Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Signature

 Signature

The best practice to deal with keystore and signature in the project.

Keishin Yokomaku

May 22, 2015
Tweet

More Decks by Keishin Yokomaku

Other Decks in Technology

Transcript

  1. Signature @KeithYokoma - Drivemode, Inc. Shibuya.apk #1

  2. KeithYokoma Keishin Yokomaku Drivemode, Inc. Android Engineer GitHub: https://github.com/KeithYokoma Qiita:

    http://qiita.com/KeithYokoma e-Book: http://amzn.to/1mZNydv
  3. None
  4. Keystore • Containing “Key” and “Certification” • Every applications are

    signed with keystore • The same applications are signed with the same keystore
  5. • Valid until … • Store password: … • Key

    alias: … • Key password: … • Owner informations … Keystore
  6. debug.keystore release.keystore Signing app-debug.apk app-release.apk

  7. The problem

  8. The problem Where should we put the keystore?

  9. None
  10. • Possibility to lost keystore files • Who remembers password?

    • Manual operation to share keystore files • Dull to copy them by hand Shared drive?
  11. Shared drive? Yuck!

  12. Put keystores in the repository

  13. Repository • No chance to lost(we have a history!) •

    Quick set up build env with just cloning • Note: Safe to share them in PRIVATE repo
  14. None
  15. Wait, how do we share keystore password?

  16. Keystore password • Use `echo something_seed_value | md5` • Set

    it as ENV value
 ‘export KSTOREPWD=…’ • Read ENV value from build.gradle
  17. build.gradle android { signingConfigs { release { storePassword System.getenv("KSTOREPWD") keyPassword

    System.getenv(“KEYPWD”) } } }
  18. Looks Good To Me

  19. Signature @KeithYokoma - Drivemode, Inc. Shibuya.apk #1