New Version signed with a different key

Hi

I am not sure why I am getting the error the new version was signed with a different key as I am using the same keystore.jks in repo when I publish the new version the app. The apk is build with same keys as well? Which keys does this refer to?

1 Like

Hi, what app exactly? How did you install in the first place? Device? Android version?

Hi

Apologies :slight_smile:
I have my own fdroid repo and I have an app (android) I build and put into the repo.

The complexity might be that I destroy the physical file system but retain the same keystore.jks and config.py etc each time (as I am using a docker to build) and then I put the apk into the unsigned folder and create my metadata folder and recreate my app.yaml

I then run
fdroid publish --verbose
fdroid update --verbose --create-metadata
and finally
fdroid server update --verbose

I then see in my android fdroid client that the app doesnt show update but when I click into the app it shows for example version 1 and then version 2 available (as I ticked show uncompatible versions) but when I click install on version 2 it says signed with wrong key and I need to uninstall old one

How do you do it? Push the files in the docker image on start, then git clone, then build?

Hi

Yes I have a base docker and I generated the keys with keytool originally along with the config and its then added into the docker at build time. The server update updates to a serverwebroot external to the docker ie rsyncs and I then destro the docker until next update

Sounds like the key is recreated, do you run fdroid init inside docker?

I dont run fdroid init

I create the directory and add config.py, keystore.jks and fdroid-icon.png etc ie I emulate what init does but dont recreate the key so its always the same keystore file.

I then bring in the apk file into unsigned etc as above

I even did a check now. I did two builds

ls -ahl 353414090455664.tar.gz
1.4M Jun 6 07:36 353414090455664.tar.gz
ls -ahl 353414090455664.tar.gz
1.4M Jun 6 07:47 353414090455664.tar.gz

A few minutes a part. The tar.gz is what gets sent into the docker for building and inside we have the keystore

tar -xvzf 353414090455664.tar.gz
tmp/353414090455664/
tmp/353414090455664/NDoH.json
tmp/353414090455664/NDoH.apk
tmp/353414090455664/353414090455664.json
tmp/353414090455664/config.py
tmp/353414090455664/keystore-353414090455664.jks

So you can see the untarred here

I then untarred other one and renamed the keystore-353414090455664.jks files A and B from the extracted keystore files

diff keystore-353414090455664A.jks keystore-353414090455664B.jks
gave no differences

So I am totally stumped now

Hi

I found something interesting which does explain things

INFO: Processing unsigned/com.xxxxx.ndoh_8.apk

INFO: Key alias: b974b400

DEBUG: > /usr/lib/jvm/default-java/bin/keytool -list -alias b974b400 -keystore keystore-353414090455664.jks -storepass:env FDROID_KEY_STORE_PASS

keytool error: java.lang.Exception: Alias <b974b400> does not exist

INFO: Key does not exist - generating...

DEBUG: > /usr/lib/jvm/default-java/bin/keytool -genkey -keystore keystore-353414090455664.jks -alias b974b400 -keyalg RSA -keysize 2048 -validity 10000 -storepass:env FDROID_KEY_STORE_PASS -keypass:env FDROID_KEY_PASS -dname CN=xxxx.com, O=xxxx Pty Ltd, C=ZA

Question: Where does this come from INFO: Key alias: b974b400?

When I created the keystore i used

keytool -genkey -noprompt -alias 353414090455664 -sigalg SHA1withRSA
-dname "CN=xxx.com, O=xxxl Pty Ltd, C=ZA"' 
-keystore "/tmp/keystore-353414090455664.jks
-storepass password 
-keypass password
-keyalg RSA
-keysize 2048
-validity 10000

Better use fdroid init and get the generated config.py and key, since config.py has also info about the key, right?

I think ive found the answer. I need to add keyaliases into my config.py and set my alias then it works. Well it signs using the right certificate. So now Im just going to do a new version of the app and see but I think ive found the answer as it will use correct alias and correct key each time

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Mastodon