmd2 -I../../ -c ../../ndk_helper/tapCamera.d

ldmd2 -I../../ -Ijni/ -Jjni/ -c jni/TeapotNativeActivity.d
ldmd2 -I../../ -Jjni/ -c jni/TeapotRenderer.d
ldmd2 -I../../ -c ../../android/sensor.d

ldmd2 -I../../ -c ../../android_native_app_glue.d

mkdir -p libs/$APK_DIR/   # On Windows, mkdir libs\%APK_DIR%

# Link command on linux/macOS
$CC -Wl,-soname,libTeapotNativeActivity.so -shared
--sysroot=$NDK/platforms/android-21/$NDK_ARCH TeapotNativeActivity.o sensor.o
TeapotRenderer.o android_native_app_glue.o GLContext.o JNIHelper.o
gestureDetector.o perfMonitor.o shader.o tapCamera.o
$RTDIR/lib/libphobos2-ldc.a $RTDIR/lib/libdruntime-ldc.a -gcc-toolchain
$NDK/toolchains/$NDK_LINKER/prebuilt/$HOST -fuse-ld=bfd
-target $TRIPLE -llog -landroid -lEGL -lGLESv2
-o libs/$APK_DIR/libTeapotNativeActivity.so

# Link command on 64-bit Windows
%CC% -Wl,-soname,libTeapotNativeActivity.so -shared
--sysroot=%NDK%\platforms\android-21\%NDK_ARCH% TeapotNativeActivity.o sensor.o
TeapotRenderer.o android_native_app_glue.o GLContext.o JNIHelper.o
gestureDetector.o perfMonitor.o shader.o tapCamera.o
%RTDIR%\lib\libphobos2-ldc.a %RTDIR%\lib\libdruntime-ldc.a -gcc-toolchain
%NDK%\toolchains\%NDK_LINKER%\prebuilt\windows-x86_64 -fuse-ld=bfd.exe
-target %TRIPLE% -llog -landroid -lEGL -lGLESv2
-o libs/%APK_DIR%/libTeapotNativeActivity.so

mkdir -p lib/$APK_DIR/

# Link command in Termux
clang -Wl,-soname,libTeapotNativeActivity.so -shared
TeapotNativeActivity.o sensor.o TeapotRenderer.o
android_native_app_glue.o GLContext.o JNIHelper.o
gestureDetector.o perfMonitor.o shader.o
tapCamera.o $PREFIX/lib/libphobos2-ldc.a
$PREFIX/lib/libdruntime-ldc.a -llog -landroid
-lEGL -lGLESv2 -o lib/$APK_DIR/libTeapotNativeActivity.so

Cross-compilation

Package this shared library into an apk by using the SDK, as you would normally, and try installing and running it on your device.

Native compilation

Install the right Eclipse Java compiler package for your device (the ecj4.6 package if you're running Android 5 or 6), the Android dex tool, and other packages needed to build an Android apk. Generate any Java files needed, compile and dex them, then package everything up into an apk and sign it.

apt install ecj dx aapt apksigner

aapt package  -M ./AndroidManifest.xml -I $PREFIX/share/java/android-21.jar -J src/ -S res -m

ecj-21 -d ./obj -sourcepath src $(find src -type f -name "*.java")

dx --dex --output=./classes.dex ./obj/

aapt package  -M ./AndroidManifest.xml -S res -A assets -F teapot.apk

aapt add teapot.apk classes.dex lib/$APK_DIR/libTeapotNativeActivity.so

apksigner debug.ks teapot.apk teapot-signed.apk

Finally, move teapot-signed.apk into a public directory, from which you can install and run it.

Changes for Android

Now that you've seen some examples, here's a description of changes to D that have been made for Android.

The Android environment doesn't support native Thread-Local Storage (TLS), which is integral to D, since all static and global variables not explicitly marked shared/__gshared/immutable are thread-local by default in D. The Android D runtime supports emulated TLS instead, but this requires some changes to the build process:

  1. You must use the ld.bfd linker- see the use of -fuse-ld=bfd above- ld.gold won't do.
  2. You must have a D main function, even for a shared library. An empty D main can be put next to android_main, if you're using the default Android wrapper from my D android repo.
  3. The ELF object with the D main function must be passed to the linker first.

All the examples above follow these rules, which are in place to make sure emulated TLS data is properly passed to the D garbage-collector.

If building a shared library and not a D command-line executable, you must also initialize and exit the D runtime by calling rt_init() and rt_term() before and after all D code is run, as has been done in the default Android wrapper (rt_init/rt_term are automatically inserted and run for a D executable). Running multiple D shared libraries is currently unsupported on Android, only a single D shared library that statically links against the D runtime will work.

Package an Android app from scratch on your Android device

Install aapt, the Android Asset Packaging Tool, and apksigner, a tool to create a hashed manifest and sign your apps.

apt install aapt apksigner

I'll demonstrate with the NativeActivity app built above.

cd samples/native-activity/
aapt package -M AndroidManifest.xml -S res -F NativeActivity-debug-unsigned.apk
aapt add NativeActivity-debug-unsigned.apk lib/$APK_DIR/libnative-activity.so

This simple app only requires three files, AndroidManifest.xml, resources.arsc, and lib/$APK_DIR/libnative-activity.so, which you can check with the following aapt command.

aapt list NativeActivity-debug-unsigned.apk

Now let's generate a hashed manifest, just like a Java jar file, and sign the app. If you have your own Java Keystore already, just supply it to apksigner. If not, apksigner will generate a self-signed Keystore file, which we name debug.ks below, which is good enough to sign and install debug apps on your own Android device.

apksigner debug.ks NativeActivity-debug-unsigned.apk NativeActivity-debug.apk

You should see three additional files in the apk, if you list its contents using the command above. At this point, you can install and run the signed app on your own device. If you modify the app, you'll need to build the manifest and sign it again: make sure you use the debug.ks you created before or Android won't allow you to reinstall the same app with a newly generated key, unless you first uninstall the app.

Sign your app using a certificate and OpenSSL

Unfortunately, apksigner only supports Java Keystore files for signing right now and I don't know how to build one from scratch, so if you don't have a keystore and want to release your app to an app store, you'll have to use OpenSSL to sign the app.

For a valid certificate for the final release, there's plenty of information online on how to generate one. I'll just show how to create a self-signed certificate for debugging purposes.

First, install the OpenSSL package in Termux. Then, this OpenSSL command will generate a self-signed debug certificate, apk.cert, and a 2048-bit RSA private key, key.pem, which isn't encrypted with a password. It will ask you for some signing info, for which I've shown what's used by the debug certificate in the Android SDK, but it doesn't matter what you enter, as it's ignored:

apt install openssl-tool

openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out apk.cert

....................................+++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Android
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:Android Debug
Email Address []:

Now that we have a certificate- self-signed in this case, use your actual release certificate if you want to release the app- and private key, we use them to sign the app. Since the apk is just a zip file, unzip it into a directory and use OpenSSL to generate a new signature file, CERT.RSA, then update the apk with the new signature, and copy the apk to a public user directory from which you can install it:

mkdir unpack
cd unpack/
unzip ../NativeActivity-debug.apk

cd META-INF/
openssl smime -sign -md sha1 -binary -noattr -in CERT.SF -out CERT.RSA -outform der -inkey ../../key.pem -signer ../../apk.cert

cd ..
aapt remove ../NativeActivity-debug.apk META-INF/CERT.RSA
aapt add ../NativeActivity-debug.apk META-INF/CERT.RSA

cd ..
cp NativeActivity-debug.apk /sdcard/Download/

The OpenSSL commands to generate a certificate and sign the apk were taken from this 2012 blog post, you can follow it further to see what the signature consists of and verify it for yourself. This 2013 blog post was critical for me to understand how apk signing works, I used to run all those commands by hand until the apksigner package was added to the Termux package repo.

Directions for future work

  • I'm working on getting rid of the three requirements for emulated TLS, by changing the way it's initialized on Android.
  • Integrate the linux shared library support in druntime's rt.sections_elf_shared, so that multiple D shared libraries can be used.