I saw couple similar questions like:
- Android: After building platform source, how to sign arbitrary APK with platform key?
- How to create a release signed apk file using Gradle?
- APK signing error : Failed to read key from keystore
but I feel my problem is different.
First of all I use:
android:sharedUserId="android.uid.system"
so I need to sign my app with platform key. I'm able to do that in this way:
cd $ANDROID_ROOT/out/host/linux-x86/framework java -Djava.library.path=$ANDROID_ROOT/out/host/linux-x86/lib64 -jar signapk.jar $ANDROID_ROOT/build/target/product/security/platform.x509.pem $ANDROID_ROOT/build/target/product/security/platform.pk8 $APP_DIR/app/build/outputs/apk/debug/app-debug.apk $APP_DIR/MyApp-signed.apk However I want to do signing from gradle, so I have generated jks file in this way:
./keytool-importkeypair -k my_keystore.jks -p my_password -pk8 $ANDROID_ROOT/build/target/product/security/platform.pk8 -cert $ANDROID_ROOT/build/target/product/security/platform.x509.pem -alias platform and I've modified app/build.gradle to have:
signingConfigs { release { storeFile file("my_keystore.jks") storePassword "my_password" keyAlias "platform" keyPassword "my_password" } } buildTypes { release { minifyEnabled false proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' signingConfig signingConfigs.release } } I've checked that my_keystore.jks has platform alias with:
keytool -list -v -keystore my_keystore.jks | grep Alias Alias name: platform but when I try to do:
./gradlew assembleRelease or:
./gradlew signingReport I get:
Failed to read key platform from store "(...)/my_keystore.jks": Invalid keystore format
Update: I've tried following dr_g tips and I'm able to sign app using Android Studio (Build -> Generate Signed APK), so I guess keystore is ok, but still I get the same error when using assembleRelease. I've also tried generating my own keystore as suggested by deadfish and indeed keystore generated by Android Studio is fine for gradle and assembleRelease works, but it's not platform key, so I can't use it unfortunately.
3 Answers
Answers 1
Please try using the .keystore variant. There could be ways to fix the java keystore (.jks) format but it is likely to take more time.
1) Generate your .keystore file from your separate key files
$ openssl pkcs8 -inform DER -nocrypt -in \ $ANDROID_ROOT/build/target/product/security/platform.pk8 -out platform.key $ openssl pkcs12 -export -in \ $ANDROID_ROOT/build/target/product/security/platform.x509.pem -inkey \ platform.key -name platform -out platform.pem -password pass:password $ keytool -importkeystore -destkeystore platform.keystore -deststorepass \ password -srckeystore platform.pem -srcstoretype PKCS12 -srcstorepass password 2) Test your new keystore:
$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore \ platform.keystore -storepass password your-app.apk platform 3) Deploy keystore in your gradle build:
signingConfigs { debug { storeFile file('debug.keystore') storePassword 'android' keyAlias 'androiddebugkey' keyPassword 'android' } release { storeFile file('platform.keystore') storePassword 'password' keyAlias 'platform' keyPassword 'password' } } The above build.gradle is also showing an example of using the android debug keystore as standard for debug builds.
Answers 2
use the .keystore file not the .jks when you generate you app,Android studio will notice you create a keyStore, try this key.
Answers 3
After chat with deadfish and following his suggestions (thanks for help!) I've come up with following workaround in app/build.gradle (inside android {}):
applicationVariants.all { variant -> variant.assemble.doLast { exec { commandLine 'sh', '../mySigningScript.sh' } } } This will run my script everytime when assembleDebug or assembleRelease is finished. I will not accept my answer because it's not answering my question and it forces me to remove signingConfigs from gradle but at least it's a workaround which potentially could be used if no better solution is proposed.
0 comments:
Post a Comment