Add bundletool version check when adding transparency file #367
+7
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a bundletool compatibility issue when
For example, I build an app bundle with AGP 8.5 (which uses bundletool 1.16.0 implicitly, which I was not aware of because the AGP release notes did not mention it 😢). Then I manually add the code transparency file using bundletool 1.15.0. Then, when I try to upload the bundle to play store, or use bundletool build-apks, there will be an error saying
We have failed to run 'bundletool build-apks' on this Android App Bundle. Please ensure your bundle is valid by running 'bundletool build-apks' locally and try again. Error message output: Verification failed because code was modified after transparency metadata generation. Files deleted after transparency metadata generation: [/com/android/tools/build/bundletool/archive/dex/1_13_0/classes.dex] Files added after transparency metadata generation: [/com/android/tools/build/bundletool/archive/dex/1_16_0/classes.dex] Files modified after transparency metadata generation: []The root cause
bundletool 1.15.0 and 1.16.0 provides different archive dex files. If the bundle is built by a newer bundletool but the code transparency is added by an older bundletool, there will be potential conflict in the transparency file if the final apks is generated by a new bundletool which provides a newer archive dex.
How to fix
Add a checker for bundle versions between the bundle and bundletool when generating the archive dex path to make sure archive dex version is correctly matched with the bundle version. Throw InvalidBundleException if code transparency is added by an older bundletool. We should make sure that the code transparency is always added by a newer bundletool because of the intrinsic version dependency.