Is it possible to make a ZIP that can be flashed onto a device to add a bundle of applications (.apk files) to the /system/app directory such that it can be flashed after the OS (e.g. CyanogenMod) in a similar way to other bundles such as OpenGApps ?
I've seen things like the ZipMe app but I'd really like to do this on Linux where I have the desired apk files in a directory. I'd like to do this by hand if possible to that I can understand the ZIP's contents.
This simplified example is inspired by this xda-developers thread.
It is handy to use adb but you don't need to.
Your packaged ZIP needs to be signed. If you have a Java signing tool, great. If not, then you can consult the Google sources for signapk or download a ready-made signapk.jar from here, or here.
The latter also contains sample signing keys that you can use but you can make your own with OpenSSL:
$ openssl genrsa -out key.pem 1024
$ openssl req -new -key key.pem -out request.pem
$ openssl x509 -req -days 9999 -in request.pem -signkey key.pem -out certificate.pem
$ openssl pkcs8 -topk8 -outform DER -in key.pem -inform PEM -out key.pk8 -nocrypt
The following discussion assumes that you have a signapk directory containing signapk.jar, private key key.pk8 and certificate certificate.pem(which contains the corresponding public key).
Create a working directory (the name is irrelevant):
$ mkdir apkzip
$ cd apkzip
Create the required structure
$ mkdir -p META-INF/com/google/android system/app
The next step is to create a file called updater-script that contains a script written in something called edify. A simple script that serves the requirement is shown below:
# META-INF/com/google/android/updater-script
mount("MTD", "system", "/dev/block/platform/mtk-msdc.0/by-name/system", "/system");
package_extract_dir("system", "/system");
unmount("/system");
The third parameter to mount is the block device path for the system partition. You can (optionally) verify this with:
$ adb shell grep system /proc/mounts
/dev/block/platform/mtk-msdc.0/by-name/system /system ext4 ...
You can embellish the updater-script with comments and progress bars, as illistrated by may examples on the web but it isn't necessary.
You also need to provide the interpreter for the script which is a file called update-binary that you can obtain from whatever rom you're using, such as CyanogenMod or ResurrectionRemix. Find it in the ROM's Zip file at the location META-INF/com/google/android/update-binary and copy it into the working directory tree at a similar location and alongside the updater-script created in the previous step.
Finally copy in the .apk files that you want in your ZIP. They need to go in individual directories like system/app/<app-name>/<apk-file> where <appName> is a directory named after the app (I don't think the name is relevant) and <apk-file> is the .apk file. There should be one .apk file per directory.
Your file hierarchy should now look similar to this:
./META-INF/com/google/android/updater-script
./META-INF/com/google/android/update-binary
./system/app/SomeApp/com.some.app.apk
./system/app/SomeOtherApp/com.some.other.app.apk
Now create the signed ZIP (the -r recurses subdirectories):
$ zip -r /tmp/apps.zip *
$ cd ../signapk
$ java -jar signapk.jar certificate.pem key.pk8 /tmp/apps.zip apps.zip
Push the signed ZIP (the apps.zip created in the current (signapk) directory) to the device, choose a location that your recovery can see:
$ adb push apps.zip /mnt/media_rw/sdcard1/
(You don't have to use adb - you can use another method such as placing the SD card in your computer, etc).
Now reboot to recovery and flash or, in the case of a locked bootloader, use FlashFire or whatever method is prefferred for your device.
You can read more about Edify:
It may be possible to replace update-binary with a shell script. An example of this can be seen in the OpenGApps ZIP files but I have not tried this.
The above works provided that the apps have no native libraries in them. If they do, then they must be be manually extracted from the .apk package (which is itself a ZIP file) /lib directory and placed under /system/vendor/lib in addition to placing the package in /system/app/....
As commented by @DeathMaskSalesman, signing is not required by TWRP, CWM or FlashFire so you can skip the signing steps if you prefer.
I have produced a utility that works on Linux or Android. Get apkzip here.
Q & A