I need to setup Azure a devops pipeline to build and deploy my native Android application to Google Play store or App Center as App Bundle.
I could figure out to deploy an apk but need help to deploy app bundle(.aab). Any help would be appreciated.
Change the apkFiles to **/*.aab and pass the algorithms, -sigalg SHA256withRSA -digestalg SHA-256 as jarsignerArguments.
Like this:
- task: AndroidSigning#2
inputs:
apkFiles: '**/*.aab'
jarsign: true
jarsignerKeystoreFile: 'pathToYourKeystoreFile'
jarsignerKeystorePassword: '$(jarsignerKeystorePassword)'
jarsignerKeystoreAlias: '$(yourKeystoreAlias)'
jarsignerKeyPassword: '$(jarsignerKeyPassword)'
jarsignerArguments: '-sigalg SHA256withRSA -digestalg SHA-256'
zipalign: true
You can use the Google Play - Release Bundle task to deploy app bundle(.aab). After the Google play extension is installed in your azure devops organization. You can add Google Play - Release Bundle task in your pipeline and configure the bundleFile field to the location of the generated .aab bundleFile. See below.
- task: ms-vsclient.google-play.google-play-release-bundle.GooglePlayReleaseBundle#3
displayName: 'Release functionParam.ps1 to internal'
inputs:
serviceConnection: googleServiceEndPoint
applicationId: applicationId
bundleFile: **/*.aab
Check out below tutorial to create a pipeline for your Android application
Build, test, and deploy Android apps
Update:
You can sign aab bundle using jarsigner command in azure pipeline. You might need to use download secure file task to use your keystore_file if you upload it to secure file. For example run below jarsigner command in a powershell task:
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore my_keystor_file.keystore -storepass 'super_secret_keystore_pass' -keypass 'super_secret_alias_password' my-app-bundle.aab myKeyStoreAlias
See this thread for more information.
You can also use Xamarin.Android build task. And pass below arguements in Additional arguments for the build to package and sign the App Bundle:
-restore -t:SignAndroidPackage -p:AndroidPackageFormat=aab -p:AndroidKeyStore=True -p:AndroidSigningKeyStore=$(keystore.secureFilePath) -p:AndroidSigningStorePass=$(KeystorePassword) -p:AndroidSigningKeyAlias=$(KeystoreAlias) -p:AndroidSigningKeyPass=$(KeystorePassword)
See here for more information.
I'm trying to generate another debug keystore for my app, I have created a dev keystore and assigned the store file inside .android and with the name dev.keystore, then I assigned this new keystore to my debug build variant
Then asigned this dev key to the debug build variant
But when I try to get the sha1 of this key this happens
I have been all day long trying to generate a new sha1 key with this and I cant
Any help is appreciated, thanks
How to Sign Android App Bundle with the azure pipeline,
The documentation is available only signing APK
https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/build/android-signing?view=azure-devops
when I try to sign aab with the above task I am getting below error
Error: Failed to deduce min API Level: APK does not contain AndroidManifest.xml. Please specify --min-sdk-version.
Answered here: https://stackoverflow.com/a/69835335/168510
Change the apkFiles to **/*.aab and pass the algorithms, -sigalg SHA256withRSA -digestalg SHA-256 as jarsignerArguments.
Like this:
- task: AndroidSigning#2
inputs:
apkFiles: '**/*.aab'
jarsign: true
jarsignerKeystoreFile: 'pathToYourKeystoreFile'
jarsignerKeystorePassword: '$(jarsignerKeystorePassword)'
jarsignerKeystoreAlias: '$(yourKeystoreAlias)'
jarsignerKeyPassword: '$(jarsignerKeyPassword)'
jarsignerArguments: '-sigalg SHA256withRSA -digestalg SHA-256'
zipalign: true
How to Sign Android app Bundle with azure pipeline
AFAIK, you could sign Android app Bundle from command line:
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore xample.jks bundle.aab keystoreAlias
The jarsigner.exe is in the bin folder of your java JDK install (Java SE), so we could get it by:
"%JAVA_HOME%"\bin\jarsigner.exe
So, we could use the command line task to invoke the jarsigner.exe to sign Android app Bundle in the Azure pipeline.
Check this ticket for some more details.
Hope this helps.
I had same problem with signing the Android app bundle, Right now we fixed this issue with the signing app bundle in the Azure Build Pipeline instead of signing Android app bundle from the Azure Release pipeline through jarsigner.
I have a problem where the upgrade to my apk will not install due to the above message.
I have read posts on SO that say this message happens when the app is signed with a different release key.
example post on different keys
.
In my logs as i try to upgrade the apk i get the following:
04-07 13:28:03.796 2072-2072/? W/InstallAppProgress: Replacing package:com.xxx.rr3
04-07 13:28:04.326 3675-3845/? W/PackageManager: verifying app can be installed or not
04-07 13:28:04.378 3675-3845/? W/PackageManager: Package com.xxx.rr3 signatures do not match the previously installed version; ignoring!
.
The orginal app was has been in production for over 4 years and was written using Eclipse, which is installed on my old hard drive.
6 months ago my boss bought me an SSD drive and i installed Android Studio. I migrated the old project and it builds fine and it will install on to a device that doesn't have the previous version installed.
I copied the keystore from my old hard drive to my new SSD and I use it to sign the new version of the app in Android Studio. So i have only ever used the one same keystore, with the same passwords and alias.
Can anyone tell me why Android is saying my upgrade is signed with a different key?
[UPDATE1]
I have extracted the CERT.RSA for both old and new apk. They both use the same keystore and keys but i noticed i was using the wrong release alias. Below is the fingerprints for both apks the top one is the old one the bottom, the new one.
C:\OpenSSL-Win64\bin>keytool -printcert -file CERT.RSA
Owner: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Issuer: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Serial number: 6144ad2c
Valid from: Fri Jan 11 08:55:29 GMT 2013 until: Thu May 14 09:55:29 BST 3012
Certificate fingerprints:
MD5: 50:63:5E:54:9D:D3:C4:71:A9:4E:3C:F4:27:9E:50:CA
SHA1: 7C:2C:DB:7E:92:D2:01:46:43:8D:D2:B9:A4:D2:B0:F4:85:E7:16:D9
SHA256: 38:64:89:4D:A2:37:72:AA:CE:90:5E:34:46:B9:D0:A4:CA:18:B7:07:7A:E2:DB:1D:7C:60:CD:70:F6:77:C5:FF
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F 95 E8 FA 36 5B 26 07 33 72 8B 09 37 0C 18 C5 ?...6[&.3r..7...
0010: 3B 5A 19 42 ;Z.B
]
]
C:\OpenSSL-Win64\bin>keytool -list -keystore .keystore
keytool error: java.lang.Exception: Keystore file does not exist: .keystore
C:\OpenSSL-Win64\bin>keytool -printcert -file CERT.RSA
Owner: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Issuer: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Serial number: 6144ad2c
Valid from: Fri Jan 11 08:55:29 GMT 2013 until: Thu May 14 09:55:29 BST 3012
Certificate fingerprints:
MD5: 50:63:5E:54:9D:D3:C4:71:A9:4E:3C:F4:27:9E:50:CA
SHA1: 7C:2C:DB:7E:92:D2:01:46:43:8D:D2:B9:A4:D2:B0:F4:85:E7:16:D9
SHA256: 38:64:89:4D:A2:37:72:AA:CE:90:5E:34:46:B9:D0:A4:CA:18:B7:07:7A:E2:DB:1D:7C:60:CD:70:F6:77:C5:FF
Signature algorithm name: SHA256withRSA
Version: 3
I specified the correct releasealias when clicking on 'Generate Signed Apk' but there is still an error albeit different.
The package conflicts with an existing package by the same name
.
I have tried to build the new apk manually, using the following link:
link
C:\Users\mattheww\StudioProjects\nfcscanner3>gradlew assembleRelease
Downloading https://services.gradle.org/distributions/gradle-2.14.1-all.zip
Unzipping C:\Users\mattheww\.gradle\wrapper\dists\gradle-2.14.1-all\8bnwg5hd3w55iofp58khbp6yv\gradle-2.14.1-all.zip to C:\Users\mattheww\.gradle\wrapper\dists\gradle-2.14.1-all\8bnwg5hd3w55iofp58khbp6yv
FAILURE: Build failed with an exception.
* Where:
Build file 'C:\Users\mattheww\StudioProjects\nfcscanner3\app\build.gradle' line: 1
* What went wrong:
A problem occurred evaluating project ':app'.
> java.lang.UnsupportedClassVersionError: com/android/build/gradle/AppPlugin : Unsupported major.minor version 52.0
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.
BUILD FAILED
Total time: 29.982 secs
.
If the keystore and fingerprints match on both apps, can anyone explain why the new app still will not upgrade?
[UPDATE 2]
I have just remembered that when i imported the Eclipse project into Android Studio, it would not build correctly. There was a problem with the Appication Object. My Appication Object is called NfcScannerApplication and i have a class implemented by the same name (which is also described in the manifest).
Once imported into Android Studio, built and pushed on to a device, Android said it could not find the Application class. so i used the following code which seemed to solve the problem.
public static NfcScannerApplication getRealApplication (Context applicationContext)
{
Log.e(TAG, "inside NfcScannerApplication getRealApplication");
NfcScannerApplication application = null;
if (applicationContext instanceof NfcScannerApplication)
{
application = (NfcScannerApplication) applicationContext;
}
else
{
Application realApplication = null;
Field magicField = null;
try
{
magicField = applicationContext.getClass().getDeclaredField("realApplication");
magicField.setAccessible(true);
realApplication = (Application) magicField.get(applicationContext);
}
catch (NoSuchFieldException e)
{
Log.e(TAG, e.getMessage());
}
catch (IllegalAccessException e)
{
Log.e(TAG, e.getMessage());
}
application = (NfcScannerApplication) realApplication;
}
return application;
}
// the above method is commented out and this is used
//because the migration process from Eclipse to Android
//needed it. see below
//https://stackoverflow.com/questions/36495954/bootstrapapplication-cannot-be-cast-to-applicationclass
It uses reflection to get the Application class. Could this be the reason why even though i'm using the same keystore etc, Android thinks there is a different app on the device with the same name?
[UPDATE 3]
I seem to have found the problem. :) I have a ContentProvider that gets the Application Context when the app is first loaded. I call getContext and cast it into my Application class.
What i do now is call getContext.getApplicationContext() and it works fine now. Below is the code i use now and the old code iscommented out above.
//old code
//Context context = getContext();
//nfcAppObj = (NfcScannerApplication) getContext();
//new code
Context applicationContext = getContext().getApplicationContext();
nfcAppObj = getRealApplication(applicationContext);
If you have the old apk you can use this to get the details of the cert used to sign it. (Extract the CERT.RSA file from the apk -unziping it-, then running the openssl aplication on that file.)
unzip -p App.apk META-INF/CERT.RSA |openssl pkcs7 -inform DER -noout -print_certs -text
Then use keytool (that comes with java) to list the certificates from your key store, and see if you find a match, or if the certificate you think is the correct really matches.
For your reference:
Getting certificate details from an apk
How do I find out which keystore was used to sign an app?
Publish your signed apk to the play store in beta or alpha section if the play store refuse your apk that's mean your keystore is not the original key.
If play store accepted your apk then try to update your installed apk from play store.
If your app not listed on play store you can pull your previous apk from the device and compare both APKs signature SHA1
to get SHA1 of the apk
How do I find out which keystore was used to sign an app?
Unless you do something special, when you click the "Play" button in Android Studio it will use a temporary, AS specific debug key to sign the app and then it will install it to your device.
Eclipse did something very similar.
If you're talking about using Android Studios "Generate Signed APK" then try the following debug steps:
Install the apk through adb manually, see if the error still occurs.
Sign the apk yourself through gradle, see if the error still occurs.
If both of these steps don't work, I think it's reasonably safe to assume you're not using the same key you were previously.
What are the steps to create a keystore for android?
I need to use google maps in my app and I don't know what steps I missed.
Please provide me with the specific detailed steps (I didn't understand it from the guides).
To answer the question in the title, you create a keystore with the Java Keytool utility that comes with any standard JDK distribution and can be located at %JAVA_HOME%\bin. On Windows this would usually be C:\Program Files\Java\jre7\bin.
On Windows, open a command window and switch to that directory. On Linux type OS do the same with a terminal. Then run:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, provide the Distinguished Name fields and then the password for your key. It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias_name is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
Signing Your App in Android Studio
To sign your app in release mode in Android Studio, follow these steps:
1- On the menu bar, click Build > Generate Signed APK.
2-On the Generate Signed APK Wizard window, click Create new to create a new keystore.
If you already have a keystore, go to step 4.
3- On the New Key Store window, provide the required information as shown in figure
Your key should be valid for at least 25 years, so you can sign app updates with the same key through the lifespan of your app.
4- On the Generate Signed APK Wizard window, select a keystore, a private key, and enter the passwords for both. Then click Next.
5- On the next window, select a destination for the signed APK and click Finish.
referance
http://developer.android.com/tools/publishing/app-signing.html
I was crazy looking how to generate a .keystore using in the shell a single line command, so I could run it from another application. This is the way:
echo y | keytool -genkeypair -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias business -keypass kpi135 -keystore /working/android.keystore -storepass ab987c -validity 20000
dname is a unique identifier for the application in the .keystore
cn the full name of the person or organization that generates the .keystore
ou Organizational Unit that creates the project, its a subdivision of the Organization that creates it. Ex. android.google.com
o Organization owner of the whole project. Its a higher scope than ou. Ex.: google.com
c The country short code. Ex: For United States is "US"
alias Identifier of the app as an single entity inside the .keystore (it can have many)
keypass Password for protecting that specific alias.
keystore Path where the .keystore file shall be created (the standard extension is actually .ks)
storepass Password for protecting the whole .keystore content.
validity Amout of days the app will be valid with this .keystore
It worked really well for me, it doesnt ask for anything else in the console, just creates the file. For more information see keytool - Key and Certificate Management Tool.
Create keystore file from command line :
Open Command line:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved
// (if you want to store keystore file at C:/ open command line with RUN AS ADMINISTRATOR)
C:\Windows\system32> keytool -genkey -v -keystore [your keystore file path]{C:/index.keystore} -alias [your_alias_name]{index} -keyalg RSA -keysize 2048 -validity 10000[in days]
Enter > It will prompt you for password > enter password (it will be invisible)
Enter keystore password:
Re-enter new password:
Enter > It will ask your detail.
What is your first and last name?
[Unknown]: {AB} // [Your Name / Name of Signer]
What is the name of your organizational unit?
[Unknown]: {Self} // [Your Unit Name]
What is the name of your organization?
[Unknown]: {Self} // [Your Organization Name]
What is the name of your City or Locality?
[Unknown]: {INDORE} // [Your City Name]
What is the name of your State or Province?
[Unknown]: {MP} //[Your State]
What is the two-letter country code for this unit?
[Unknown]: 91
Enter > Enter Y
Is CN=AB, OU=Self, O=Self, L=INDORE, ST=MP, C=91 correct?
[no]: Y
Enter > Enter password again.
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
for: CN=AB, OU=Self, O=Self, L=INDORE, ST=MP, C=91
Enter key password for <index> (RETURN if same as keystore password):
Re-enter new password:
[ Storing C:/index.keystore ]
And your are DONE!!!
Export In Eclipse :
Export your android package to .apk with your created keystore file
Right click on Package you want to export and select export
Select Export Android Application > Next
Next
Select Use Existing Keystore > Browse .keystore file > enter password > Next
Select Alias > enter password > Next
Browse APK Destination > Finish
In Android Studio:
Create keystore [.keystore/.jks] in studio...
Click Build (ALT+B) > Generate Signed APK...
Click Create new..(ALT+C)
Browse Key store path (SHIFT+ENTER) > Select Path > Enter name > OK
Fill the detail about your .jks/keystore file
Next
Your file
Enter Studio Master Password (You can RESET if you don't know) > OK
Select *Destination Folder * > Build Type
release : for publish on app store
debug : for debugging your application
Click Finish
Done !!!
This tutorial:
“sign-your-android-applications-for.html”
Archived here:
https://web.archive.org/web/20181002011446/http://techdroid.kbeanie.com/2010/02/sign-your-android-applications-for.html
was very helpful for me the first time I had to create a keystore. It is simple but the instructions on developer.android.com are a little too brief.
The part I was unsure about was where to save and what name to give the keystore file.
I seems it doesn't matter where you put it just be sure to keep it safe and keep a number of backups.
I just put it in my app directory
Name the file "something.keystore" where something can be whatever you want. I used app_name.keystore, where app_name was the name of my app.
The next part was what to name the alias. Again it doesn't seem to matter so again I just used the app_name again. Keep the passwords the same as you used before. Fill out the rest of the fields and you are done.
Use this command to create debug.keystore
keytool -genkey -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Debug,O=Android,C=US"
I followed this guide to create the debug keystore.
The command is:
keytool -genkeypair -alias androiddebugkey -keypass android -keystore debug.keystore -storepass android -dname "CN=Android Debug,O=Android,C=US" -validity 9999
First thing to know is wether you are in Debug or Release mode. From the developer site "There are two build modes: debug mode and release mode. You use debug mode when you are developing and testing your application. You use release mode when you want to build a release version of your application that you can distribute directly to users or publish on an application marketplace such as Google Play."
If you are in debug mode you do the following ...
A. Open terminal and type:
keytool -exportcert -alias androiddebugkey -keystore path_to_debug_or_production_keystore -list -v
Note: For Eclipse, the debug keystore is typically located at ~/.android/debug.keystore...
B. when prompted for a password simply enter "android" ...
C. If you are in Release mode follow the instructions on...
http://developer.android.com/tools/publishing/app-signing.html <-- this link pretty much explains everything you need to know.
based on #EliuX answer, Latest tools compatible with app bundle
echo y | keytool -genkey -keystore ./android.jks -dname "n=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias android -keypass android -storepass android -keyalg RSA -keysize 2048 -validity 2000
For your build.gradle
signingConfigs {
debug {
storeFile file('android.jks')
keyAlias 'android'
keyPassword 'android'
storePassword 'android'
}
}
You can create your keystore by exporting a signed APK. When you will try to export/build a signed APK, it will ask for a keystore.
You can choose your existing keystore or you can easily create a new one by clicking create new keystore
Here a link very useful and well-explained of how to create your keystore and generate a signed APK
THis link explained how to do it with Android Studio, but if I remember, it is pretty similar on Eclipse
WATCH OUT
Once you generate your keystore, keep it somewhere safe because you will need it to regenerate a new signed APK.
How do I export a project in the Android studio?
I'd like to suggest automatic way with gradle only
** Define also at least one additional param for keystore in last command e.g. country '-dname', 'c=RU' **
apply plugin: 'com.android.application'
// define here sign properties
def sPassword = 'storePassword_here'
def kAlias = 'keyAlias_here'
def kPassword = 'keyPassword_here'
android {
...
signingConfigs {
release {
storeFile file("keystore/release.jks")
storePassword sPassword
keyAlias kAlias
keyPassword kPassword
}
}
buildTypes {
debug {
signingConfig signingConfigs.release
}
release {
shrinkResources true
minifyEnabled true
useProguard true
signingConfig signingConfigs.release
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
...
}
...
task generateKeystore() {
exec {
workingDir projectDir
commandLine 'mkdir', '-p', 'keystore'
}
exec {
workingDir projectDir
commandLine 'rm', '-f', 'keystore/release.jks'
}
exec {
workingDir projectDir
commandLine 'keytool', '-genkey', '-noprompt', '-keystore', 'keystore/release.jks',
'-alias', kAlias, '-storepass', sPassword, '-keypass', kPassword, '-dname', 'c=RU',
'-keyalg', 'RSA', '-keysize', '2048', '-validity', '10000'
}
}
project.afterEvaluate {
preBuild.dependsOn generateKeystore
}
This will generate keystore on project sync and build
> Task :app:generateKeystore UP-TO-DATE
> Task :app:preBuild UP-TO-DATE
If you don't want to or can't use Android Studio, you can use the create-android-keystore NPM tool:
$ create-android-keystore quick
Which results in a newly generated keystore in the current directory.
More info: https://www.npmjs.com/package/create-android-keystore