Need a hand for apk signing

1

Hello, I am preparing an app for submission and I am a bit lost about how I should handle the signing of the APK.

I’ve read Signing Process (f-droid dot org/en/docs/Signing_Process/) but I’m not sure it applies since I have no occurrence of the fdroid tool in my process.

I’ve read Publishing an app on Fdroid (randombits dot dev/articles/android/fdroid) but there is a gap between the Builds part and the AllowedAPKSigningKeys part, most probably because the app don’t use Gradle directly. The fact that it gets the app from GitHub would fit my use case though.

You can see a failing pipeline here and find the metadata file from there. The app is a game written in C++. The build is done with a script from the app’s repo, something like setup.sh --target-platform android -build-type release. This allows to have the same build process everywhere and this is for example how it is built on GitHub.

The build ends with a call to gradlew assembleRelease which searches the keystore in the app’s folder. On GitHub this keystore is populated using the secrets provided by the platform. I don’t know how to do that for F-Droid. I want to keep the same signing key for all platforms. Do you have any hints or pointers to help me?

1 Like
2

F-Droid.org generates their own signing keys for each app and manages them.
If you setup reproducible builds though however, it automatically downloads the app from the given Binaries: directive and copies over the signing metadata to the F-Droid built copy if the data sections match.

1 Like
3

The reproducible build seems great but I don’t understand how I can get to the end of the build on F-Droid’s side. The Gradle file expects a keystore in a specific directory, and a properties file containing the keystore’s password. How can I fill them with F-Droid’s signing info? Without a keystore the build will always fail.

4

remove all the keystore entries so it does not try

sed -i -e '/signingConfigs {/,/^ }/d' build.gradle.in

5

Thanks! I removed the signingConfig line from the buildTypes section and I now have an APK at the end. I’ve yet to find why some files are different from the reference APK but it’s another topic :slight_smile: