CN114462101A

CN114462101A - Processing system, method and device for application apk packet

Info

Publication number: CN114462101A
Application number: CN202210110433.7A
Authority: CN
Inventors: 李小峰; 李涛
Original assignee: Qilin Hesheng Network Technology Inc
Current assignee: Qilin Hesheng Network Technology Inc
Priority date: 2022-01-29
Filing date: 2022-01-29
Publication date: 2022-05-10

Abstract

The application discloses a processing system, a method and a device of an application apk packet, wherein the processing system comprises a key system, a main packet generating system and a packaging system, wherein: the key system and the main package generation system are deployed locally, the packaging system is deployed at a cloud end, and the packaging system comprises a plurality of packaging subsystems; the key system is used for generating a first key and a second key; the main package generating system is used for generating an apk package of a target application according to the first secret key; and the packaging system is used for re-signing the apk package according to the second key and distributing the channel package obtained after re-signing to at least one channel. The embodiment of the application can avoid instability caused by a single machine architecture, can improve the re-signing and distribution efficiency of the apk package, and can effectively improve the distribution capability of the channel package without the limitation of intranet storage resources and outlet bandwidth.

Description

Processing system, method and device for application apk packet

Technical Field

The present application relates to the field of application technologies, and in particular, to a system, a method, and an apparatus for processing an app package.

Background

In some application scenarios, the application may be promoted to the user through one or more internet channels for the user to download and install the application. Generally, when an application is promoted through an internet channel, an apk of the application can be re-signed to obtain a re-signed channel package, and then the channel package is distributed to a corresponding internet channel for downloading by a user.

However, in the current related art, the channel package is constructed and distributed based on a stand-alone architecture of the intranet, the stand-alone architecture is unstable, and the storage resource and the egress bandwidth of the intranet are both limited, which results in low efficiency of constructing and distributing the channel package.

Disclosure of Invention

The embodiment of the application provides a processing system, a method and a device of an apk package, which are used for solving the problem of low construction and distribution efficiency of the existing channel package.

In order to solve the above technical problem, the embodiment of the present application is implemented as follows:

in a first aspect, a processing system for applying an apk packet is provided, including a key system, a main packet generating system, and a packing system, where:

the key system and the main package generation system are deployed locally, the packaging system is deployed at a cloud end, and the packaging system comprises a plurality of packaging subsystems;

the key system is used for generating a first key and a second key;

the main package generating system is used for generating an apk package of a target application according to the first secret key;

and the packaging system is used for re-signing the apk package according to the second key and distributing the channel package obtained after re-signing to at least one channel.

In a second aspect, a method for processing an application apk packet is provided, including:

receiving a packaging request, wherein the packaging request comprises a channel number list and product information of an apk packet, the channel number list comprises a channel number corresponding to at least one channel, and the product information comprises a packet name and version information of the apk packet;

acquiring a second key, wherein the second key is generated by a key system deployed in the local;

acquiring the apk packet according to the product information of the apk packet, wherein the apk packet is generated by a local main packet generation system according to a first secret key generated by the secret key system;

and according to the channel number list and the second secret key, re-signing the apk package, and distributing the re-signed channel package to at least one channel.

In a third aspect, a processing apparatus for applying an apk packet is provided, including:

the system comprises a receiving module, a packing module and a display module, wherein the receiving module is used for receiving a packing request, the packing request comprises a channel number list and product information of an apk packet, the channel number list comprises a channel number corresponding to at least one channel, and the product information comprises a packet name and version information of the apk packet;

the first acquisition module is used for acquiring a second key, and the second key is generated by a key system deployed in the local;

the second acquisition module is used for acquiring the apk packet according to the product information of the apk packet, wherein the apk packet is generated by a local main packet generation system according to a first secret key, and the first secret key is generated by the secret key system;

and the re-signing and distributing module is used for re-signing the apk package according to the channel number list and the second key and distributing the re-signed channel package to at least one channel.

In a fourth aspect, an electronic device is provided, which includes:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

In a fifth aspect, a computer-readable storage medium is presented, the computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the method of:

The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:

the key system can automatically generate a first key and a second key required in the channel package construction process (including generation of the apk package and re-signing of the apk package), so that the key generation efficiency can be improved, and the channel package construction efficiency is further improved; because the key system and the main package generation system are both deployed locally, the security of the key and the security of the apk package generation process can be ensured; in addition, the packaging system is deployed at the cloud end, and channel packages obtained after the re-signing are distributed to at least one channel at the cloud end, so that the distribution of the channel packages can be free from the limitation of intranet storage resources and outlet bandwidth, and the distribution capability of the channel packages is effectively improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the description below are only some embodiments described in the present application, and for those skilled in the art, other drawings may be obtained according to these drawings without creative efforts.

FIG. 1 is a diagram of a prior art processing system that employs apk packets;

FIG. 2 is a block diagram of a processing system that employs an apk package according to one embodiment of the present application;

FIG. 3 is a flow diagram illustrating a method for processing an apk packet according to an embodiment of the present application;

FIG. 4 is a flow diagram illustrating a method for processing an apk packet according to an embodiment of the present application;

FIG. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a processing device that applies an apk packet according to an embodiment of the present application.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

At present, when a certain application is popularized, the application can be popularized and released in an official website of an application developer, and in addition, in some application scenes, the application and the popularization can also be carried out through internet channels, for example, the application and the popularization are carried out through channels such as headlines, express posts, advertising unions and the like.

When the application and popularization are carried out through the internet channel, the apps can be re-signed to obtain a re-signed channel package, and then the channel package is distributed to the corresponding internet channel. However, in the current related art, the channel package is constructed and distributed based on a stand-alone architecture of the intranet, the stand-alone architecture is unstable, and the storage resource and the egress bandwidth of the intranet are both limited, which results in low efficiency of constructing and distributing the channel package.

As shown in fig. 1, fig. 1 is a schematic diagram of a processing system applying an apk packet in the prior art. The processing system in fig. 1 (i.e., the packaging system shown in fig. 1) is a stand-alone architecture (or single-point architecture), and core infrastructure supports such as a local disk, an apk signing key, and a database for re-signing and distributing an application apk package are all deployed in a single server. As can be seen from fig. 1, a small fault in an existing processing system may cause unavailability of service of the entire system, a situation that core key resources, related product apk packages, and channel package resources constructed by re-signing all depend heavily on host disk storage resources exists, distribution of channel packages is limited by an egress network bandwidth of an intranet and a bandwidth preemption capability, and a distribution capability is reduced in a case that there is a lot of data in a channel package. In addition, the keys used by the processing system shown in fig. 1 in constructing the channel package all need to be generated manually, which results in low key generation efficiency and further low channel package construction efficiency.

In order to solve the above technical problem, an embodiment of the present application provides a processing system for applying an apk packet, where the processing system includes a key system, a main packet generation system, and a packaging system, where: the key system and the main package generation system are deployed locally, the packaging system is deployed at a cloud end, and the packaging system comprises a plurality of packaging subsystems; the key system is used for generating a first key and a second key; the main package generating system is used for generating an apk package of a target application according to the first secret key; and the packaging system is used for re-signing the apk package according to the second key and distributing the channel package obtained after re-signing to at least one channel. In addition, the embodiment of the application also provides a processing method and device of the application apk packet based on the processing system.

In the technical scheme provided by the embodiment of the application, the key system can automatically generate the first key and the second key required in the channel package construction process (including the generation of the apk package and the re-signing of the apk package), so that the key generation efficiency can be improved, and the channel package construction efficiency can be further improved; because the key system and the main package generation system are both deployed locally, the security of the key and the security of the apk package generation process can be ensured; in addition, the packaging system is deployed at the cloud end, and channel packages obtained after the re-signing are distributed to at least one channel at the cloud end, so that the distribution of the channel packages can be free from the limitation of intranet storage resources and outlet bandwidth, and the distribution capability of the channel packages is effectively improved.

It should be noted that the application scenario in the embodiment of the present application may be a scenario in which, when an application is updated, an updated apk package is re-signed and then distributed to at least one internet channel, or a scenario in which, when a new application is released, an apk package of the newly released application is re-signed and then distributed to at least one internet channel. Of course, the scenario may also be a scenario in which an apk package of a specific version of an application is re-signed and then distributed to at least one internet channel, which is not specifically limited herein. The internet channel may be referred to as a channel for short, and may be a channel such as a headline, a express, an advertising union, or another internet channel, which is not limited specifically herein.

The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.

FIG. 2 is a block diagram of a processing system that employs an apk packet according to an embodiment of the present application.

The processing system shown in fig. 2 includes a key system 21, a main package generation system 22, and a packaging system 23. The packaging system 23, the key system 21 and the master package generating system 22 are deployed at different locations, specifically, both the key system 21 and the master package generating system 22 may be deployed locally, which may be a company intranet of an application developer, and the packaging system 23 may be deployed in a cloud. As can be seen from fig. 2, the processing system of the application apk package provided in the embodiment of the present application is a cloud cluster architecture.

In this embodiment, the key system 21 may be configured to generate a first key and a second key, where the first key may be used to generate an apk packet, and the second key may be used to re-sign the apk packet. The master package generation system 22 may be configured to generate an apk package for the target application based on the first key generated by the key system 21. The packaging system 23 may be configured to re-sign the apk package of the target application according to the second key generated by the key system 21, and distribute the re-signed channel package to at least one channel. The packaging system 23 may include a plurality of packaging subsystems (fig. 2 only illustrates 4 packaging subsystems as an example), and the plurality of packaging subsystems may perform re-signing and distribution on the apk packet of the target application in a load balancing manner, so that the concurrency capability of the packaging system may be improved, and the packaging efficiency is further improved.

Because the key system can automatically generate the first key and the second key required in the channel package construction process (including the generation of the apk package and the re-signing of the apk package), the key generation efficiency can be improved, and the channel package construction efficiency is further improved; because the key system and the main package generation system are both deployed locally, the security of the key and the security of the apk package generation process can be ensured; in addition, the packaging system is deployed at the cloud end, and channel packages obtained after the re-signing are distributed to at least one channel at the cloud end, so that the distribution of the channel packages can be free from the limitation of intranet storage resources and outlet bandwidth, and the distribution capability of the channel packages is effectively improved.

In one implementation, the key system 21 shown in fig. 2 may provide a service interface through which the key system may access an Office Automation (OA) system, the OA system may provide product core basic information of a target application, and the OA system may trigger the key system 21 to generate a first key and a second key. The core basic information of the product of the target application may be function information, version information, etc. of the target application.

In the case that the key system accesses the OA system, the key system, when generating the first key and the second key, may include:

generating a second key according to the product core basic information of the target application;

the second key is subjected to a predetermined encryption process to generate a first key.

The second key and the first key may be in the form of files, for example, the second key may be jks files and the first key may be a P12 file. Optionally, after the first key and the second key are generated, the first key and the second key may be written into corresponding data tables for storage, so that the subsequent data may be provided to the master packet generation system and the packaging system for use. In addition, after the first key and the second key are written into the data table, the data in the data table can be checked and verified to ensure that the flow is correct, and then the data can be returned to the response which is correctly processed by the OA system.

It should be noted that, in the related art, the generation of the first key and the second key requires manual intervention, for example, manual key construction, manual key synchronization to the server, and the like. In the embodiment of the present application, by analyzing each link of the existing key generation process, including analysis of related tools and scripts, analysis of a dependency relationship between related files, and the like, systematic equivalent replacement can be performed on a part that needs manual intervention in the key generation process, so that the key system provided in the embodiment of the present application can be obtained, and the key system can automatically generate the first key and the second key. Specifically, a service interface can be added in the key system, the key system is accessed to the OA system through the service interface, and the OA system triggers the key system to automatically construct the first key and the second key, so that the generation efficiency of the keys can be improved, and the construction efficiency of the channel package can be further improved.

Optionally, the key system may further support visual operation management, so as to trace back the whole key generation process and improve the operable capability of the core data and the process. Specifically, the key system may support presentation of data information including jks file (i.e., second key) information and P12 file (i.e., first key), and if a problem is found in a certain link of the key generation process, update or reconstruction of the corresponding key jks file and P12 file may be directly completed in the key system.

In one implementation, the key system may further encapsulate the first key in the form of a first key service interface, encapsulate the second key in the form of a second key service interface, and externally provide the first key service interface and the second key service interface. The first key service interface may be used by the main packet generation system to obtain the first key and then generate the apk packet of the target application, and the second key service interface may be used by the packaging system to obtain the second key and then re-sign the apk packet.

In the case that the key system provides the first key service interface and the second key service interface, the key system may further maintain an IP white list, so that when the key system receives the key request, the IP white list may be invoked to filter the key request, thereby protecting the security of the first key and the second key and preventing the first key and the second key from being illegally acquired.

Specifically, when receiving a key request for a first key from a main packet generation system, the key system may determine whether a predetermined white list includes an IP address corresponding to the key request, and if so, return the first key requested by the key request, otherwise, leave the key request unresponsive. Similarly, when receiving a key request for the second key from the packaging system, the key system may determine whether the predetermined white list includes an IP address corresponding to the key request, if so, return the second key requested by the key request, and if not, not respond to the key request.

Optionally, in order to further ensure the security of the key, when the key system returns the first key/second key to the master packet generation system/packaging system, the key system may also return in the form of HTTPS to ensure the security of the key during the transmission of the first key/second key.

The key system provided by the embodiment of the application has high expandability, improves the low-efficiency operation mode of the conventional key process, and provides fundamental guarantee for the safety and reliability of the key; by accessing the OA system, unnecessary manual intervention can be avoided; the supported visual operation capacity can help to improve the research and development operation efficiency of enterprises; a list trust mechanism is established, and key data service of a core is provided in an HTTPS mode, so that the safety can be further improved.

In an implementation manner, when the main package generation system generates the apk package of the target application according to the first key, the main package generation system may first obtain the first key corresponding to the target application from the key system, and then encrypt the apk package that the target application needs to issue or the updated apk package by using the first key, so as to generate the apk package. Optionally, when the first key is obtained from the key system, the first key may be obtained through a first key service interface provided by the key system. Specifically, a key request may be sent to the key system through the interface, and the key system returns the corresponding first key to the main packet generation system when determining that the IP address corresponding to the key request is the IP address of the white list.

After the apk packet is generated by the main packet generation system, the apk packet can be synchronized into the private cloud storage of the cloud. The private cloud storage is set by a developer of the target application at the cloud end, and when the apk packet is synchronized to the private cloud storage at the cloud end, the apk packet can be synchronized by calling a packaging service interface. In addition, various old versions corresponding to the apk packet can be stored in the private cloud storage, so that the old versions can be acquired from the private cloud storage when the old versions are required to be used in the following process.

After synchronizing the apk packet to the private cloud storage in the cloud, the main packet generation system may further generate a data table, where the data table may record a packet name of the apk packet, version information of the apk packet, and a storage path of the apk packet in the private cloud storage, and optionally, may also record information such as a size of the apk packet, storage time of the apk packet, update or release time, and the like.

After generating the data table, the primary package generation system may synchronize the data table into the packaging system. The package name, the version information, and the storage path in the data table may be used for obtaining the apk package from the private cloud storage when the packaging system performs re-signing on the apk package, and specifically refer to the following description of the packaging system, which is not described in detail herein. It should be noted that, a plurality of packaging subsystems in the packaging system can independently access the private cloud storage in which the apk package is stored, so that the apk package can be shared among the plurality of packaging subsystems. Therefore, the apk packet is provided for any packaging subsystem in the packaging system to be used in a private cloud storage mode, the problems of dependence and limitation of single-node storage resources in the existing single-machine architecture are completely decoupled, and core resources have sharing capacity.

In one implementation, when the packaging system re-signs the apk packet according to the second key, the specific implementation manner is as follows:

receiving a packaging request including a channel number list and product information of an apk package

Acquiring an apk packet according to the product information in the packaging request;

acquiring a second key from the key system;

and re-signing the apk packet according to the channel number list and the second secret key.

The packaging request may be triggered by a developer or operator. Specifically, when the apk package of the target application needs to be re-signed and distributed to at least one channel, the developer may send a packaging request to the packaging system. The packaging request comprises a channel number list and product information of an apk package of the target application, the channel number list can comprise at least one channel number corresponding to at least one channel, the channel and the channel number can be in one-to-one correspondence, and different channel numbers are used for distinguishing that the product information of different channel apk packages comprises package names and version information of the apk packages to be distributed.

After receiving the packaging request, the packaging system can acquire the apk package according to the product information in the packaging request, acquire the second secret key from the secret key system, and then re-sign the acquired apk package according to the channel number list in the packaging request and the acquired second secret key. It should be noted that the packaging system includes a plurality of packaging subsystems, and after receiving a packaging request, the packaging system may also deliver the packaging request to a certain packaging subsystem for processing through a load balancing mechanism, that is, the packaging subsystem completes acquisition of the apk packet and the second key, and re-signing and distribution of the apk packet.

When the packaging system acquires the apk packet according to the product information in the packaging request, a storage path corresponding to the product information can be searched from the data table, and then the apk packet under the storage path is acquired from the private cloud storage of the cloud according to the searched storage path. Specifically, the data table may be a data table synchronized to the packaging system by the main package generation system after generating the apk package, a package name, version information, and a storage path of the apk package are stored in the data table, and the storage path is a storage path of the apk package in the private cloud storage when the generated apk package is stored in the private cloud storage of the cloud by the main package generation system. Therefore, when the packaging system acquires the apk package, a storage path corresponding to the package name and the version information can be searched in the data table according to the product information in the packaging request, namely the package name and the version information of the apk package, and the corresponding apk package can be acquired in the private cloud storage of the cloud end according to the storage path.

When the packaging system obtains the second key from the key system, the packaging system can obtain the second key through a second key service decryption interface provided by the key system. Specifically, a key request may be sent to the key system through the interface, and the key system returns the corresponding second key to the packaging system when determining that the IP address corresponding to the key request is the IP address of the whitelist.

When the packaging system re-signs the apk packet according to the channel number list and the second key, firstly, the apk packet can be decompressed reversely, files project and properties in the apk are analyzed, original key information is removed, namely, the first key used when the apk packet is generated is deleted, then batch re-signing is carried out on the apk packet according to at least one channel number and the second key in the channel number list, and new project and properties are generated so as to obtain the re-signed channel packet. A channel package may be generated for one channel, and different channel packages may use the same second key or different second keys, which is not limited herein.

Optionally, considering that the process of performing batch re-signing on the apk packet is a cyclic process and the apk packet and the second key need to be used for multiple times, the packaging system may further store the apk packet and the second key in the specified directory after obtaining the apk packet and the second key, so that when the apk packet is re-signed, the apk packet and the second key may be obtained from the specified directory, thereby avoiding the problem of re-obtaining the apk packet and the second key each time of re-signing, and thus, the channel packet construction efficiency may be accelerated. In addition, after the apk package is re-signed, the apk package and the second key under the appointed directory can be deleted, so that the apk package and the second key can be prevented from being leaked, and the safety is improved.

After obtaining the re-signed apk package (i.e., channel package), the packaging system may distribute the re-signed channel package to at least one channel. In an implementation manner, when the packaging system distributes the channel package obtained after re-signing to at least one channel, the channel package may be synchronized to a common cloud storage in the cloud in a multithreading manner, and then a specified Content Delivery Network (CDN) is refreshed. Specifically, the downloading content of the external channel package can be updated by synchronizing the internal cloud storage with the shared cloud storage of the cloud end in a manner of calling by the internal cloud storage intranet and refreshing the designated CDN after all synchronization is completed. For the user, the apk package can be downloaded through the updated download link, and then the target application is installed.

In the process of re-signing and distributing apk, the packaging system in the embodiment of the application finishes acquisition of the dependent key by a white list mechanism and an HTTPS mode, deletes the key after use is finished, and can ensure the security of core data; after the channel package is re-signed, the channel package is synchronized to the cloud storage corresponding to the cloud side in parallel, extremely high synchronous distribution efficiency is achieved, and the concurrency of the whole process can be improved.

According to the embodiment of the application, the existing intranet monomer architecture is upgraded into the cloud cluster architecture, so that the generation and distribution efficiency of the apk channel package can be improved, and in the upgraded and improved cloud cluster architecture, a packaging system and a key system both have high availability and the capability of telescopic expansion; the packaging system is deployed at the cloud end, and the advantages of natural cloud storage and CDN combination are added, so that the problem of dependence of local storage resources is successfully solved, the problem of network outlet bandwidth is avoided, the distribution and updating efficiency is improved extremely quickly, and the whole system has high availability, high expandability and extremely high distribution efficiency.

FIG. 3 is a flowchart illustrating a processing method for applying an apk packet according to an embodiment of the present application. The execution body of the embodiment shown in fig. 3 may be the packaging system 23 shown in fig. 2, or may be a certain packaging subsystem in the packaging system 23. The processing method of the application apk packet shown in fig. 3 may include the following steps.

S302: receiving a packaging request, wherein the packaging request comprises a channel number list and product information of an apk package, the channel number list comprises a channel number corresponding to at least one channel, and the product information comprises a package name and version information of the apk package.

S304: a second key is obtained, the second key being generated by a locally deployed key system.

The specific implementation manner of the key system for generating the second key can be referred to the corresponding description in the embodiment shown in fig. 2, and the description is not repeated here. The packaging system, upon receiving the packaging request, may obtain a second key generated by the key system.

S306: and acquiring the apk packet according to the product information of the apk packet, wherein the apk packet is generated by a local main packet generation system according to a first secret key, and the first secret key is generated by a secret key system.

The specific implementation of the apk packet generated by the main packet generation system according to the first key and the specific implementation of the first key generated by the key system can be referred to the corresponding description in the embodiment shown in fig. 2, and the description is not repeated here. After receiving the packaging request, the packaging system can also acquire the apk package which needs to be re-signed according to the product information in the packaging request.

S308: and according to the channel number list and the second secret key, re-signing the apk package, and distributing the re-signed channel package to at least one channel.

The specific implementation manners of S302 to S308 can refer to the specific implementation of the corresponding steps in the embodiment shown in fig. 2, and the description is not repeated here.

For facilitating understanding of the processing system of the application apk package provided in the embodiment of the present application, reference may be made to fig. 4. FIG. 4 is a flowchart illustrating a processing method for applying an apk packet according to an embodiment of the present application. The embodiment shown in FIG. 4 is illustrated with an apk version update scenario as an example.

Fig. 4 includes a key system, a main package generation system, and a packaging system, where the key system and the main package generation system are deployed locally, and the packaging system is deployed in a cloud. When the updated version of the apk package of the application needs to be re-signed and distributed to at least one channel, the specific implementation mode is as follows.

The key system may automatically generate jks files (i.e., the second key) from the product core base information, and then may generate P12 files (i.e., the first key) by encrypting jks files. Thereafter, the jks file and the P12 file may be stored in a database. Further, it is also possible to provide the key P12 file interface service through the first key service interface and the key jks file interface service through the second key service interface for use by the master package generating system and the packaging system, respectively.

In the case of an updated apk version, the main package generation system can acquire the P12 file through a file interface service of a key P12, and generate an updated apk package according to the P12 file. And then synchronizing the apk packet to the private cloud storage of the cloud end by calling a main packet synchronization interface of the cloud end, simultaneously generating a data table, and synchronizing the data table to a packaging system, wherein the packet name and version information of the apk packet and a storage path in the private cloud storage are recorded in the data table.

The operator sends a packaging request to a packaging system, the packaging request comprises a channel number list and the product information of the apk package, the channel number list comprises at least one channel number corresponding to at least one channel, and the product information comprises the package name and the version information of the apk package. After receiving the packaging request, the packaging system can search a corresponding storage path in the data table according to the product information in the packaging request, acquire the apk package under the storage path from the private cloud storage according to the storage path, acquire jks files through a key jks file interface service provided by the key system, and finally perform re-signing on the apk package according to the channel number list and the second key to obtain the channel package. After the channel package is obtained, the channel package can be synchronized to the cloud storage in a multithreading mode, and the designated CDN is refreshed, so that the update of the downloaded content of the external channel package can be completed.

It should be noted that, after receiving the packaging system, the packaging system in fig. 4 may also balance the load of the packaging system into one of the packaging subsystems (not shown in fig. 4), and then perform re-signing and distribution of the apk packet by the packaging subsystem, which is only described by taking the packaging system as an example.

Com, the package name of product a is test.com, which is re-signed and distributed as an example.

Based on the existing single machine architecture, the process of re-signing and distributing the apk package is as follows:

step 1, an OA system triggers a key generation node, and corresponding research personnel generate a key file A.jks through a local keystore tool.

And 2, synchronizing the key file A.jks to the specific path/data/keys/product/test.com/A.jks of the single-point host 192.168.0.11 through an rsync synchronization tool.

And step 3, manually operating the/data/keys/tools/built _ P12_ keys. py script on the host 192.168.0.11, generating a P12 file by inputting a path parameter 'data/keys/product/test.com/A.jks', writing the P12 file into the same path/data/keys/product/test.com/A.P12, manually exporting the P12 file, and then importing the P12 file into a jenkins system for generating an apk packet.

And 4, packaging the generated main packet apk by the Jenkins system, and writing the corresponding main packet into a specific main packet path/data/pkg/product/test.com/v1.1.1/unknown.apk in the packaging service by calling a packaging service interface https:/pkx.com/apk/sync. Wherein, v1.1.1 refers to the update version number of the product apk, the file names are unified into an signed.

And 5, the packing system inputs parameters through operators: channel number lists (1001-1888), product names A, product package names test.com and corresponding product version numbers v1.1.1, constructing a total of 888 channel packages from 1001 to 1888, and distributing the channel packages through an intranet.

The technical scheme provided by the embodiment of the application comprises the following steps of re-signing and distributing an apk packet:

step 1, the OA system triggers the key generation node, the OA system directly calls a service interface https:// key.xxx.com/keys/built provided by the key system to complete the subsequent flow, and the existing three steps 1, 2 and 3 are directly replaced. The concrete implementation is as follows:

step 1.1, equivalently transforming the function of the existing keystore tool, directly completing key generation, and then writing the key into a data table, wherein the data table can comprise a product name A, a product package name test.com, and a product key jks: jks (binary stream format).

Step 1.2, equivalently transforming the functions of the existing/data/keys/tools/built _ P12_ keys. py script, encrypting and converting the A.jks file into an A.P12 file, and adding a P12 key file of a product A: p12 (binary stream format).

Step 1.3, the key system provides a first key service interface and a second key service interface for the Jenkins system (i.e. the master package generation system) to download the P12 file, and the packaging system obtains jks file.

Step 2, the main package apk generated by the Jenkins system packaging is synchronized to a cloud private cloud storage/cloud/storage/data/pkg/product/test.com/v 1.1.1/signed.apk specific main package path in the packaging service by calling a packaging service interface https:/pkx.xxx.com/v 2/apk/sync, wherein v1.1.1 refers to a product apk updating version number, and the file names are unified as signed.apk, and the information is synchronously recorded to a data table.

And 3, the packing system inputs parameters through operators: and constructing a total 888 channel APK packages from 1001 to 1888 by using the channel number list (1001-1888), the product name A, the product package name test.com and the corresponding product version number v1.1.1. The concrete implementation is as follows:

step 3.1, the packaging system obtains the corresponding main package apk, namely/closed/storage/data/pkg/product/test.com/v1.1.1/signed.apk file from the private cloud storage through the product package name and the version number, and temporarily stores the main package apk under the specific directory/data/tmp/pkg/test.com/v1.1.1/directory of the operation service node

And 3.2, constructing an https:// key.xxx.com/keys/fetch interface of the https request key system by assembling the product package name parameter to obtain an A.jks file of the corresponding product, and temporarily storing the A.jks file to a specific directory/data/tmp/pkg/test.com/v1.1.1/directory of the operation service node.

Step 3.3, the re-signing tool script/data/pkg/tools/rebuild _ signature.sh dynamically finds the signed.apk and A.jks files by receiving/data/tmp/pkg/test.com/v1.1.1/the directory prefix parameter, and adds the channel packet information, so that the re-signing and construction of each channel packet can be completed, and the re-signing and construction are output to a specific distribution path: com/v1.1.1/distribution/data/tmp/pkg/test.

And 3.4, synchronizing the channel package to be distributed to public cloud storage in an internal cloud storage intranet calling mode in a multithreading concurrent mode, and refreshing the CDN after all synchronization is completed, so that the content of the download link can be updated.

And 3.5, clearing the/data/tmp/pkg/test.com/v1.1.1/the directory and the files under the directory to complete the whole process.

Assuming that the intranet bandwidth of a company is 200MB/s, the channel packets are 2000, and a single channel packet is about 60MB, the size of the channel packet to be distributed is as follows: 2000X 60 MB-120 GB.

If the hardware configuration of the cloud host and the intranet single machine is consistent, based on the technical scheme of the intranet architecture, under the condition that the bandwidth is completely occupied, the time consumed by the distribution channel package is as follows: 120GB/200(MB/s) 600s 10 min.

On the basis of the cloud cluster architecture provided by the embodiment of the application, if the cloud bandwidth is 1GB/s, the time consumption is as follows under the condition that 10 threads of cloud storage are distributed in parallel: 120GB/1(GB/s)/10 120/10s 12 s.

Therefore, the cloud cluster architecture provided by the embodiment of the application can have the second-level distribution capability, and the distribution capability is higher compared with the single-point architecture of an intranet.

Based on the above embodiments of the present application, in the technical solutions provided in the embodiments of the present application, since the key system can automatically generate the first key and the second key required in the channel package construction process (including the generation of the apk package and the re-signing of the apk package), the generation efficiency of the key can be improved, and further the construction efficiency of the channel package can be improved; because the key system and the main package generation system are both deployed locally, the security of the key and the security of the apk package generation process can be ensured; in addition, the packaging system is deployed at the cloud end, and channel packages obtained after the re-signing are distributed to at least one channel at the cloud end, so that the distribution of the channel packages can be free from the limitation of intranet storage resources and outlet bandwidth, and the distribution capability of the channel packages is effectively improved.

The foregoing description of specific embodiments of the present application has been presented. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 5, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.

The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.

And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.

And the processor reads the corresponding computer program from the nonvolatile memory into the memory and runs the computer program to form the processing device of the application apk packet on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:

The method executed by the processing device applying the apk packet according to the embodiment shown in fig. 5 of the present application may be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

The electronic device may further execute the method in fig. 3, and implement the function of the processing apparatus that applies the apk packet in the embodiment shown in fig. 3, which is not described herein again in this embodiment of the present application.

Of course, besides the software implementation, the electronic device of the present application does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.

Embodiments of the present application further propose a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, enable the portable electronic device to perform the method of the embodiment shown in fig. 3, and in particular to perform the following operations:

Fig. 6 is a schematic structural diagram of a processing device 60 that applies an apk packet according to an embodiment of the present application. Referring to fig. 6, in a software implementation, the processing device 60 for the application apk packet may include: a receiving module 61, a first obtaining module 62, a second obtaining module 63 and a re-signing and distributing module 64, wherein:

the receiving module 61 is configured to receive a packaging request, where the packaging request includes a channel number list and product information of an apk packet, the channel number list includes a channel number corresponding to at least one channel, and the product information includes a packet name and version information of the apk packet;

a first obtaining module 62, configured to obtain a second key, where the second key is generated by a locally deployed key system;

a second obtaining module 63, configured to obtain the apk packet according to product information of the apk packet, where the apk packet is generated by a local main packet generation system according to a first key, and the first key is generated by the key system;

and the re-signing and distributing module 64 is used for re-signing the apk package according to the channel number list and the second key, and distributing the re-signed channel package to at least one channel.

The processing device 60 for an application apk packet provided in this embodiment of the present application may also execute the method in fig. 3, and implement the functions of the processing device for an application apk packet in the embodiment shown in fig. 3, which are not described herein again in this embodiment of the present application.

In short, the above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims

1. A processing system for applying an apk packet, the processing system comprising a key system, a master packet generation system, and a packing system, wherein:

the key system is used for generating a first key and a second key;

2. The processing system of claim 1, wherein the key system provides a service interface through which the key system accesses an Office Automation (OA) system, the OA system providing product core basic information for the target application, the OA system to trigger the key system to generate the first key and the second key;

wherein the key system generating the first key and the second key comprises:

generating the second key according to the product core basic information of the target application;

and performing specified encryption processing on the second key to generate the first key.

3. The processing system of claim 2, wherein the key system further provides a first key service interface for the master package generation system to obtain the first key and a second key service interface for the packaging system to obtain the second key;

when the key system receives a key request, judging whether a predetermined white list contains an IP address corresponding to the key request; if yes, returning the key requested by the key request in an HTTPS mode.

4. The processing system of claim 1, wherein the main package generation system, after generating the apk package for the target application according to the first key, further comprises:

synchronizing the apk packet to a private cloud storage of the cloud;

generating a data table and synchronizing the data table to the packaging system;

the data table is used for acquiring the apk packet from the private cloud storage when the packaging system carries out re-signing on the apk packet.

5. The processing system of claim 1, wherein the packaging system re-signs the apk packet according to the second key, comprising:

receiving a packaging request, wherein the packaging request comprises a channel number list and product information of the apk packet, the channel number list comprises at least one channel number corresponding to the at least one channel, and the product information comprises a packet name and version information of the apk packet;

acquiring the apk packet according to the product information;

acquiring the second key from the key system;

and according to the channel number list and the second secret key, re-signing the apk packet.

6. The processing system of claim 5, wherein the packaging system obtains the apk package based on the product information, comprising:

searching a storage path corresponding to the product information from a data table, wherein the data table stores the package name, the version information and the storage path of the apk package;

and acquiring the apk packet under the storage path from the private cloud storage of the cloud according to the storage path.

7. The processing system of claim 5, wherein the packaging system re-signs the apk package based on the channel number list and the second key, comprising:

carrying out inverse decompression on the apk packet, and deleting the first key used when the apk packet is generated;

and according to at least one channel number in the channel number list and the second secret key, performing batch re-signing on the apk packet to obtain a re-signed channel packet.

8. The processing system of claim 5, wherein the packaging system, after obtaining the apk packet and the second key, further comprises:

storing the apk packet and the second key under a specified directory;

when the apk packet is re-signed, acquiring the apk packet and the second key from the specified directory;

and deleting the apk packet and the second key under the specified directory after the re-signing of the apk packet is completed.

9. The processing system of claim 1, wherein the packaging system distributes the re-signed channel package to at least one channel, comprising:

synchronizing the channel packages to a common cloud storage of the cloud end in a multithreading mode;

and refreshing the designated content delivery network CDN.

10. A processing method for an application apk packet is characterized by comprising the following steps:

and re-signing the apk package according to the channel number list and the second secret key, and distributing the re-signed channel package to at least one channel.

11. An apparatus for processing an apk packet, comprising:

12. An electronic device, comprising:

a processor; and

13. A computer-readable storage medium storing one or more programs which, when executed by an electronic device including a plurality of application programs, cause the electronic device to perform a method of: