Phonegap run from CLI with --release and self-signed app requires me to patch cordova.js

cordova cordova-cli
giohappy picture giohappy · Jun 26, 2013 · Viewed 14.5k times · Source

I suppose I'm doing something wrong but I had to patch https://github.com/phonegap/phonegap/blob/master/lib/android/bin/templates/cordova/lib/cordova.js#L313 this way (add "unaligned" token matching):

if (fso.GetExtensionName(path) == 'apk' && !path.match(/unaligned/) && !path.match(/unsigned/)) {
      path_to_apk = out_files.item();
      break;
}

otherwise the "unsigned" apk is first found and installed, and it will fail not being signed. I'm using the CLI to build and run my apk. In debug mode it's ok, obviously, because the signing takes a different path.

Giovanni

Answer

aharris88 picture aharris88 · Oct 16, 2013

I'm not sure what you did to try to sign your app, but here's what worked for me:

Update (4/14/14)

There is actually an easier way to do this all in one command once you set up the correct configuration, as described in this SO answer: Automation for Android release build I also, wrote a blog post about it here: http://www.adamwadeharris.com/android-automation/

Make sure your app is good to go

Make sure you’ve set your version number in AndroidManifest.xml. Google Play won’t accept it unless it is different than the previous versions in the store. versionCode is an integer value, so just increment it by 1 each time you submit regardless of whether it’s a major or minor update. versionName isn’t used for anything except for displaying to users and it’s a string so you can name it whatever you want. For example, you could set it to 1.0.3 while versionCode might be 3. (http://developer.android.com/tools/publishing/versioning.html#appversioning)

http://schemas.android.com/apk/res/android”>

Create a keystore file

Create a keystore file and set a password. I won’t go into a lot of detail about how to actually do this. Just make sure you don’t lose this file. If you lose it, and you have to create a new one, then it will become a new app when you try to add it to the Google Play Store. (http://developer.android.com/tools/publishing/app-signing.html#cert)

Always use a different keystore file for each app because it’s your private key for uploading apps to the store. If you ever decide to transfer your app to another developer, you’ll have to give them the keystore file, and if you also use that keystore for other apps, then you have a security issue. (http://developer.android.com/tools/publishing/app-signing.html#secure-key)

Put the keystore file somewhere on your computer. It doesn’t really matter where.

Tell ant where your keystore file is for this app

Then you just need to tell ant where the keystore file is by going to your android project folder (For phonegap it’s in platforms/android) and create an ant.properties file and put the following in it:

key.store=/Users/username/Documents/path/to/my-release-key.keystore
key.alias=app_name

Where key.store equals the path to the keystore file starting at the C Drive, and key.alias is just whatever you want to call it for short. You’ll use the alias in the following commands.

Build your app

Open up the command prompt, and navigate to your project and run phonegap build.

phonegap build android

in platforms/android/bin you should have:

AppName.ap_
AppName.ap_.d
AppName-debug.apk
AppName-debug-unaligned.apk
AppName-debug-unaligned.apk.d

Sign in release mode

Then navigate to the android directory and run ant release:

cd platforms/android
ant release

It will prompt you for your keystore password and the password for the alias ‘app_name’. Enter your keystore password for both of them.

In platforms/android/bin you should now also have release versions of the app:

AppName-release.apk
AppName-release-unaligned.apk
AppName-release-unsigned.apk
AppName-release-unsigned.apk.d

Now move into the bin directory:

cd bin

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /Users/username/Documents/path/to/my-release-key.keystore AppName-release-unsigned.apk app_name

Update- According to a comment below, you won't get a warning at the next step if you use -sigalg SHA1withDSA -digestalg SHA1 instead of SHA1withRSA

Enter your keystore password

jarsigner -verify -verbose -certs AppName-release-unsigned.apk

If you get a warning like this ignore it: Warning: This jar contains entries whose certificate chain is not validated.

zipalign -v 4 AppName-release-unsigned.apk AppName.apk

it will say: Verification successful

And your final apk (AppName.apk) will be created in the bin directory.

(http://developer.android.com/tools/publishing/app-signing.html#releasemode)

Then you can upload to Google Play.

I hope this helps. Let me know if you have any questions.

http://www.adamwadeharris.com/sign-publish-phonegap-app-google-play-store-windows/

Related questions

Cordova : Requirements check failed for JDK 1.8 or greater

I am using Cordova 6.4.0 in Windows 7 OS, but I get this error once I tried to build the android version : The Java Home variable is setted correctly to the JDK path, but I don't know why I am getting this …

Read More
Is there a difference between PhoneGap and Cordova commands?

I just installed Phonegap for the first time and just browsed through the docs. What confuses me is the fact that some docs are using the command "phonegap" and some "cordova". Android platform guide: $ cordova create hello com.example.hello "…

Read More
Build android release apk on Phonegap 3.x CLI

How can I build an android app locally using the Phonegap 3.x CLI, ready to release? I check the bin folder generated inside the platforms/android directory of the project, and only has .debug APKs. By the way, I use …

Read More