gradle assembleRelease uses wrong key/certificate

StackOverflow https://stackoverflow.com/questions/21493951

Question

I have a gradle-based android project and trying to generate a release apk. However, it seems that somehow gradle is picking up the wrong key/cert.

This is what I have in build.gradle:

signingConfigs {
    release {
        storeFile file("mykey.jks")
        storePassword "mypass"
        keyAlias "mykey.key"
        keyPassword "mypass"
    }
}

buildTypes {
    release {
        debuggable false
        jniDebugBuild false
        runProguard true
        proguardFile getDefaultProguardFile('proguard-android.txt')
        signingConfig signingConfigs.release
    }
}

And after running

gradlew assembleRelease

and taking out META-INF/CERT.RSA from inside the .apk I run the following:

keytool -list -keystore mykey.jks

and 

keytool -printcert -v -file CERT.RSA

but they produce output with different certificate fingerprints. Trying with a certificate from another apk signed with the same key (but not with gradle) yields the correct certificate fingerprint.

Gradle seems to be picking up the keystore fine (changing the password or location or alias makes it stop working).

I'm puzzled since I don't want to release something to the store signed with an unknown key and then not be able to update it. I don't have a debug key explicitly defined in gradle.

UPDATE: This has something to do with the keystore. Trying the same gradle code with a fresh keystore and key works fine. This problematic keystore was imported from a pkcs#12 format (.p12 file). Using Intellij or jarsigner works fine with this keystore though, it's just the gradle code that has a different output - and it seems only the certificate generated from the key is different.

Was it helpful?

Solution 3

The only solution here was to start with a fresh key. The previous key had been imported from a PKCS12 format and I think that somehow caused the gradle code to generate a different certificate than jarsigner.

OTHER TIPS

In my case I was not aware I am using debug keystore file for release. In project/android/app/build.gradle 

buildTypes {
    debug {
        signingConfig signingConfigs.debug
    }
    release {
        // Caution! In production, you need to generate your own keystore file.
        // see https://facebook.github.io/react-native/docs/signed-apk-android.
        signingConfig signingConfigs.debug // <-- need to be changed with
        //the line below
        //signingConfig signingConfigs.release
        minifyEnabled enableProguardInReleaseBuilds
        proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"
    }
}

I faced the same issue while building signed .aab file with gradle. It has to do with gradle caching issue. I just restarted my gradle daemon threads running in my system and clean gradle cache.

./gradlew --stop
./gradlew clean
./gradlew bundleRelease

And it resolved the problem.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top