So I've restarted with gradle instead because the instructions from the original link seemed to have some heavy dependencies on things that aren't available in the versions Debian has packaged. I think I've gotten further, but not quite there yet.
Mostly based on https://developer.okta.com/blog/2018/08/10/basic-android-without-an-ide with some manual changes to account for version mismatches, again.
Debian bullseye:
sudo apt install android-sdk android-sdk-platform-23 gradle openjdk-11-jdk-headless
Build the unsigned/debug/dev pacakge:
gradle build
# NOTE: It doesn't currently work with openjdk-17 (FIXME) so either uninstall it, or if you keep it installed, run add this argument to the build: -Dorg.gradle.java.home=/usr/lib/jvm/java-11-openjdk-amd64/
Install it on a device:
adb install ./app/build/outputs/apk/debug/app-debug.apk
Create a signing keystore thing. NOTE this from Google: "If you plan to publish your apps on Google Play, the key you use to sign your app must have a validity period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade apps when new versions are available." -- https://developer.android.com/studio/publish/app-signing#considerations I think this keystore file is supposed to have multiple keys in the one database-like file, not sure:
keytool -genkey -v -keystore ~/.android/release.keystore -alias mike-prisonpcemm@cyber.com.au -keyalg RSA -keysize 2048 -validity 7300
Sign the APK If you typo the password it gives a stacktrace, not a nice error:
apksigner sign --ks ~/.android/release.keystore --out ./com.prisonpc.cacertinstaller.apk ./app/build/outputs/apk/release/app-release-unsigned.apk
- FIXME: Upload it to Google. I did this via the GUI and it worked fine. Can't find any info specific to private store
https://stackoverflow.com/questions/21829495/how-to-upload-an-android-app-to-the-app-store-via-command-line https://andresand.medium.com/automate-publishing-app-bundle-or-apk-to-google-play-store-8641f0ba2f64 https://stasheq.medium.com/upload-apk-to-google-play-via-command-line-script-d93b0d6a28c5 https://developers.google.com/android-publisher/api-ref/rest
Just place a valid JPG or PNG file at app/src/main/res/drawable/wallpaper.(jpg|png) and rebuild the package.
Build package, turn device screen on, install on device, unlock device screen, run app on device:
gradle build && adb shell input keyevent 82 && adb install ./app/build/outputs/apk/debug/app-debug.apk && adb shell input keyevent 82 && sleep 1 && adb shell monkey -p com.prisonpc.cacertinstaller 1
Watch device log for useful things:
adb logcat -T 0 | grep --line-buffered -i -e admin -e prisonpc
Enable TestDPC as the device policy controller so it can enable the CERT_INSTALL delegation. I couldn't find a way to do just the CERT_INSTALL delegation automatically:
adb shell dpm set-device-owner com.afwsamples.testdpc/.DeviceAdminReceiver
- General clean up of the ugly code
- Make it run automatically once installed, or on boot. Android doesn't seem to allow apps to respond to an intent until it's been manually run once by the user. I can see good security reasons for this in general, but can we bypass that with policy stuff?