New Version signed with a different key

#1

Hi

I am not sure why I am getting the error the new version was signed with a different key as I am using the same keystore.jks in repo when I publish the new version the app. The apk is build with same keys as well? Which keys does this refer to?

1 Like
#2

Hi, what app exactly? How did you install in the first place? Device? Android version?

#3

Hi

Apologies :slight_smile:
I have my own fdroid repo and I have an app (android) I build and put into the repo.

The complexity might be that I destroy the physical file system but retain the same keystore.jks and config.py etc each time (as I am using a docker to build) and then I put the apk into the unsigned folder and create my metadata folder and recreate my app.yaml

I then run
fdroid publish --verbose
fdroid update --verbose --create-metadata
and finally
fdroid server update --verbose

I then see in my android fdroid client that the app doesnt show update but when I click into the app it shows for example version 1 and then version 2 available (as I ticked show uncompatible versions) but when I click install on version 2 it says signed with wrong key and I need to uninstall old one

#4

How do you do it? Push the files in the docker image on start, then git clone, then build?

#5

Hi

Yes I have a base docker and I generated the keys with keytool originally along with the config and its then added into the docker at build time. The server update updates to a serverwebroot external to the docker ie rsyncs and I then destro the docker until next update

#6

Sounds like the key is recreated, do you run fdroid init inside docker?

#7

I dont run fdroid init

I create the directory and add config.py, keystore.jks and fdroid-icon.png etc ie I emulate what init does but dont recreate the key so its always the same keystore file.

I then bring in the apk file into unsigned etc as above

#8

I even did a check now. I did two builds

ls -ahl 353414090455664.tar.gz
1.4M Jun 6 07:36 353414090455664.tar.gz
ls -ahl 353414090455664.tar.gz
1.4M Jun 6 07:47 353414090455664.tar.gz

A few minutes a part. The tar.gz is what gets sent into the docker for building and inside we have the keystore

tar -xvzf 353414090455664.tar.gz
tmp/353414090455664/
tmp/353414090455664/NDoH.json
tmp/353414090455664/NDoH.apk
tmp/353414090455664/353414090455664.json
tmp/353414090455664/config.py
tmp/353414090455664/keystore-353414090455664.jks

So you can see the untarred here

I then untarred other one and renamed the keystore-353414090455664.jks files A and B from the extracted keystore files

diff keystore-353414090455664A.jks keystore-353414090455664B.jks
gave no differences

So I am totally stumped now

#9

Hi

I found something interesting which does explain things

INFO: Processing unsigned/com.xxxxx.ndoh_8.apk

INFO: Key alias: b974b400

DEBUG: > /usr/lib/jvm/default-java/bin/keytool -list -alias b974b400 -keystore keystore-353414090455664.jks -storepass:env FDROID_KEY_STORE_PASS

keytool error: java.lang.Exception: Alias <b974b400> does not exist

INFO: Key does not exist - generating...

DEBUG: > /usr/lib/jvm/default-java/bin/keytool -genkey -keystore keystore-353414090455664.jks -alias b974b400 -keyalg RSA -keysize 2048 -validity 10000 -storepass:env FDROID_KEY_STORE_PASS -keypass:env FDROID_KEY_PASS -dname CN=xxxx.com, O=xxxx Pty Ltd, C=ZA

Question: Where does this come from INFO: Key alias: b974b400?

When I created the keystore i used

keytool -genkey -noprompt -alias 353414090455664 -sigalg SHA1withRSA
-dname "CN=xxx.com, O=xxxl Pty Ltd, C=ZA"' 
-keystore "/tmp/keystore-353414090455664.jks
-storepass password 
-keypass password
-keyalg RSA
-keysize 2048
-validity 10000
#10

Better use fdroid init and get the generated config.py and key, since config.py has also info about the key, right?

#11

I think ive found the answer. I need to add keyaliases into my config.py and set my alias then it works. Well it signs using the right certificate. So now Im just going to do a new version of the app and see but I think ive found the answer as it will use correct alias and correct key each time

Mastodon