-
Notifications
You must be signed in to change notification settings - Fork 548
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Android build #6103
base: master
Are you sure you want to change the base?
Update Android build #6103
Conversation
kevlahnota
commented
Sep 8, 2024
•
edited
Loading
edited
- Java 11
- targetSDK 33
- add modded uber-apk-signer.jar for signing cert
Awesome! Some thoughts:
|
@kevlahnota would be nice if we could implement #4977 in this update |
Just push a new release / update the plugin https://github.com/Card-Forge/android-maven-plugin |
@kevlahnota for Signing, checkout ~~ https://github.com/MuntashirAkon/apksig-android ~~ |
Reverted to sdk 29, seems target sdk 33 and above somehow don't allow installation without proper signature/signing on latest android version (tested with android 14) |
From android sdk 30 and above, the resources.arsc needs to be uncompressed inside the apk, the rest have no problem being compressed. Then you need to zipalign and sign with v2 and it will install fine. I have a working build on my local computer but It's a hassle to manually fix those things. Yes it's requirement for playstore but using latest sdk stops the nagging popup that the apk is outdated and latest sdk supports more java api (sdk 34 uses java 17) |
@@ -89,7 +89,7 @@ jobs: | |||
d=$(date +%m-%d) | |||
# Replace date in forge-gui-mobile/src/forge/Forge.java | |||
sed -i -e "s/-SNAPSHOT/-SNAPSHOT-${d}/g" forge-gui-mobile/src/forge/Forge.java | |||
mvn -U -B -P android-release-build,android-release-sign install -e -Dsign.keystore=forge.keystore -Dsign.alias=Forge -Dsign.storepass=${{ secrets.SIGN_STORE_PASS }} -Dsign.keypass=${{ secrets.SIGN_STORE_PASS }} -Dcardforge-repo.username=${{ secrets.FTP_USERNAME }} -Dcardforge-repo.password=${{ secrets.FTP_PASSWORD }} -Dandroid.sdk.path=/usr/local/lib/android/sdk -Dandroid.buildToolsVersion=30.0.3 -Dmaven.test.skip=true | |||
mvn -U -B -P android-release-build install -e -Dcardforge-repo.username=${{ secrets.FTP_USERNAME }} -Dcardforge-repo.password=${{ secrets.FTP_PASSWORD }} -Dandroid.sdk.path=/usr/local/lib/android/sdk -Dandroid.buildToolsVersion=33.0.2 -Dmaven.test.skip=true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signing isn't needed anymore?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's included on the android pom file, it will sign with v2, v3 on install phase using the modded signer
<plugin>
<artifactId>exec-maven-plugin</artifactId>
<version>3.4.1</version>
<groupId>org.codehaus.mojo</groupId>
<executions>
<execution>
<id>SignV2</id>
<phase>install</phase>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
<configuration>
<workingDirectory>${pom.basedir}</workingDirectory>
<executable>java</executable>
<arguments>
<argument>-jar</argument>
<argument>${pom.basedir}/tools/uber-apk-signer.jar</argument>
<argument>-a</argument>
<argument>${pom.basedir}/target/</argument>
<argument>--ks</argument>
<argument>forge.keystore</argument>
<argument>--ksAlias</argument>
<argument>Forge</argument>
<argument>--ksKeyPass</argument>
<argument>forge72</argument>
<argument>--ksPass</argument>
<argument>forge72</argument>
<argument>--debug</argument>
</arguments>
</configuration>
</plugin>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are those keystore passwords just placeholders for testing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check publish.bat in android module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Knowing that the keystore credentials have already been in a publicly visible file for the last 9 years isn't doing much to mitigate my concern... Someone would still need the keystore itself to do anything malicious but if those are the actual passwords then that's a layer of security that isn't doing anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the github actions template works on the pom file, feel free to update it since I don't know how those variable interact from github to maven via pom file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll admit I don't know much about that either, and the credentials would need to be changed by someone with more access than me anyway. I could open an issue for it but I'm hesitant to give security problems more visibility than necessary. It's probably not a huge problem in the short term though.