when I am signing the apk, I get "jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 463 but got 465 bytes)" this error message. The apk size is almost 1MB. When I reduce the size to 500KB, signing success. Why this so?..Any Idea?
You are trying to sign an already signed .apk
.
You need to export an unsigned .apk
file and then sign it with jarsigner
.
You definitely are able to sign an already signed APK multiple times using different keys:
Note that you can sign an APK multiple times with different keys.
E.g. I accomplished signing a Debug-Apk with the release key so that I was able to test upgrades of released versions. Also, I was able to sign an already released APK with the debug key for reproducing bugs.
This is what you should do
.apk
file to .zip
.zip
file and remove the META-INF
folder.apk
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 \
-keystore my-release-key.keystore my_application.apk alias_name
For the debug key, the alias should be androiddebugkey
and the password android
. The debug keystore is per default $HOME/.android/debug.keystore
. See also Sign your debug build.
This is the 1 Liner/1 Step version of @Joerg's answer above:
zip -d foo.apk META-INF/\*
That uses the built in "delete from existing archive" functionality of the zip
command. When you run that command you should see:
deleting: META-INF/MANIFEST.MF
deleting: META-INF/CERT.SF
deleting: META-INF/CERT.RSA
...as the output. Those files are the existing signature. Removing them allows you to sign it again.
I would also like to reiterate that you should be sure to pass the -sigalg SHA1withRSA
and -digestalg SHA1
arguments to the jarsigner
to avoid this issue: https://code.google.com/p/android/issues/detail?id=19567
I encountered this when signing my .aab file. Removing the duplicate signing (once as part of the bundling, once manually) fixed it. This was part of the default react-native app scaffolding.
The app/build.gradle
file includes a section android/buildTypes/release
which had its signingConfig
key set. When generating .apk files it seemed to be ignored but when switching to .aab format it looks like it did apply that signing. When I then did my own signing in CI, it complained because it was already signed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With