Sign Android App Bundle from Command Line

20,906

Solution 1

Probably you've already found a way to solve your problem. Nevertheless, since it may help someone in the future, I just wanted to say that I had the same problem and changing the hashing algorithm to SHA-256 helped me to overcome it.

jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore xample.jks bundle.aab keystoreAlias

Solution 2

I had the same error for another situation (or maybe the same).

I was trying to re-package *.aab bundle with some changes. At first, I used a zip or jar to create an unsigned archive. After that, I signed it using jarsigner tool. I found that *.aab is not an ordinary zip using bundletool

> java -jar bundletool.jar validate --bundle application.aab

[BT:0.12.0] Error: The App Bundle zip file contains directory zip entry 'base/' which is not allowed.
com.android.tools.build.bundletool.model.exceptions.BundleFileTypesException$DirectoryInBundleException: The App Bundle zip file contains directory zip entry 'base/' which is not allowed.
        at com.android.tools.build.bundletool.validation.BundleZipValidator.validateBundleZipEntry(BundleZipValidator.java:29)
        at com.android.tools.build.bundletool.validation.ValidatorRunner.lambda$validateBundleZipFile$1(ValidatorRunner.java:47)
        at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:406)
        at com.android.tools.build.bundletool.validation.ValidatorRunner.validateBundleZipFile(ValidatorRunner.java:46)
        at com.android.tools.build.bundletool.validation.AppBundleValidator.validateFile(AppBundleValidator.java:92)
        at com.android.tools.build.bundletool.commands.ValidateBundleCommand.execute(ValidateBundleCommand.java:78)
        at com.android.tools.build.bundletool.BundleToolMain.main(BundleToolMain.java:92)
        at com.android.tools.build.bundletool.BundleToolMain.main(BundleToolMain.java:46)

So I used that utility to create *.aab, after that signed it using jarsigner. You need to zip the contents of base/* subfolder into a separated archive.

> java -jar bundletool.jar build-bundle --modules base.zip --output application.aab

> jarsigner -keystore $KEYSTORE -storetype $STORETYPE -storepass $STOREPASS -digestalg SHA1 -sigalg SHA256withRSA application.zip $KEYALIAS

> java -jar bundletool.jar validate --bundle application.aab

App Bundle information
------------
Feature modules:
    Feature module: base
            File: assets/META-INF/AIR/application.xml
            ...

20,906

hallz12

Updated on January 16, 2020

Comments

hallz12 over 4 years
anyone know how to sign .aab file using new keystore from command line? The documentation here mentions that we can use jarsigner to sign our app bundle from the command line. but I cannot find the command line? Anyone know the command line?

I got this error when uploaded my bundle to Google Play:
```
You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner:
```
I try to sign the app bundle using this command:
```
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore xample.jks bundle.aab keystoreAlias
```
Thank you very much.
- Pierre about 6 years
  
  Signing the Android App Bundle is indeed done using jarsigner and your command looks fine. Have you enrolled in App Signing by Google Play in the Play Console?
- hallz12 about 6 years
  
  @Pierre Hi, yes I have enrolled in App Signing by Google Play in the Play Console. Actually I can upload the app bundle when I built the App Bundle directly from Android Studio (Generate signed app bundle). However, I have to sign the app bundle manually from CI command in my situation. And unfortunately, got that error when uploading the app bundle to Google Play.
- hallz12 about 6 years
  
  @Pierre oh you are right, this is my mistake. I can sign my app bundle if I build unsigned app bundle. In my case, I have to do re-signing app bundle. I have tried to unzip the bundle, remove META-INF folder, zip back to .aab file, then re-signing using jarsigner. And unfortunately I got the error in the description above when uploading the bundle to Play Console. Do you hv any suggestion? thanks so much.
- Pierre about 6 years
  
  Nothing obvious comes to mind. You may want to consider contacting the Play Console support team so they can investigate more closely: support.google.com/googleplay/android-developer/?hl=en
- hallz12 about 6 years
  
  Hi @Pierre, thanks for your response. Do you have any link that I can try regarding how to resign an android app bundle using different keystore? Is it possible to do? Thanks!
- Pierre about 6 years
  
  Ideally you wouldn't want to re-sign it and would generate a bundle that isn't signed in the first place. If that's not possible, then your current approach looks reasonable and I'm not quite sure what the issue is. From the error message, it looks like the Play Console thinks it's an APK for some reason. Does the file you upload have the .aab extension?
- hallz12 about 6 years
  
  Yes, I upload .aab file, which I rename from my zip file (after removing META-INF folder), then resign using jarsigner, then upload it to Play Console. Hmm, I think I will try to change my workflow then, will try not to resign the app bundle. Thanks for your help!
Vamsi over 2 years

This is was really helpful