[JENKINS-58310] Can I use the android signing plugin to sign android app bundles?

Type: New Feature
Resolution: Unresolved
Priority: Critical
Component/s: android-signing-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

We are migrating to the new android app bundle format and I'd like to keep signing my aab files with the same signing plugin. Is it possible with existing signing plugin implementation?

Artemy Kilin created issue - 2019-07-03 07:44

Robert St. John added a comment - 2019-07-03 11:32

To be quite honest, I don't know. Do you have a build you can try already? I'll look into it when I get a few spare moments in the next couple of days.

Robert St. John added a comment - 2019-07-03 11:32 To be quite honest, I don't know. Do you have a build you can try already? I'll look into it when I get a few spare moments in the next couple of days.

Robert St. John added a comment - 2019-07-08 05:00 - edited

Some brief research unfortunately reveals that the plugin cannot sign AABs, currently. I can probably get around to implementing a solution that uses Java's JarSigner API. Pull requests are welcome as well, if you're so inclined. In the interim, you should be able to use Java's jarsigner command-line utility and the Credentials Binding Plugin to sign your AABs. Just be aware of some of the security concerns that go along with that approach. You could also enroll in Google Play's app signing, as the Android docs describe, if that's an option for you.

Robert St. John added a comment - 2019-07-08 05:00 - edited Some brief research unfortunately reveals that the plugin cannot sign AABs, currently. I can probably get around to implementing a solution that uses Java's JarSigner API. Pull requests are welcome as well, if you're so inclined. In the interim, you should be able to use Java's jarsigner command-line utility and the Credentials Binding Plugin to sign your AABs. Just be aware of some of the security concerns that go along with that approach. You could also enroll in Google Play's app signing, as the Android docs describe , if that's an option for you.

Artemy Kilin added a comment - 2019-07-08 12:00

Thank you for you reply, I'll choose the most proper option. I hope one day the plugin will be able to sign aab though.

Artemy Kilin added a comment - 2019-07-08 12:00 Thank you for you reply, I'll choose the most proper option. I hope one day the plugin will be able to sign aab though.

Robert St. John made changes - 2019-07-08 12:03

Issue Type

Original: Task [ 3 ]

New: New Feature [ 2 ]

Oleg Kistrovskikh added a comment - 2020-06-23 13:29 - edited

Hi ! This issue is very actual now, because all android apps needs to move on app bundle soon.

I tried to sign aab with plugin and got error below

FATAL: [SignApksBuilder] error signing APK ...aab
com.android.apksig.apk.MinSdkVersionException: Unable to determine APK's minimum supported Android platform version: APK is missing AndroidManifest.xml
	at com.android.apksig.ApkSigner.getMinSdkVersionFromApk(ApkSigner.java:706)
	at com.android.apksig.ApkSigner.sign(ApkSigner.java:242)
	at com.android.apksig.ApkSigner.sign(ApkSigner.java:179)
	at org.jenkinsci.plugins.androidsigning.SignApksBuilder$SignApkCallable.invoke(SignApksBuilder.java:510)
	at org.jenkinsci.plugins.androidsigning.SignApksBuilder$SignApkCallable.invoke(SignApksBuilder.java:464)
	at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3069)
	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
	at hudson.remoting.Request$2.run(Request.java:369)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:97)
	at java.lang.Thread.run(Thread.java:748)

Oleg Kistrovskikh added a comment - 2020-06-23 13:29 - edited Hi ! This issue is very actual now, because all android apps needs to move on app bundle soon. I tried to sign aab with plugin and got error below FATAL: [SignApksBuilder] error signing APK ...aab com.android.apksig.apk.MinSdkVersionException: Unable to determine APK's minimum supported Android platform version: APK is missing AndroidManifest.xml at com.android.apksig.ApkSigner.getMinSdkVersionFromApk(ApkSigner.java:706) at com.android.apksig.ApkSigner.sign(ApkSigner.java:242) at com.android.apksig.ApkSigner.sign(ApkSigner.java:179) at org.jenkinsci.plugins.androidsigning.SignApksBuilder$SignApkCallable.invoke(SignApksBuilder.java:510) at org.jenkinsci.plugins.androidsigning.SignApksBuilder$SignApkCallable.invoke(SignApksBuilder.java:464) at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3069) at hudson.remoting.UserRequest.perform(UserRequest.java:211) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:97) at java.lang. Thread .run( Thread .java:748)

Robert St. John added a comment - 2020-06-25 18:34

I'll see if I can carve out some time to look into signing AABs in the near future.

Robert St. John added a comment - 2020-06-25 18:34 I'll see if I can carve out some time to look into signing AABs in the near future.

Oleg Kistrovskikh added a comment - 2020-10-19 11:35

restjohn hello !

Do you have news about bundles signing ?

Thank you

Oleg Kistrovskikh added a comment - 2020-10-19 11:35 restjohn hello ! Do you have news about bundles signing ? Thank you

Oleg Kistrovskikh made changes - 2021-06-07 07:37

Priority

Original: Major [ 3 ]

New: Critical [ 2 ]

Lorenzo Orsatti added a comment - 2022-07-26 11:07

Is this issue related to https://github.com/jenkinsci/android-signing-plugin/pull/2. Is there anybody available to review this PR?

Thanks a lot!

Lorenzo Orsatti added a comment - 2022-07-26 11:07 Is this issue related to https://github.com/jenkinsci/android-signing-plugin/pull/2 . Is there anybody available to review this PR? Thanks a lot!

Assignee:: Robert St. John

Reporter:: Artemy Kilin

Votes:: 3 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2019-07-03 07:44

Updated:: 2023-01-05 06:52

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Robert St. John added a comment - 2019-07-03 11:32

Expand comment: Robert St. John added a comment - 2019-07-03 11:32

Collapse comment: Robert St. John added a comment - 2019-07-08 05:00, Edited by Robert St. John - 2019-07-08 11:27

Expand comment: Robert St. John added a comment - 2019-07-08 05:00, Edited by Robert St. John - 2019-07-08 11:27

Collapse comment: Artemy Kilin added a comment - 2019-07-08 12:00

Expand comment: Artemy Kilin added a comment - 2019-07-08 12:00

Collapse comment: Oleg Kistrovskikh added a comment - 2020-06-23 13:29, Edited by Oleg Kistrovskikh - 2020-06-23 13:49

Expand comment: Oleg Kistrovskikh added a comment - 2020-06-23 13:29, Edited by Oleg Kistrovskikh - 2020-06-23 13:49

Collapse comment: Robert St. John added a comment - 2020-06-25 18:34

Expand comment: Robert St. John added a comment - 2020-06-25 18:34

Collapse comment: Oleg Kistrovskikh added a comment - 2020-10-19 11:35

Expand comment: Oleg Kistrovskikh added a comment - 2020-10-19 11:35

Collapse comment: Lorenzo Orsatti added a comment - 2022-07-26 11:07

Expand comment: Lorenzo Orsatti added a comment - 2022-07-26 11:07

People

Dates