I suppose unsigned apk is a problem. Where can I see It is a problem on the merge request continuous integration ? (To be able to see when I signed it correctly)
How I should sign it for this f-droid integration process ?
➜ rolldash git:(main) ✗ ~/Logiciels/android-studio/jre/bin/jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /home/bastiensevajol/Documents/Bastien\ Sevajol/Work/Rolling/APK/Key/fr.bux.rollingdashboard.jks /home/bastiensevajol/Téléchargements/fr.bux.rollingdashboard.apk rollingdashboard
Enter Passphrase for keystore:
adding: META-INF/MANIFEST.MF
adding: META-INF/ROLLINGD.SF
adding: META-INF/ROLLINGD.RSA
signing: META-INF/com/android/build/gradle/app-metadata.properties
signing: META-INF/androidx.activity_activity-ktx.version
signing: META-INF/androidx.activity_activity.version
signing: META-INF/androidx.annotation_annotation-experimental.version
[...]
signing: res/zQ.png
signing: res/zq.xml
signing: resources.arsc
>>> Signer
X.509, CN=Bastien Sevajol, O=bux, L=Charavines, ST=Isere, C=FR
[trusted certificate]
jar signed.
Warning:
The signer's certificate is self-signed.
The SHA1 algorithm specified for the -digestalg option is considered a security risk. This algorithm will be disabled in a future update.
The SHA1withRSA algorithm specified for the -sigalg option is considered a security risk. This algorithm will be disabled in a future update.
POSIX file permission and/or symlink attributes detected. These attributes are ignored when signing and are not protected by the signature.