Reputation: 11565
Why do I get "no manifest." and "jar is unsigned." when doing "jarsigner -verify -verbose -certs" for my APK
I have one of my Android projects producing unsigned APKs. I'm using below provided configuration and then verifying produced APKs. I'm sure Gradle is using my provided keystore file because I tried changing the path and password and the build was failing.
APKs are not signed after all
jarsigner -verify -verbose -certs /Users/viliuskraujutis/.../path-to-newly-created.apk
The output is this:
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
no manifest.
jar is unsigned.
Signing from build.gradle
For the context I'm signing like this:
android {
...
signingConfigs {
release {
storeFile file("my-key-used-in-other-successful-project.keystore")
storePassword "my-password-used-in-other-successful-project"
keyAlias "my-alias-used-in-other-successful-project"
keyPassword "my-password-used-in-other-successful-project"
}
}
Upvotes: 4
Views: 2649
Answers (3)
Reputation: 1145
In react native
when I try to deploy or upload the app on mseva that time period I got the error or issue
The solution is to add
v1SigningEnabled true
v2SigningEnabled true
verify to run where your apk is located
jarsigner -verify -verbose -certs app-YOURAppName-release.apk
Upvotes: 0
Reputation: 11565
The problem was as @Pierre posted yesterday - the minSdk version was 30, and since it's >23 - it uses v2/v3 signing scheme by default.
For maximum compatibility, we decided to use multiple signing schemes as per android.com recommendation.
And the fix for the app/build.gradle was that simple - we have set v1SigningEnabled and v2SigningEnabled to true. Like this:
signingConfigs {
release {
storeFile file('...')
storePassword '...'
keyAlias '...'
keyPassword '...'
v1SigningEnabled true
v2SigningEnabled true
}
}
Upvotes: 1
Reputation: 17437
You likely have a minSdkVersion of 24 or higher. If that's the case then AGP uses a more efficient signing scheme called "V2 signing" and because all Android devices on 24+ support this scheme, it is no longer needed to sign with "v1 scheme" (i.e.jar signing). V2 scheme is completely independent of jar signing, that's why jarsigner thinks the APK is unsigned. If you use apksigner (provided in Android tools), then you can check that your APK is in fact correctly signed.
Upvotes: 5
Related Questions
- jarsigner: the signer's certificate is self signed warning
- How to use jarsigner for signing an apk?
- Jarsigner is not recognized internal or external command
- "jarsigner error: java.lang.RuntimeException: certificate exception" while trying to manually sign an APK
- Android - Error signing my apk wit jarsigner
- Unable to sign apk file using jarsigner
- Published Android apk gives error "Package file was not signed correctly"
- jarsigner doesn't work Ubuntu
- Issue signing jar for Android app in Eclipse
- Error Signing APK With Maven Jarsigner