I saw couple similar questions like:
but I feel my problem is different.
First of all I use:
android:sharedUserId="android.uid.system"
so I need to sign my app with platform key. I'm able to do that in this way:
cd $ANDROID_ROOT/out/host/linux-x86/framework
java -Djava.library.path=$ANDROID_ROOT/out/host/linux-x86/lib64 -jar signapk.jar $ANDROID_ROOT/build/target/product/security/platform.x509.pem $ANDROID_ROOT/build/target/product/security/platform.pk8 $APP_DIR/app/build/outputs/apk/debug/app-debug.apk $APP_DIR/MyApp-signed.apk
However I want to do signing from gradle, so I have generated jks file in this way:
./keytool-importkeypair -k my_keystore.jks -p my_password -pk8 $ANDROID_ROOT/build/target/product/security/platform.pk8 -cert $ANDROID_ROOT/build/target/product/security/platform.x509.pem -alias platform
and I've modified app/build.gradle to have:
signingConfigs {
release {
storeFile file("my_keystore.jks")
storePassword "my_password"
keyAlias "platform"
keyPassword "my_password"
}
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
}
I've checked that my_keystore.jks has platform alias with:
keytool -list -v -keystore my_keystore.jks | grep Alias
Alias name: platform
but when I try to do:
./gradlew assembleRelease
or:
./gradlew signingReport
I get:
Failed to read key platform from store "(...)/my_keystore.jks": Invalid keystore format
Update:
I've tried following dr_g tips and I'm able to sign app using Android Studio (Build -> Generate Signed APK), so I guess keystore is ok, but still I get the same error when using assembleRelease.
I've also tried generating my own keystore as suggested by deadfish and indeed keystore generated by Android Studio is fine for gradle and assembleRelease works, but it's not platform key, so I can't use it unfortunately.
Issue solved:
It turned out that my problem was indeed different than the ones I've mentioned. It was related with keytool used for generating keys (not gradle), and it was because although my default java was 8, my default keytool was from java 10 … When I’ve switched to keytool from java 8 everything started to work fine.
LLL :
After chat with deadfish and following his suggestions (thanks for help!) I've come up with following workaround in app/build.gradle (inside android {}):\n\napplicationVariants.all { variant ->\n variant.assemble.doLast {\n exec {\n commandLine 'sh', '../mySigningScript.sh'\n }\n }\n}\n\n\nThis will run my script everytime when assembleDebug or assembleRelease is finished. I will not accept my answer because it's not answering my question and it forces me to remove signingConfigs from gradle but at least it's a workaround which potentially could be used if no better solution is proposed.",
2018-10-02T15:40:23
dr_g :
Please try using the .keystore variant. There could be ways to fix the java keystore (.jks) format but it is likely to take more time. \n\n1) Generate your .keystore file from your separate key files\n\n$ openssl pkcs8 -inform DER -nocrypt -in \\\n $ANDROID_ROOT/build/target/product/security/platform.pk8 -out platform.key\n$ openssl pkcs12 -export -in \\\n $ANDROID_ROOT/build/target/product/security/platform.x509.pem -inkey \\\n platform.key -name platform -out platform.pem -password pass:password\n$ keytool -importkeystore -destkeystore platform.keystore -deststorepass \\\n password -srckeystore platform.pem -srcstoretype PKCS12 -srcstorepass \n password\n\n\n2) Test your new keystore:\n\n$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore \\\n platform.keystore -storepass password your-app.apk platform\n\n\n3) Deploy keystore in your gradle build:\n\nsigningConfigs {\n debug {\n storeFile file('debug.keystore')\n storePassword 'android'\n keyAlias 'androiddebugkey'\n keyPassword 'android'\n }\n release {\n storeFile file('platform.keystore')\n storePassword 'password'\n keyAlias 'platform'\n keyPassword 'password'\n } \n}\n\n\nThe above build.gradle is also showing an example of using the android debug keystore as standard for debug builds.",
2018-09-27T14:25:55
VelocityPulse :
for create a keystore from x509.pem and pk8 files, you can use this script platform_import_keystore which is similar to keytool-importkeypair, but given that keytool-importkeypair doesn't work if you don't have a keystore already existing, platform_import_keystore will do.\n\nI hope it will help. \n\nEDIT :\n\nThe script platform_import_keystore is using the default keytool command. You must ansure that the command keytool which is used in the script is from java 8. This influences the keystore format got by keytool.",
2018-10-10T10:11:27