I can't install a APK which I've signed with SHA-256 on an Intermec device (running Android 4.2). The very same APK I can install without any problems on a Nexus 5 (running Android 6.0). I already checked both devices and both devices do indeed support SHA-256.
The error I get is:
C:\work\n\apks>adb install marlin-app-android-01.00.TRUNK-SNAPSHOT.apk
5136 KB/s (9431036 bytes in 1.793s)
pkg: /data/local/tmp/marlin-app-android-01.00.TRUNK-SNAPSHOT.apk
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
I used this command to sign the APK (using JDK6):
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore nemo.keystore marlin-app-android-01.00.TRUNK-SNAPSHOT.apk NEMO
When I try to install the APK to the Intermec I get this logcat output:
10-15 11:19:50.550 416-435/? W/ActivityManager﹕ No content provider found for permission revoke: file:///data/local/tmp/marlin-app-android-01.00.TRUNK-SNAPSHOT.apk
10-15 11:19:50.612 416-435/? W/ActivityManager﹕ No content provider found for permission revoke: file:///data/local/tmp/marlin-app-android-01.00.TRUNK-SNAPSHOT.apk
10-15 11:19:50.784 416-435/? W/PackageParser﹕ Exception reading AndroidManifest.xml in /data/app/vmdl381788980.tmp
java.lang.SecurityException: META-INF/NEMO.SF has invalid digest for res/drawable-mdpi-v4/notification.png in /data/app/vmdl381788980.tmp
at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:134)
at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:364)
at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:271)
at java.util.jar.JarFile.getInputStream(JarFile.java:398)
at android.content.pm.PackageParser.loadCertificates(PackageParser.java:446)
at android.content.pm.PackageParser.collectCertificates(PackageParser.java:637)
at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:7886)
at com.android.server.pm.PackageManagerService.access$1900(PackageManagerService.java:172)
at com.android.server.pm.PackageManagerService$5.run(PackageManagerService.java:6018)
at android.os.Handler.handleCallback(Handler.java:725)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:137)
at android.os.HandlerThread.run(HandlerThread.java:60)
10-15 11:19:50.784 416-435/? E/PackageParser﹕ Package ch.post.it.nemo.marlin has no certificates at entry AndroidManifest.xml; ignoring!
Apparently there is a problem with the file: res/drawable-mdpi-v4/notification.png
Next I verified the signing with this command:
C:\work\n\apks>jarsigner -verify -verbose -certs marlin-app-android-01.00.TRUNK-SNAPSHOT.apk
and got this output (an excerpt):
46162 Thu Oct 15 10:52:26 CEST 2015 META-INF/MANIFEST.MF
33900 Thu Oct 15 10:52:26 CEST 2015 META-INF/NEMO.SF
1322 Thu Oct 15 10:52:26 CEST 2015 META-INF/NEMO.RSA
sm 43636 Thu Oct 15 08:49:12 CEST 2015 AndroidManifest.xml
X.509, CN=Nemo, OU=IT12, O=Swiss Post, L=Bern, ST=BE, C=CH
[certificate is valid from 24.06.13 10:59 to 09.11.40 09:59]
sm 113713 Thu Oct 15 08:49:12 CEST 2015 res/drawable-mdpi-v4/notification.png
X.509, CN=Nemo, OU=IT12, O=Swiss Post, L=Bern, ST=BE, C=CH
[certificate is valid from 24.06.13 10:59 to 09.11.40 09:59]
sm 1270 Thu Oct 15 08:49:12 CEST 2015 res/drawable-xhdpi-v11/fa_envelope.png
X.509, CN=Nemo, OU=IT12, O=Swiss Post, L=Bern, ST=BE, C=CH
[certificate is valid from 24.06.13 10:59 to 09.11.40 09:59]
sm 1255 Thu Oct 15 08:49:12 CEST 2015 res/drawable-xhdpi-v11/ic_stat_check.png
X.509, CN=Nemo, OU=IT12, O=Swiss Post, L=Bern, ST=BE, C=CH
[certificate is valid from 24.06.13 10:59 to 09.11.40 09:59]
The notification.png file is listed in there and seems to be okay.
I noticed that NEMO.SF and NEMO.RSA are in the APK which seems to be like a diplicate and in some other posts people recommended to delete one of both and re-sign the APK. I already did this but it didn't help anything.
I've pretty much tried everything I could find out. So far without any luck. Thanks for any help and suggestions.
