2

I have an Android Project (with Android Studio and Gradle) and a Jenkins CI Server that build this one.

What I'm trying to do is to generate a completely unsigned certificate.

In fact, when the server builds the application, it does generate an -unsigned.apk but it seems that this apk is signed by the developper certificate.

In fact I checked this out by downloading the apk and running the following command (after reading How do I verify that an Android apk is signed with a release certificate?)

jarsigner -verify -verbose -certs app-unsigned.apk | grep Android

So the output is like

X.509, CN=Android Debug, O=Android, C=US

(with a lot of rows)

For what it worth, I build the app running the gradle tasks :

clean assemble lint

And after that, I zipaling all the apks by running

zipalign -f -v 4 *.apk

My build.gradle doesn't contain any signing option

android {
    compileSdkVersion 19
    buildToolsVersion '19.0.1'

    defaultConfig {
        minSdkVersion 10
        targetSdkVersion 19
    }

    buildTypes {
        debug {
            // proguard
            runProguard false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
            // ZipAlign
            zipAlign false
        }

        release {
            // proguard
            runProguard true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
            // ZipAlign
            zipAlign true
        }
    }

    productFlavors {
        defaultFlavor {
        proguardFile 'proguard-rules.txt'
        }
    }

    lintOptions {
        // Don't abort if Lint finds an error, otherwise the Jenkins build
        // will be marked as failed, and Jenkins won't analyse the Lint output
        abortOnError false
    }
}

What can I try next?

halfer
  • 19,824
  • 17
  • 99
  • 186
Quentin Klein
  • 1,263
  • 10
  • 27
  • After some readings it seems that I have to build in release mode to get an unsigned apk that I have to sign by myself ? [Android dev](http://developer.android.com/tools/building/building-cmdline.html#ReleaseMode) `If you build your application unsigned, then you will need to manually sign and align the package.` I'll try that out. – Quentin Klein May 12 '14 at 15:54

1 Answers1

5

Ok I managed to get the result.

The fact was in the task I was using for my build.

I used

clean assemble lint

And then I changed for 

clean assembleRelease lint

The generated apk is now app-release-unsigned.apk but when I run the command 

jarsigner -verify -verbose -certs app-release-unsigned.apk | grep Android

the output is nothing so I guess it worked.

This is a mystery for me because I thought assemble was a kind of shortcut for assembleDebug and then assembleRelease like I read on gradle but it seems that the apk generated has the same name (app-release-unsigned.apk) but one of them is signed, the other not.

Anyway, using assembleRelease seems to work.

Quentin Klein
  • 1,263
  • 10
  • 27