{ "id": "93110", "key": "TIMOB-9504", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "13502", "description": "Sprint 2012-14 Core", "name": "Sprint 2012-14 Core", "archived": true, "released": true, "releaseDate": "2012-07-15" }, { "id": "13572", "description": "Release 2.1.1", "name": "Release 2.1.1", "archived": true, "released": true, "releaseDate": "2012-07-31" }, { "id": "13505", "description": "Release 3.0.0", "name": "Release 3.0.0", "archived": true, "released": true, "releaseDate": "2012-12-14" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2012-07-13T15:38:35.000+0000", "created": "2012-06-12T13:53:55.000+0000", "priority": { "name": "High", "id": "2" }, "labels": [ "SupportTeam", "core" ], "versions": [ { "id": "13271", "description": "Release 2.1.0", "name": "Release 2.1.0", "archived": false, "released": true, "releaseDate": "2012-06-29" } ], "issuelinks": [ { "id": "17749", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "90594", "key": "TIMOB-8800", "fields": { "summary": "Android: Failure building with Java 1.7.0 (Java 7)", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "High", "id": "2" }, "issuetype": { "id": "7", "description": "gh.issue.story.desc", "name": "Story", "subtask": false } } } } ], "assignee": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2012-07-25T16:51:35.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "h3. Problem\r\n\r\nThe Android builder.py script in the 2.1 SDK fails when it calls the zipalign tool in the Android SDK, with the error \"Unable to open as zip archive.\"\r\n\r\nh4. From the customer:\r\n\r\nThe error seems to be caused by a change to builder.py in 2.1. When it calls out to the Android jarsigner tool, the 2.1 script uses two additional parameters, \"-sigalg MD5withRSA\" and \"-digestalg SHA1\". The 2.0.X builder.py script does not have these two extra arguments. The script calls zipalign right after that, which fails. When the two arguments from the 2.1 builder.py are removed it runs successfully, and if those are added to the 2.0 builder.py, it fails with the same error.\r\n\r\n", "attachment": [ { "id": "28329", "filename": "build_log.txt", "author": { "name": "vjoshi", "key": "vjoshi", "displayName": "Varun Joshi", "active": true, "timeZone": "America/New_York" }, "created": "2012-06-13T12:00:56.000+0000", "size": 262360, "mimeType": "text/plain" } ], "flagged": false, "summary": "Android: Android builder.py script fails with Ti 2.1 SDK", "creator": { "name": "vjoshi", "key": "vjoshi", "displayName": "Varun Joshi", "active": true, "timeZone": "America/New_York" }, "subtasks": [], "reporter": { "name": "vjoshi", "key": "vjoshi", "displayName": "Varun Joshi", "active": true, "timeZone": "America/New_York" }, "environment": "Platform OS: Android\r\nTitanium SDK: 2.1 CI Build", "comment": { "comments": [ { "id": "198227", "author": { "name": "mstepanov", "key": "mstepanov", "displayName": "Max Stepanov", "active": true, "timeZone": "America/Los_Angeles" }, "body": "A regression caused by https://github.com/appcelerator/titanium_mobile/commit/618602ab92306727105efa304d58bde1b73138d9 with regard to TIMOB-8800", "updateAuthor": { "name": "mstepanov", "key": "mstepanov", "displayName": "Max Stepanov", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-12T14:21:56.000+0000", "updated": "2012-06-12T14:21:56.000+0000" }, { "id": "198229", "author": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "body": "Desktop OS? Version of Android SDK? Java version?", "updateAuthor": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "created": "2012-06-12T14:27:04.000+0000", "updated": "2012-06-12T14:27:04.000+0000" }, { "id": "198231", "author": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "body": "And the complete build log", "updateAuthor": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "created": "2012-06-12T14:32:28.000+0000", "updated": "2012-06-12T14:32:28.000+0000" }, { "id": "198362", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Unable to duplicate by building in studio. Manually invoking the build command line in a manner where:\r\n\r\n* Project name does not match directory name\r\n* AVD ID (arg 10) is left out\r\n\r\nDoes not even run. The build command in the log does not work without the AVD ID, although this argument is not strictly necessary. The fix for this issue will deprecate the AVD ID, but this issue is NOT reproducible.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-13T13:07:15.000+0000", "updated": "2012-06-13T13:07:15.000+0000" }, { "id": "198364", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "We need the following information as part of the bug report:\r\n\r\n* Output of {{ls -lah /Users/chris/Development/titanium/MB-Next-Gen-Phone/build/Android/com.mfoundry.mbanking.nextgen.phone.apk}} AFTER the build fails\r\n* Output of {{ls -lah /Users/chris/Development/titanium/MB-Next-Gen-Phone/build/android/bin/app-unsigned.apk}} AFTER the build fails\r\n* Output of {{ls -lah /Users/chris/Development/titanium/MB-Next-Gen-Phone/build}} AFTER the build fails\r\n* Output of {{ls -lah /Users/chris/Development/titanium/MB-Next-Gen-Phone/build/android}} AFTER the build fails\r\n* Output of {{umask}}\r\n\r\nThis will indicate if there is a permissions issue.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-13T13:17:50.000+0000", "updated": "2012-06-13T13:17:50.000+0000" }, { "id": "198922", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "One more question:\r\n\r\n* After the build fails, does running the command\r\n{code}\r\nchmod -R 0766 /Users/chris/Development/titanium/MB-Next-Gen-Phone/build\r\n{code}\r\nAnd then attempting a rebuild (WITHOUT any kind of clean) fix this issue?\r\n\r\nNote that this may actually be a python bug in the version that ships with 10.6.8: Python 2.6.1 apparently has numerous permissions issues which we may not be able to easily resolve. The recommended action is to upgrade to 10.7 Lion (or bump the python version to 2.7.x - please install [homebrew|http://mxcl.github.com/homebrew/] and then {{brew install python}}) where this build script does NOT fail.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-18T10:19:50.000+0000", "updated": "2012-06-18T10:26:35.000+0000" }, { "id": "199227", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Fixed the AVD issue but nobody can reproduce the dexing problem. That will not be resolved and is likely a local configuration issue for the reporter.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-19T15:51:31.000+0000", "updated": "2012-06-19T15:51:54.000+0000" }, { "id": "199228", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Cannot reproduce; however PR [2435|https://github.com/appcelerator/titanium_mobile/pull/2435] was submitted to solve the AVD requirement problem.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-19T15:57:07.000+0000", "updated": "2012-06-19T15:57:07.000+0000" }, { "id": "200113", "author": { "name": "mstepanov", "key": "mstepanov", "displayName": "Max Stepanov", "active": true, "timeZone": "America/Los_Angeles" }, "body": "For reference, http://developer.android.com/tools/publishing/app-signing.html", "updateAuthor": { "name": "mstepanov", "key": "mstepanov", "displayName": "Max Stepanov", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-25T13:30:46.000+0000", "updated": "2012-06-25T13:30:46.000+0000" }, { "id": "200673", "author": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Complete build log: https://gist.github.com/e316d1fc28302b9eb863", "updateAuthor": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-27T15:03:16.000+0000", "updated": "2012-06-27T15:03:16.000+0000" }, { "id": "200746", "author": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "body": "After looking at this some more, I think the error is specifically caused by the -sigalg parameter when calling jarsigner. MD5withRSA is not compatible with the keystore we are using because it contains a SHA1withDSA key.\r\n\r\njarsigner can use two signature algorithms, MD5withRSA and SHA1withDSA. The signature algorithm has to match the private key in the keystore. If the -sigalg parameter is omitted, jarsigner will automatically detect which algorithm to use by looking at the private key. source: http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/jarsigner.html\r\n\r\nIf I run jarsigner manually after the build fails, I can see this error: \"jarsigner error: java.security.SignatureException: private key algorithm is not compatible with signature algorithm\". I didn't see this message before because builder.py suppresses it.\r\n\r\nI tried building with builder.py again, but using the keystore that Titanium Studio uses to sign builds (the one with alias \"tidev\" and password \"tirocks\"). That was successful because that keystore has an MD5withRSA key. If I edit builder.py and change \"MD5withRSA\" to \"SHA1withDSA\", it succeeds with mFoundry's keystore and fails with the Titanium Studio keystore.\r\n\r\nI think the fix for this issue is just to omit the -sigalg parameter when calling jarsigner. jarsigner can detect which algorithm it should use.", "updateAuthor": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-28T09:48:43.000+0000", "updated": "2012-06-28T09:48:43.000+0000" }, { "id": "201066", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Chris -\r\n\r\nThank you for looking into this. I'll make sure a patch is submitted today.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-02T08:27:57.000+0000", "updated": "2012-07-02T08:27:57.000+0000" }, { "id": "202701", "author": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I tested again with the CI build 2.2.0.v20120710234110 and still get the jarsigner error. Looking at builder.py, it appears this fix has not been applied yet: https://github.com/appcelerator/titanium_mobile/blob/master/support/android/builder.py", "updateAuthor": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-11T11:20:06.000+0000", "updated": "2012-07-11T11:20:06.000+0000" }, { "id": "202944", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "This was fixed, but for some reason the fix was never committed.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-12T09:54:14.000+0000", "updated": "2012-07-12T09:54:14.000+0000" }, { "id": "202986", "author": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "body": "We can't really do the suggested fix, as it will break builder.py when JDK 7 instead of 6 is being used. We really need to support JDK 7 (in addition to 6) going forward.\r\n\r\nIn JDK 7, the default became DSA. Our tidev alias, which is used for everything except when you build with your own certificate for packaging for a store, uses RSA. Many of you out there probably have RSA, since it was the default prior to JDK 7.\r\n\r\nIf you build an app using the proposed changes, and your key is using RSA like ours is, and you're using JDK *7*, then the resulting APK will not be able to be installed on emulator/device. {{adb install}} will say INSTALL_PARSE_FAILED_NO_CERTIFICATES.\r\n\r\nIt's my inclination to \"force\" you to use RSA, but I'm open to suggestions (comments here in this ticket.) Here are my arguments in favor of forcing you to use RSA:\r\n\r\na) Android's [Signing your Applications|http://developer.android.com/tools/publishing/app-signing.html] document explicitly says \"Use the value MD5withRSA\" in the \"3. Sign your application with your private key\" section.\r\n\r\nb) They also explicitly say, \"Caution: As of JDK 7, the default signing algorithim has changed, *requiring you to specify the signature and digest algorithims* (-sigalg and -digestalg) when you sign an APK.\" Of course, it wouldn't be required if you were using DSA, since that's the JDK 7 default. The fact that they say it's required means they're assuming you want to use RSA. The point here is that, thanks to this switch from JDK6 to JDK7, we really do need to specify those arguments. And we want to specify them as RSA.\r\n\r\nc) (Countering myself here.) Unfortunately they muddy the waters a bit in that document by stating \"Both DSA and RSA are supported\" for the {{-keyalg}} argument for {{keytool}}. However that is the only mention of DSA in the whole document, whereas RSA receives more attention.\r\n\r\nd) The only alternative would be yet another setting somewhere in your Titanium project, and yet another argument passed to builder.py to specify RSA or DSA. We sure would like to avoid that.", "updateAuthor": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "created": "2012-07-12T12:12:49.000+0000", "updated": "2012-07-12T12:12:49.000+0000" }, { "id": "202993", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Went ahead and got JDK 7u5 for OS X to test with. I'm not sure if it can cohabitate with the existing JDK 6 install or not, so there may need to be some more extensive testing here.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-12T12:43:27.000+0000", "updated": "2012-07-12T12:47:33.000+0000" }, { "id": "203036", "author": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "body": "It can cohabitate with JDK 6. I have them both and I can switch between them using the Applications -> Utilities -> Java Preferences application. (We already had a ticket for Java 7 support, which is where these two arguments (-sigalg and -digestalg), and I tested extensively on all three desktop platforms.)\r\n\r\nSo I have a new and happier idea to solve this ticket. The verbose output option for {{keytool -list}} will show the signature algorithm name (DSA v RSA). Since builder.py is given the password for the store, we can actually call out to keytool and get that info. Example from the command line:\r\n\r\n{code}\r\n\r\n$ keytool -list -keystore ./android.keystore -v -alias pocky -storepass my_secret_password\r\nAlias name: pocky\r\nCreation date: Jul 12, 2012\r\nEntry type: PrivateKeyEntry\r\nCertificate chain length: 1\r\nCertificate[1]:\r\nOwner: CN=Bill Dawson, OU=Platform Engineering, O=Appcelerator Inc, L=Vienna, ST=Vienna, C=AT\r\nIssuer: CN=Bill Dawson, OU=Platform Engineering, O=Appcelerator Inc, L=Vienna, ST=Vienna, C=AT\r\nSerial number: 1d8a1ad1\r\nValid from: Thu Jul 12 22:35:51 CEST 2012 until: Wed Apr 08 22:35:51 CEST 2015\r\nCertificate fingerprints:\r\n\t MD5: F5:F2:2A:F4:83:F8:94:DD:AF:2E:7B:94:02:05:C9:81\r\n\t SHA1: 26:55:93:44:EF:CF:31:5B:40:D7:D0:F8:F7:4E:6C:C6:2A:44:0D:31\r\n\t SHA256: EA:62:21:47:60:3E:E2:91:9A:48:CB:9F:3D:7B:7E:86:46:3A:8D:2B:B2:2D:96:6C:11:D6:1E:E4:01:F4:D1:60\r\n\t Signature algorithm name: SHA1withDSA\r\n\r\n{code}\r\n\r\nNote the last line there. If we parse that we can then pass the result to the -sigalg argument to jarsigner.\r\n\r\nMy change of heart comes from learning that you can successfully sign and use Android applications using DSA signatures using Android's eclipse and command-line tools, so we should support it too. :)\r\n\r\n@Stephen, do you want to do this? Or you can reassign to me, whichever you prefer. If I were doing it I'd try to use {{run.run}} (our little wrapper function for Python Popen) because I think it can pass back stdout to the caller. Else I would just use Popen stuff directly in case our wrapper doesn't pass stdout back. ", "updateAuthor": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "created": "2012-07-12T14:28:28.000+0000", "updated": "2012-07-12T14:28:28.000+0000" }, { "id": "203037", "author": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Thanks Bill, glad to hear that you have a fix in progress. This is an important issue for mFoundry; we cannot switch to another key, so we would need either this fix or another parameter to builder.py to specify the signing algorithm.", "updateAuthor": { "name": "mfoundry-cbarrett", "key": "mfoundry-cbarrett", "displayName": "Chris Barrett", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-12T14:33:32.000+0000", "updated": "2012-07-12T14:33:32.000+0000" }, { "id": "203152", "author": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "body": "@Bill I can take this. It'll be something for me to finish this afternoon and I need more experience working with the Java toolchain anyway.", "updateAuthor": { "name": "stephentramer", "key": "stephentramer", "displayName": "Stephen Tramer", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-07-13T10:59:00.000+0000", "updated": "2012-07-13T10:59:00.000+0000" }, { "id": "203212", "author": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "body": "Merged to master (2.2.0). 2.1.1 coming up shortly.", "updateAuthor": { "name": "billdawson", "key": "billdawson", "displayName": "Bill Dawson", "active": true, "timeZone": "Europe/Berlin" }, "created": "2012-07-13T15:39:00.000+0000", "updated": "2012-07-13T15:39:00.000+0000" } ], "maxResults": 30, "total": 30, "startAt": 0 } } }