Phonegap run from CLI with --release and self-signed app requires me to patch cordova.js
Asked Answered
S

2

13

I suppose I'm doing something wrong but I had to patch https://github.com/phonegap/phonegap/blob/master/lib/android/bin/templates/cordova/lib/cordova.js#L313 this way (add "unaligned" token matching):

if (fso.GetExtensionName(path) == 'apk' && !path.match(/unaligned/) && !path.match(/unsigned/)) {
      path_to_apk = out_files.item();
      break;
}

otherwise the "unsigned" apk is first found and installed, and it will fail not being signed. I'm using the CLI to build and run my apk. In debug mode it's ok, obviously, because the signing takes a different path.

Giovanni

Success answered 26/6, 2013 at 9:55 Comment(0)
S
47

I'm not sure what you did to try to sign your app, but here's what worked for me:

Update (4/14/14)

There is actually an easier way to do this all in one command once you set up the correct configuration, as described in this SO answer: Automation for Android release build I also, wrote a blog post about it here: http://www.adamwadeharris.com/android-automation/

Make sure your app is good to go

Make sure you’ve set your version number in AndroidManifest.xml. Google Play won’t accept it unless it is different than the previous versions in the store. versionCode is an integer value, so just increment it by 1 each time you submit regardless of whether it’s a major or minor update. versionName isn’t used for anything except for displaying to users and it’s a string so you can name it whatever you want. For example, you could set it to 1.0.3 while versionCode might be 3. (http://developer.android.com/tools/publishing/versioning.html#appversioning)

http://schemas.android.com/apk/res/android”>

Create a keystore file

Create a keystore file and set a password. I won’t go into a lot of detail about how to actually do this. Just make sure you don’t lose this file. If you lose it, and you have to create a new one, then it will become a new app when you try to add it to the Google Play Store. (http://developer.android.com/tools/publishing/app-signing.html#cert)

Always use a different keystore file for each app because it’s your private key for uploading apps to the store. If you ever decide to transfer your app to another developer, you’ll have to give them the keystore file, and if you also use that keystore for other apps, then you have a security issue. (http://developer.android.com/tools/publishing/app-signing.html#secure-key)

Put the keystore file somewhere on your computer. It doesn’t really matter where.

Tell ant where your keystore file is for this app

Then you just need to tell ant where the keystore file is by going to your android project folder (For phonegap it’s in platforms/android) and create an ant.properties file and put the following in it:

key.store=/Users/username/Documents/path/to/my-release-key.keystore
key.alias=app_name

Where key.store equals the path to the keystore file starting at the C Drive, and key.alias is just whatever you want to call it for short. You’ll use the alias in the following commands.

Build your app

Open up the command prompt, and navigate to your project and run phonegap build.

phonegap build android

in platforms/android/bin you should have:

AppName.ap_
AppName.ap_.d
AppName-debug.apk
AppName-debug-unaligned.apk
AppName-debug-unaligned.apk.d

Sign in release mode

Then navigate to the android directory and run ant release:

cd platforms/android
ant release

It will prompt you for your keystore password and the password for the alias ‘app_name’. Enter your keystore password for both of them.

In platforms/android/bin you should now also have release versions of the app:

AppName-release.apk
AppName-release-unaligned.apk
AppName-release-unsigned.apk
AppName-release-unsigned.apk.d

Now move into the bin directory:

cd bin

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /Users/username/Documents/path/to/my-release-key.keystore AppName-release-unsigned.apk app_name

Update- According to a comment below, you won't get a warning at the next step if you use -sigalg SHA1withDSA -digestalg SHA1 instead of SHA1withRSA

Enter your keystore password

jarsigner -verify -verbose -certs AppName-release-unsigned.apk

If you get a warning like this ignore it: Warning: This jar contains entries whose certificate chain is not validated.

zipalign -v 4 AppName-release-unsigned.apk AppName.apk

it will say: Verification successful

And your final apk (AppName.apk) will be created in the bin directory.

(http://developer.android.com/tools/publishing/app-signing.html#releasemode)

Then you can upload to Google Play.

I hope this helps. Let me know if you have any questions.

http://www.adamwadeharris.com/sign-publish-phonegap-app-google-play-store-windows/

Solicitor answered 16/10, 2013 at 16:33 Comment(6)
Thanks aharris88! I wasn't notified of your answer by stackoverflow (it happens often!). Well, it doesn't seem very straigthforward, but I will give it a try.Success
Don't forget check your AndroidManifest.xml option debuggable is set true by phonegap.Kislev
I think you meant to say, make sure you set debuggable to false in AndroidoManifest.xml, like this: <application android:debuggable="false"Solicitor
@Solicitor When i execute jarsigner, how can i sign and create a new signed file apk likes that: AppName-release-signed.apk? ThanksBouilli
That would be hard for me to answer in a comment. Please ask another question on SO and then send me the link on twitter @adamCoderSolicitor
you won't get a warning at jarsigner if you use -sigalg SHA1withDSA -digestalg SHA1 instead of SHA1withRSA. That's how it worked for me :)Earplug
B
1

Make sure before you run your build that you generate the right keys.

Example:

keytool -genkey -v -keystore CHANGETHIS.keystore -alias CHANGETHIS -keyalg RSA -keysize 2048 -validity 10000

Now run your build command

Example:

cordova build android --release
Brandybrandyn answered 13/3, 2015 at 6:20 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.