Android signing with Ant

android ant

Using Ant, I'm trying to build an Android application in release mode for distribution. My problem is at the signing process. I've created a keystore and alias via Eclipse using the Export Android Application wizard and the app is correctly signed if export it via Eclipse. When I try to complete the same process via Ant I reference my keystore and alias in my build.properties file:

key.store=C:\\Users\\a512091\\.android\\release.keystore
key.alias=application
key.store.password=android
key.alias.password=android

The build process is successful and I get an Application-release.apk file. I veryfied this APK with jarsigner and all files have "sm" tags. This is the tail of the output:

jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.

When I try to install this APK into an emulator or device I get the following:

Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]

Logcat shows signing problems on my CSS file and image assets:

11-07 11:06:20.060: WARN/PackageParser(58): Exception reading assets/www/css/base.css in /data/app/vmdl48898.tmp
11-07 11:06:20.060: WARN/PackageParser(58): java.lang.SecurityException: META-INF/XXXXX.SF has invalid digest for assets/www/res/droidhdpi/favorite_off.png in /data/app/vmdl48898.tmp
11-07 11:06:20.060: WARN/PackageParser(58):     at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:369)
11-07 11:06:20.060: WARN/PackageParser(58):     at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:272)
11-07 11:06:20.060: WARN/PackageParser(58):     at java.util.jar.JarFile.getInputStream(JarFile.java:392)
11-07 11:06:20.060: WARN/PackageParser(58):     at android.content.pm.PackageParser.loadCertificates(PackageParser.java:337)
11-07 11:06:20.060: WARN/PackageParser(58):     at android.content.pm.PackageParser.collectCertificates(PackageParser.java:508)
11-07 11:06:20.060: WARN/PackageParser(58):     at com.android.server.PackageManagerService.installPackageLI(PackageManagerService.java:5885)
11-07 11:06:20.060: WARN/PackageParser(58):     at com.android.server.PackageManagerService.access$2100(PackageManagerService.java:134)
11-07 11:06:20.060: WARN/PackageParser(58):     at com.android.server.PackageManagerService$5.run(PackageManagerService.java:4743)
11-07 11:06:20.060: WARN/PackageParser(58):     at android.os.Handler.handleCallback(Handler.java:587)
11-07 11:06:20.060: WARN/PackageParser(58):     at android.os.Handler.dispatchMessage(Handler.java:92)
11-07 11:06:20.060: WARN/PackageParser(58):     at android.os.Looper.loop(Looper.java:123)
11-07 11:06:20.060: WARN/PackageParser(58):     at android.os.HandlerThread.run(HandlerThread.java:60)
11-07 11:06:20.069: ERROR/PackageParser(58): Package com.xxxxx.xxxxx has no certificates at entry assets/www/css/base.css; ignoring!

Solution 1:

If you have Ant version < 1.8.3 (ant -version) try this approach for the issue with JDK 7 (based on the previous answer):

  1. Add signjarjdk7 to ANDROID_SDK\tools\ant\build.xml

    <macrodef name="signjarjdk7">
    <attribute name="jar" />
    <attribute name="signedjar" />
    <attribute name="keystore" />
    <attribute name="storepass" />
    <attribute name="alias" />
    <attribute name="keypass" />
    <attribute name="verbose" />
    <sequential>
        <exec executable="jarsigner" failonerror="true">
            <!-- Magic key, always verbose -->
            <arg line="-verbose -digestalg SHA1 -sigalg MD5withRSA" />
            <arg line="-keystore @{keystore} -storepass @{storepass} -keypass @{keypass}" />
            <arg line="-signedjar &quot;@{signedjar}&quot;" />
            <arg line="&quot;@{jar}&quot; @{alias}" />
        </exec>
    </sequential>
</macrodef>

  2. Replace 'signjar' to 'signjarjdk7' in 'release' target in the same build.xml.

NOTE: You have to define 'key.store.password' and 'key.alias.password' propeties for your project (in project.properties or in local.properties).

UPDATE 1:

If your have installed Ant 1.8.3 (or later) you have a better solution:

Open your ANDROID_SDK\tools\ant\build.xml and add two new parameters - sigalg and digestalg - in the original 'signjar' invocation:

<signjar
    sigalg="MD5withRSA"
    digestalg="SHA1"
    jar="${out.packaged.file}"
    signedjar="${out.unaligned.file}"
    keystore="${key.store}"
    storepass="${key.store.password}"
    alias="${key.alias}"
    keypass="${key.alias.password}"
    verbose="${verbose}" />

UPDATE 2: It seems this answer is deprecated after 'signjar' was replaced to 'signapk' in latest version of Android SDK tools.

Solution 2:

It sounds as you may be using JDK 7 (1.7.0) so try adding these options when signing with jarsigner:

-digestalg SHA1 -sigalg MD5withRSA

Solution 3:

Per Android developer documentation, you should put these properties within the ant.properties file:

$ cat ant.properties
key.store=C:\\Users\\a512091\\.android\\release.keystore
key.alias=application
key.store.password=android
key.alias.password=android

Related

Getter/setter on javascript array?
How can I use an HTTP proxy for a JAX-WS request without setting a system-wide property?
Loading Data from a .txt file to Table Stored as ORC in Hive
Does ODP.NET require Oracle Client installation
Chrome developer tools workspace mappings
MVVM ViewModel vs. MVC ViewModel
Importing javascript file for use within vue component
.js.erb VS .js
What is iterator invalidation?
Exception when opening Parse push notification [closed]
Query to search all packages for table and/or column
How do I override the style of primeng components?