search

google / bundletool

Bundletool is a command-line tool to manipulate Android App Bundles
https://g.co/androidappbundle
Apache License 2.0
3.52k stars 385 forks source link

Cannot create a signed APK-file #305

Closed pekspro closed 1 year ago

pekspro commented 1 year ago

Describe the bug I have been redirected from this issue: https://github.com/dotnet/maui/issues/10872

TLDR; I have two MAUI-applications where I have created AAB files. I want to convert these to signed APK-files. This works for one of the applications, but the other will be an unsigned APK-file. The commands I use are identical.

Bundletool version(s) affected Version: 1.12.1 (and older versions too).

Stacktrace No visible errors, no stacktrace.

To Reproduce Download this file that contains the aab-files: https://pekspro.com/files/aab_to_apk_test.zip

Create a certificate, use password 12345678:

keytool -genkey -v -keystore signtest.keystore -alias signtest -keyalg RSA -keysize 2048 -validity 3

Run this on the first application. It will say that the generated APK-file is signed:

"C:\Program Files\Microsoft\jdk-11.0.12.7-hotspot\bin\java.exe" -Xmx1G -jar bundletool-all-1.12.1.jar build-apks --mode universal --bundle buildtestnew-Signed.aab --output buildtestnew-Universal.apks --output-format DIRECTORY --aapt2 "C:\Program Files\dotnet\packs\Microsoft.Android.Sdk.Windows\32.0.476\tools\aapt2.exe" --ks ./signtest.keystore --ks-key-alias signtest --key-pass pass:12345678 --ks-pass pass:12345678

keytool -printcert -jarfile .\buildtestnew-Universal.apks\universal.apk

Compare this we the second application. The APK-file will be unsigned.

"C:\Program Files\Microsoft\jdk-11.0.12.7-hotspot\bin\java.exe" -Xmx1G -jar bundletool-all-1.12.1.jar build-apks --mode universal --bundle radiostorm-Signed.aab --output radiostorm-Universal.apks --output-format DIRECTORY --aapt2 "C:\Program Files\dotnet\packs\Microsoft.Android.Sdk.Windows\32.0.476\tools\aapt2.exe" --ks ./signtest.keystore --ks-key-alias signtest --key-pass pass:12345678 --ks-pass pass:12345678

keytool -printcert -jarfile .\radiostorm-Universal.apks\universal.apk

Expected behavior Both APK-files should be signed. Or, if something is corrupt, we should get an error message.

Known workaround No workaround found.

Environment: OS: Windows 10, 21H1

I noticed the problem when I was building my application via GitHub actions.

ymakhno commented 1 year ago

The problem is you are using keytool which can be used to verify JAR signatures on APK file. Try using apksigner tool for APKs: https://developer.android.com/studio/command-line/apksigner.

Only legacy APK v1 signature has JAR-compatible format. This scheme is deprecated and replaced with a new APK signature scheme v2 starting Android 7. Because your radiostorm app has minSdk = 24 the legacy v1 signature (JAR-compatible) is not generated for your APK.

pekspro commented 1 year ago

Thanks, @ymakhno, I'm very greatful to have an explanation of this. I suspected I messed up something 😄