diff --git a/pack-api/src/lib.rs b/pack-api/src/lib.rs index 55b09a5..e8fb7c2 100644 --- a/pack-api/src/lib.rs +++ b/pack-api/src/lib.rs @@ -137,8 +137,8 @@ pub fn compile_apk(package: &Package) -> Result> { /// /// The APK is built and signed in-memory without using the local filesystem. pub fn compile_and_sign_apk(package: &Package, keys: &Keys) -> Result> { - let mut zip_buf = compile_apk(package)?; - pack_sign::sign_apk_buffer(&mut zip_buf, keys) + let zip_buf = compile_apk(package)?; + pack_sign::sign_apk_buffer(&zip_buf, keys) } /// Performs all the steps in packaging an AAB (Android App Bundle). @@ -192,7 +192,7 @@ pub fn compile_and_sign_aab(package: &Package, keys: &Keys) -> Result> { pack_zip::zip_apk(&aab_files, aab_buf_cursor)?; // Sign the AAB with Scheme v2 and v3 (post-zip) - pack_sign::sign_apk_buffer(&mut aab_buf, keys) + pack_sign::sign_apk_buffer(&aab_buf, keys) } fn parse_manifest( diff --git a/pack-sign/src/hasher.rs b/pack-sign/src/hasher.rs index bfe3450..2fa845f 100644 --- a/pack-sign/src/hasher.rs +++ b/pack-sign/src/hasher.rs @@ -26,7 +26,7 @@ pub const FIRST_LEVEL_CHUNK_MAGIC: &[u8] = &[0xa5]; pub const SECOND_LEVEL_CHUNK_MAGIC: &[u8] = &[0x5a]; pub fn compute_top_level_hash( - apk_buf: &mut [u8], + apk_buf: &[u8], offsets: &ZipOffsets, signing_block_length: usize ) -> Result { @@ -44,7 +44,7 @@ pub fn compute_top_level_hash( } fn compute_first_level_hashes( - apk_buf: &mut [u8], + apk_buf: &[u8], offsets: &ZipOffsets, signing_block_length: usize ) -> Result> { @@ -72,7 +72,9 @@ fn compute_first_level_hashes( first_level_hashes.extend(hash_chunk(chunk4)); let new_cd_start = offsets.cd_start + signing_block_length; - let mut cursor = Cursor::new(&mut apk_buf[chunk4_range]); + + let mut chunk4_modified = chunk4.to_vec(); + let mut cursor = Cursor::new(&mut chunk4_modified); cursor.seek(SeekFrom::Start(16))?; cursor.write_all(&(new_cd_start as u32).to_le_bytes())?; diff --git a/pack-sign/src/lib.rs b/pack-sign/src/lib.rs index be0811c..c0d768f 100644 --- a/pack-sign/src/lib.rs +++ b/pack-sign/src/lib.rs @@ -34,7 +34,7 @@ mod zip_rebuilder; // APK Signature Scheme v3 based on https://source.android.com/docs/security/features/apksigning/v3 /// Signs a ZIP file buffer, adding an APK Signature Block before its Central Directory. /// Can be used for both APK and AAB files. -pub fn sign_apk_buffer(apk_buf: &mut [u8], keys: &Keys) -> Result> { +pub fn sign_apk_buffer(apk_buf: &[u8], keys: &Keys) -> Result> { // Dry-run the block to figure out how long it will be given our key let dry_run = compute_signing_block([0; 32], keys)?; let signing_block_size = dry_run.to_bytes()?.len();