{ "id": "124912", "key": "TIMOB-16213", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "15922", "description": "2014 Sprint 03", "name": "2014 Sprint 03", "archived": true, "released": true, "releaseDate": "2014-02-14" }, { "id": "15924", "description": "2014 Sprint 03 Core", "name": "2014 Sprint 03 Core", "archived": true, "released": true, "releaseDate": "2014-02-14" }, { "id": "15971", "description": "Release 3.2.3", "name": "Release 3.2.3", "archived": false, "released": true, "releaseDate": "2014-04-30" }, { "id": "15422", "description": "Release 3.3.0", "name": "Release 3.3.0", "archived": false, "released": true, "releaseDate": "2014-07-16" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2014-02-05T00:11:02.000+0000", "created": "2014-01-17T00:31:22.000+0000", "priority": { "name": "High", "id": "2" }, "labels": [ "qe-3.2.0", "qe-3.2.0-GA2", "qe-closed-3.2.3", "qe-testadded" ], "versions": [ { "id": "14982", "description": "Release 3.2.0", "name": "Release 3.2.0", "archived": false, "released": true, "releaseDate": "2013-12-19" } ], "issuelinks": [ { "id": "34342", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "124810", "key": "TIMOB-16189", "fields": { "summary": "Android: Package - Installing a packaged app fails with INSTALL_PARSE_FAILED_NO_CERTIFICATES on a non-KitKat device ", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Critical", "id": "1" }, "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false } } } }, { "id": "34341", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "124908", "key": "TIDOC-1464", "fields": { "summary": "Add additional information to Android keystore generation guide", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "High", "id": "2" }, "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false } } } }, { "id": "34345", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "inwardIssue": { "id": "124916", "key": "TISTUD-6038", "fields": { "summary": "Android: Keystore - When creating a new Android keystore, there should be a drop down list to select the different signature algorithm", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "High", "id": "2" }, "issuetype": { "id": "4", "description": "An improvement or enhancement to an existing feature or task.", "name": "Improvement", "subtask": false } } } } ], "assignee": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "updated": "2015-01-26T09:47:54.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "13103", "name": "CLI", "description": "Node-based command line interface" } ], "description": "If you try to package an app (from CLI) to a non-KitKat device, then the CLI should throw a warning if you signed the packaged app with a SHA256withRSA signature algorithm keystore. And, indicate to the user to use a SHA1withRSA signature keystore for a non-KitKat device.\r\n\r\nJava 1.6.X only ships with SHA1withRSA.\r\nJava 1.7.X ships with both SHA1withRSA and SHA256withRSA.", "attachment": [ { "id": "45511", "filename": "foo.jks", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2014-01-31T01:52:13.000+0000", "size": 4810, "mimeType": "application/octet-stream" } ], "flagged": false, "summary": "CLI: Packaging - CLI should throw a warning if you are using a SHA256withRSA signature keystore when packaging to a non-KitKat device", "creator": { "name": "wluu", "key": "wluu", "displayName": "Wilson Luu", "active": false, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "wluu", "key": "wluu", "displayName": "Wilson Luu", "active": false, "timeZone": "America/Los_Angeles" }, "environment": "CLI: 3.2.0\r\nOS: All supported OS\r\nJava: 1.6.X, 1.7.X", "comment": { "comments": [ { "id": "290565", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "Master pull request: https://github.com/appcelerator/titanium_mobile/pull/5296\n3.2.x pull request: https://github.com/appcelerator/titanium_mobile/pull/5297\n\nTo test:\n\n1. create an android project\n2. download the keystore attachment on this ticket\n3. build the app for android using this keystore: {{ti build -p android -T dist-playstore}}\n4. when prompted, specify the path to the keystore\n5. enter the password \"123123\"\n6. select the alias \"foo\"\n7. you should see a warning\n\nNext we test when specifying from the command line:\n\n{code}\nti build -p android -T dist-playstore --keystore /path/to/foo.jks --store-password 123123 --alias foo\n{code}\n\nTry a bad alias:\n\n{code}\nti build -p android -T dist-playstore --keystore /path/to/foo.jks --store-password 123123 --alias blah\n{code}\n\nTry building for an Android device running Android 4.3 or OLDER:\n\n{code}\n# works\nti build -p android -T device --keystore /path/to/foo.jks --store-password 123123 --alias bar\n\n# works\nti build -p android -T device --keystore /path/to/foo.jks --store-password 123123 --alias baz\n\n# should warn, then fail during install\nti build -p android -T device --keystore /path/to/foo.jks --store-password 123123 --alias foo\n{code}\n", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2014-01-31T01:51:49.000+0000", "updated": "2014-01-31T01:51:49.000+0000" }, { "id": "298773", "author": { "name": "pagarwal", "key": "pagarwal", "displayName": "Priya Agarwal", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Verified the fixed with test environment:\r\nAppc Studio:3.2.3.201403250634\r\nSdk:3.2.3.v20140325145222\r\nalloy:1.3.1\r\ntitanium:3.2.3-dev\r\ntitanium-code-processor:1.1.0\r\nOsx: Windows 8.1,Ubuntu 12.0.4\r\nDevice:LG-P970(V4.0.4)\r\n\r\nFollowed the above mentioned test steps and got the expected Result.\r\nHence Closing the issue as fixed.", "updateAuthor": { "name": "pagarwal", "key": "pagarwal", "displayName": "Priya Agarwal", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2014-03-26T12:18:14.000+0000", "updated": "2014-03-26T12:18:14.000+0000" }, { "id": "340239", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Hi.\r\n\r\n\r\nCan we specify signing algorithm in CLI?\r\n\r\n\r\nIf not, why that wasn't implemented? :)", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-22T16:00:01.000+0000", "updated": "2015-01-22T16:00:01.000+0000" }, { "id": "340253", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "[~ivan.skugor] Nope. It wasn't implemented because we detect and use the actual signature type that the selected cert in the keystore uses. There's no point specifying it.", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2015-01-22T17:10:33.000+0000", "updated": "2015-01-22T17:10:33.000+0000" }, { "id": "340407", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Thanks for answer.\r\n\r\n\r\nI actually have a need to specify signing algorithm. We have one app that we brand for different clients and we use different keystores for each brand. We were unlucky to publish app with keystore that has SHA256 as default signing algorithm (and as far as I know, there's no way to update keystore). I've updated app by manually signing, but it would be handy if I could specify signing algorithm. \r\nAnd I'm not the only one with similar problem: http://www.tidev.io/2013/12/31/gotcha-package-file-was-not-signed-correctly/\r\n\r\n\r\nAlso, IMO it would be more future-proof if algorithm could be specified.", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-23T10:22:37.000+0000", "updated": "2015-01-23T10:22:37.000+0000" }, { "id": "340409", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "The default signature algorithm is \"MD5withRSA\". However, this is overwritten by the actual signature found in the keystore for the given alias.\r\n\r\nRun this:\r\n\r\n{code}\r\nkeytool -J-Duser.language=en -list -v -keystore /path/to/keystore.jks -storepass your_password\r\n{code}\r\n\r\nTitanium will scan the output and finds the entry for the specified {{\\-\\-alias}} and then parses out the \"Signature algorithm name\". So why is it not finding the correct signature algorithm? Is the {{\\-\\-alias}} correct? Is the text rendered by keytool not matching?", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2015-01-23T10:37:08.000+0000", "updated": "2015-01-23T10:37:08.000+0000" }, { "id": "340412", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Yes, Titanium finds signature algorithm correctly (SHA256withRSA), but that algorithm has issue with pre-4.4 Android devices (apk can't be installed). When I manually set signature algorithm to SHA1withRSA, it works fine.", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-23T10:55:45.000+0000", "updated": "2015-01-23T10:55:45.000+0000" }, { "id": "340413", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "How is that possible? Are you manually calling jarsigner? How is that different than what the Android build is currently doing? https://github.com/appcelerator/titanium_mobile/blob/master/android/cli/commands/_build.js#L4095-L4136", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2015-01-23T11:00:28.000+0000", "updated": "2015-01-23T11:00:28.000+0000" }, { "id": "340415", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Yes, I manually call jarsigner (and after that, zipalign), I changed \"sigalg\" parameter: \"-sigalg\" \"SHA1withRSA\" (so, that part is different from what Titanium does).\r\n\r\n\r\nSorry for confusion.", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-23T11:15:58.000+0000", "updated": "2015-01-23T11:15:58.000+0000" }, { "id": "340416", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "Oooooooooh. OK, let me escalate and chat with the guys tomorrow. Sit tight. :)", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2015-01-23T11:20:14.000+0000", "updated": "2015-01-23T11:20:14.000+0000" }, { "id": "340417", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Thanks! :)", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-23T11:27:15.000+0000", "updated": "2015-01-23T11:27:15.000+0000" }, { "id": "340419", "author": { "name": "michael", "key": "michael", "displayName": "Michael Gangolf", "active": true, "timeZone": "Europe/Berlin" }, "body": "@Ivan:\r\nI had the same problem, so I just change the build script Chris posted before so it won't do:\r\nvar sigalg = this.keystoreAlias.sigalg || 'MD5withRSA',\r\nbut only:\r\nvar sigalg = 'MD5withRSA',\r\nThen I was sure that I never used the SHA256 and I didn't need to run the scripts manually. \r\n\r\nBut it would be nice to specify the sigalg because I have a new key too and need to compile for old phones and it will always select the 256 by default", "updateAuthor": { "name": "michael", "key": "michael", "displayName": "Michael Gangolf", "active": true, "timeZone": "Europe/Berlin" }, "created": "2015-01-23T14:03:17.000+0000", "updated": "2015-01-23T14:03:17.000+0000" }, { "id": "340420", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Michael G, yeah, that could be workaround, but I would still like to have this solved in SDK if possible. :)", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-23T14:16:28.000+0000", "updated": "2015-01-23T14:16:28.000+0000" }, { "id": "340482", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "[~ivan.skugor] What version of Java are you using? We talked and we think that if you switch to Java 1.7, things should work.", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2015-01-23T22:09:55.000+0000", "updated": "2015-01-23T22:09:55.000+0000" }, { "id": "340487", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "I already use 1.7, but it doesn't work with it.", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-23T22:43:38.000+0000", "updated": "2015-01-23T22:43:38.000+0000" }, { "id": "340491", "author": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "body": "[~ivan.skugor] OK, cool. Ticket created! TIMOB-18441", "updateAuthor": { "name": "cbarber", "key": "cbarber", "displayName": "Chris Barber", "active": true, "timeZone": "America/Chicago" }, "created": "2015-01-23T23:11:45.000+0000", "updated": "2015-01-23T23:11:45.000+0000" }, { "id": "340547", "author": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "body": "Awesome, thank you. :)", "updateAuthor": { "name": "ivan.skugor", "key": "ivan.skugor", "displayName": "Ivan Skugor", "active": true, "timeZone": "Europe/Amsterdam" }, "created": "2015-01-26T09:47:54.000+0000", "updated": "2015-01-26T09:47:54.000+0000" } ], "maxResults": 17, "total": 17, "startAt": 0 } } }