Flutter/Android签名问题 - 未签署App Bundle(没有清单)
我目前正在尝试签署flutter Android应用程序捆绑包,以便可以在Play商店进行更新。它没有问题编译,但是上传商店时,请给我一个Android App Bundle未签署错误。
首先,在我运行颤抖的构建之前,我按照那个顺序敲打着扑来的酒吧。其次,使用Android Studio构建/符号存在相同的问题。
Gradle脚本似乎在本地工作正常,并且可以访问键盘文件,并能够从属性文件中读取签名变量:
signingConfigs {
release {
storeFile file("../keystore.jks")
file("../key.properties").with { propFile ->
if (propFile.canRead()) {
def properties = new Properties()
properties.load(new FileInputStream(propFile))
storePassword = properties['storePassword']
keyAlias = properties['keyAlias']
keyPassword = properties['keyPassword']
} else {
storePassword = System.getenv("STORE_PASSWORD")
keyAlias = System.getenv("KEY_ALIAS")
keyPassword = System.getenv("KEY_PASSWORD")
}
v1SigningEnabled true
v2SigningEnabled true
}
}
}
运行keytool -list -list -v -keystore ./keystore./keystore.jks appears to return a valid keystore (details below masked):
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: key
Creation date: 28 Jun 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXXX, L=XXXXXXXX, ST=XXXXXXXX, C=XXXXXXXX
Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXXX, L=XXXXXXXX, ST=XXXXXXXX, C=XXXXXXXX
Serial number: XXXXXXXX
Valid from: Mon Apr 13 09:36:39 CEST 2020 until: Fri Aug 30 09:36:39 CEST 2047
Certificate fingerprints:
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
SHA256: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0A 52 43 47 F1 16 86 8A 1B 3E 79 6D 6A BD 54 7E .RCG.....>ymj.T.
0010: 67 8F 66 2B g.f+
]
]
*******************************************
*******************************************
Yet when I run jarsigner -verify -verbose -certs app-release.aab, after running the build it returns the following:
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
no manifest.
So, from what I可以看到我有一个有效的凭据,一个有效的密钥库,并且正在正确进行构建,但是由于我认为,jar的问题,签名似乎失败了。我怀疑我要么缺少一个额头打开的错误,要么可能有一个特定的使用框架的问题(因此,它可能不是扑朔迷离甚至是Android的特定问题)。
有人遇到这个问题,还是可以发现我无法或以其他方式建议解决方法的东西?
I'm presently attempting to sign a Flutter-Android app bundle so it can be updated on on the Play store. It compiles without issues, however when uploaded the store give me a The Android App Bundle was not signed error.
Firstly, before I run flutter build, I tun both flutter pub get and flutter clean, in that order. Secondly, using Android Studio to build/sign has the same issue.
The Gradle script appears to be working fine locally and it's picking up the keystore file as well as able to read the signing variables from the properties file:
signingConfigs {
release {
storeFile file("../keystore.jks")
file("../key.properties").with { propFile ->
if (propFile.canRead()) {
def properties = new Properties()
properties.load(new FileInputStream(propFile))
storePassword = properties['storePassword']
keyAlias = properties['keyAlias']
keyPassword = properties['keyPassword']
} else {
storePassword = System.getenv("STORE_PASSWORD")
keyAlias = System.getenv("KEY_ALIAS")
keyPassword = System.getenv("KEY_PASSWORD")
}
v1SigningEnabled true
v2SigningEnabled true
}
}
}
Running keytool -list -v -keystore ./keystore.jks appears to return a valid keystore (details below masked):
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: key
Creation date: 28 Jun 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXXX, L=XXXXXXXX, ST=XXXXXXXX, C=XXXXXXXX
Issuer: CN=XXXXXXXX, OU=XXXXXXXX, O=XXXXXXXX, L=XXXXXXXX, ST=XXXXXXXX, C=XXXXXXXX
Serial number: XXXXXXXX
Valid from: Mon Apr 13 09:36:39 CEST 2020 until: Fri Aug 30 09:36:39 CEST 2047
Certificate fingerprints:
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
SHA256: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0A 52 43 47 F1 16 86 8A 1B 3E 79 6D 6A BD 54 7E .RCG.....>ymj.T.
0010: 67 8F 66 2B g.f+
]
]
*******************************************
*******************************************
Yet when I run jarsigner -verify -verbose -certs app-release.aab, after running the build it returns the following:
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
no manifest.
So, from what I can see I have valid credentials, a valid keystore and am doing a build correctly, however the signing appears to fail due to a problem with the, I presume, JAR manifest. I suspect either I'm missing a forehead-slapping mistake or there may be an issue specific to one of the frameworks in use (so it may not be specific to Flutter or even Android).
Anyone come across this, or can spot something I cannot or otherwise suggest a workaround?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这对我有用
“ c:\ program文件\ java \ jdk -11.0.14 \ bin \ keytool” - list -v -keystore“%userProfile%.android \ android \ debug.keystore” -alias androidDebugkey-
droid -keypass android
c:\ program文件\ java \ jdk -11.0.14 \ bin \ bin \ keytool 是键盘的路径
THis works for me
"C:\Program Files\Java\jdk-11.0.14\bin\keytool" -list -v -keystore "%USERPROFILE%.android\debug.keystore" -alias androiddebugkey -storepass an
droid -keypass android
C:\Program Files\Java\jdk-11.0.14\bin\keytool is the path of the keytool
实际上,我三天前就设法解决了这个问题,但是马科斯的回应确实间接地解决了我认为值得为将来遇到这个问题的任何人提供更广泛答案的解决方案。
问题出现了,因为签署应用程序的过程中有许多工作零件,来自Keytool,Gradle,Android Command Tools,至少在这种情况下是飘动的。如果这些中的任何一个是不同步的,则无效。
在我的特殊情况下,这是两个不同版本的Java的问题。 Flutter使用了Open JDK版本,而我的路径中恰好引用了Oracle版本,因此,这就是我访问键盘时所谓的。因此,每当创建或更新密钥库时,它将使用不同的键盘,因此会使用不同的键盘。
要发现哪种版本的java flutter使用call
flutter doctor -v并确保您正在使用相同的版本(Marcos的响应广泛正确,但它对我来说是不起作用的安装在另一个目录中)。要查找当前在路径中的Java版本,您可以参考Java -version。此后,当我使用现有的KeyStore时,我遇到了第二个问题,该问题必须更新。为此,我遵循了可以找到的解决方案在这里。希望所有这些都对其他人有所帮助。
I actually managed to solve this myself three days ago, but marcos' response does indirectly address the solution I thought it worth giving a broader answer for anyone else who comes across this issue, in the future.
The problem arises as there are numerous working parts to the process of signing an app, from the keytool, Gradle, Android command tools and, at least in this case, Flutter. If any of these is out of sync it's not going to work.
In my particular case it was a question of two different versions of Java that were in use. Flutter was using a version of Open JDK, while an Oracle version happened to be referenced in my PATH and thus this was what was being called when I accessed the keytool. So whenever creating or updating a keystore, it would use a different and thus incompatible keytool.
To discover what version of Java Flutter is using call
flutter doctor -vand insure you're using the same version (marcos' response was broadly correct, but it wouldn't have worked for me as it was installed in another directory). To find what version of Java is currently in your PATH, you can referencejava -version.After this I had a second issue as I was using an existing, keystore, that had to be updated. For this I followed the solution that can be found here. Hope all this helps someone else in the future.