PDA

View Full Version : [NOREPRO] CMD3 Signing Android Package - Accepted by Play Store, but not by Phone



svenna
29 Oct 2012, 5:37 AM
I'm trying to publish my app to Google Play.

It's build with:
Sencha CMD 3 .230
Touch 2.1-20121025 nightly

If i build it with "configuration": "Debug" I can install in on the Phone, and everything is working fine.

However, if I build with "configuration": "Release" the build seems to work fine, but I'm unable to install in on the phone. When I install on GN with 4.1 by downloading from url I simple get at "x App not installed." error. However if I upload to Google Play the cert is accepted, and when trying to install trough Google Play everything seems fine, until the download is done. Then I get the error message "package file was not signed correctly"

I've tried this on several phones and tablets, but they all give the same error message.

I've also tried messing around with the packager.json, to confirm that I get errors.
Incorrect certname (error in build)
Incorrect cert-alias (error in build)
Incorrect cert-password (error in build)
Incorrect expiery etc (error when uploading to Play)
Upload Debug cert to Play (error when uploading to Play)
This tells me that all the cert related parameters in my Packager-file is correct, since changing any of them gives errors.

I've tried searching for the error on Google, but have not found any good solutions for debugging the problem. The error message seems mostly related to users updating their app, and the app author may have changed their key. Uninstall/Reinstall seems to fix the problem for most users. This is not the case for me. It's a first time install, and some of the devices never used the dev-builds.

Can anyone confirm being able to build with .230, publish to the store and install on an Android device?
Any information as to where I should start debugging?

dongryphon
30 Oct 2012, 12:02 AM
Thanks for the report! I have opened a bug in our bug tracker.

svenna
30 Oct 2012, 1:01 AM
I've been googling the last 24h. I have not found a solution, but found these links/post the most interesting:

Content of package not correcly signed:
http://productforums.google.com/forum/#!topic/android-market/JzAgJ414CQc
I've not been able to see any output from the logcat, so no progress so far. Can't see that anyone solved the problem, except by removing unused content.

LVL public key not used correcly / created new cert on OSX
http://answers.unity3d.com/questions/296001/package-file-was-not-signed-correctly.html
Testing with a new cert don't seem like an option, since the Google uploader does not accept the new package if it's signed with a different cert. (yet, the user seems to have done just that)

Including the public key from Play in the package should not be needed when not using LVL (Have not seen LVL support in Sencha CMD/Forums)

I've tried creating a new cert on OSX, and install it directly on the phone, but it does not work.

On a side note, please change the default validity in the keytool command (docs) from 10000 to 20000
10.000 is about 27 years, but Google Play require at least 50 years when uploading.

akpotosufredrick
4 Nov 2012, 6:51 AM
same thing. is it a st bug or our mistake with creating the key?

svenna
4 Nov 2012, 11:50 AM
I hope it's a Sencha bug, since Google won't let me replace the cert to something signed by another private key.

svenna
6 Nov 2012, 11:18 PM
Same problem With Touch 2.1 GA and Cmd.250

Done some more testing:
- Uploaded the Cmd Package to PhoneGap build (no mofifications) and used the same release cert.
When build by PhoneGap the package and signature/cert is working fine. I'm able to install in on the device directly, and though Play.

- Tried to manually resign the Cmd apk with APK Multi-Tool. I'm able to resign with debug cert, but not with the production cert.

Also tried resigning the package manually with jarsigner, but the Cmd created package simply does not work when signed with the production cert.

akpotosufredrick
7 Nov 2012, 6:25 AM
So do you Think its a CMD Bug?
Have you tried creating the Key with Eclipse and then using that Key?

I might try it this Week, but If you get to do it First pls let me Know.

svenna
7 Nov 2012, 9:52 AM
Looks like a CMD issue yes, since I'm able to use the exact same keystore when uploading to PhoneGap build. I've tried different certs also, generated on linux and windows.

svenna
7 Nov 2012, 2:15 PM
Finally got it working.

Steps:
- Build Release (not Debug) with Cmd 250 - Touch 2.1 GA
- rename .apk to .zip (convenience)
- delete META-INF folder in zip fila
- rename .zip to .apk
- resign with jarsigner: R:\htdocs\dev\bowlingres.no\touchdeploy>jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ..\..\my-release-key.keystore BowlingRes.apk arelease

Working APK :)

akpotosufredrick
26 Nov 2012, 7:48 AM
have to sign with jarsigner after building native with sencha and the generated key:



$ jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.keystoremy_application.apk alias_name
have to put the keystore file in the same folder as the apk file

tnickl
25 Jan 2013, 5:44 AM
Thank you svenna!
This saved me at least another week of fighting with Sencha.

What I did:
- jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ..\..\..\..\my-release-key.keystore anotherapp.apk alias_name
- # renaming anotherapp.apk to anotherapp.apk_
- zipalign -v 4 anotherapp.apk_ anotherapp.apk

I used CMD3.0.2.288 under Windows 7.

svenna
25 Jan 2013, 6:01 AM
So still not fixed, then.. I have not tried with the latest Cmds :(
Even tough Sencha can't reproduce, at least it's not just me :)

coloenz
21 Mar 2013, 7:27 AM
Wow, I can not describe how happy I am to find this solution. I had been playing with this problem for hours.

Thanks for sharing your solution, shame that Sencha still hasn't solved this silly problem.

I am using the latest Sencha tools, Sencha Cmd v3.0.2.288

---------------------------------------------------------------------------
http://developer.android.com/tools/publishing/app-signing.html

I (http://developer.android.com/tools/publishing/app-signing.html)t would be great if we somehow can Ant do al the signing and zipalign. How can we make this work?

If you are using Ant, you can enable release mode by using the release option with the ant command. For example, if you are running Ant from the directory containing your build.xml file, the command would look like this:

$ ant releaseBy default, the build script compiles the application APK without signing it. The output file in your project bin/ will be<your_project_name>-unsigned.apk. Because the application APK is still unsigned, you must manually sign it with your private key and then align it using zipalign.
However, the Ant build script can also perform the signing and aligning for you, if you have provided the path to your keystore and the name of your key alias in the project's ant.properties file. With this information provided, the build script will prompt you for your keystore and alias password when you perform ant release, it will sign the package and then align it. The final output file in bin/ will instead be <your_project_name>-release.apk. With these steps automated for you, you're able to skip the manual procedures below (steps 3 and 4). To learn how to specify your keystore and alias in the ant.properties file, see Building and Running Apps on the Command Line (http://developer.android.com/tools/building/building-cmdline.html#ReleaseMode).

svenna
18 Apr 2013, 10:50 PM
Just to follow up. This bug is still not fixed, when using Touch 2.2 and sencha 3.1.1.274

Sencha, I find it strange that you can not reproduce, but I can send you a Cmd-produced apk, signed with Cmd - and then a resigned apk, to see the difference.

I could send you the complete project, but this is easily reproduced with the Cmd standard project, and following the key-creating guide for touch 2.2 in Windows.
I've tested on Win 8 64 bit this time..

coloenz
19 Apr 2013, 12:28 AM
Just to follow up. This bug is still not fixed, when using Touch 2.2 and

I am too still having problems, it just does not work as advertised. I sure hope Sencha will do something about this problem now.

Have created some bacth files to do the signing for me, but that is far from ideal.

coloenz
26 Apr 2013, 12:26 PM
still no answer from anybody?

Not going to spend my money over here then. We were planning buying a couple of bundles. But the software just doesn't work. Shame.

kalyanjit
14 Jun 2013, 1:32 AM
I am using the latest SDK and Sencha Cmd to package for android.

get this error while installing the app from playstore when others try to install the app ?

is it a bug with the SDK or Sencha Cmd

which versions works then. it was working with the earlier versions of sdk and sencha cmd

thanks

svenna
14 Jun 2013, 1:57 AM
It's a bug with cmd. You'll have to resign the package manually before uploading to Play Store. I don't think this ever worked, even in earlier versions

kalyanjit
14 Jun 2013, 2:22 AM
Steps:
- Build Release (not Debug) with Cmd 250 - Touch 2.1 GA
- rename .apk to .zip (convenience)
- delete META-INF folder in zip fila
- rename .zip to .apk
- resign with jarsigner: R:\htdocs\dev\bowlingres.no\touchdeploy>jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore ..\..\my-release-key.keystore BowlingRes.apk arelease


Followed the steps above but still did not work....


thanks