"包文件没有正确签名 "错误--检测是否会发生在Google Play应用的apk上

本文是小编为大家收集整理的关于"包文件没有正确签名 "错误--检测是否会发生在Google Play应用的apk上的处理/解决方法，可以参考本文帮助大家快速定位并解决问题，中文翻译不准确的可切换到English标签页查看源文。

中文
English

问题描述

我在以下问题中描述的错误有问题:

特别是，当某些用户尝试下载我的Google Play应用时，他们会遇到错误，而其他则不会.

我的问题是:如何在提交之前检测问题是否会发生?

当我跑步时，值得的价值

jarsigner -verify -verbose -certs myapk.apk

我看到以下内容:

86226 SUN NOV 09 10:34:54 EET 2014 META-INF/SUFTEST.MF X.509， //[省略个人物品] [证书有效期为8/20/14 8:04 AM 到1/5/42 7:04 AM] [未经验证的证书:路径不链接任何信托主持人]//几百个类似于上述条目，然后:已验证罐子.

警告:此罐子包含其证书链没有的条目经过验证.这个罐子包含不包括一个的签名时间戳.没有时间戳，用户可能无法验证签名人证书的到期日期(2042-01-05)或在未来的任何撤销日期之后.

其他推荐答案

实际上并不是一个测试来查看APK是否可以签名，但我觉得这很有用:

我不久前就解决了这个问题我的解决方案:手动签名.
这是脚本:

#!/bin/bash
storepass="your store pass"
keypass="your key pass"
alias="alias"
if [ $# -lt 1 ]; then
    echo "$0 <apk file>"
    exit 1;
fi

filename=$(basename "$1")
extension="${filename##*.}"
filename="${filename%.*}"


if [ $extension != "apk" ]; then
    echo "Inputfile is no apk!"
    exit 1;
fi

cp $filename.apk $filename-tmp.apk
zip -d $filename-tmp.apk "META-INF*"
rm -rf $filename-signed.apk
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $keystore -storepass $storepass -keypass $keypass $filename-tmp.apk $alias
/Developer/android-sdk-macosx/build-tools/20.0.0/zipalign -f -v 4 $filename-tmp.apk $filename-signed.apk
rm -rf $filename-tmp.apk

您可能需要更新设置. 我已经使用多个设备(Galaxy Note 10.5，Samsung Galaxy S3，S5，Nexus 4，Lenovo Tab)进行了测试. 似乎很远.

(在Mac OSX上签名)

其他推荐答案

Cordova构建Android -Release

在确保对其进行配置之前: 在平台/android/中创建一个ant.properties文件，并使用钥匙库路径和别名名称:

key.store =/path/to/keystore/reasion_key_name.keystore key.alias = alias_name

您将提示输入密码.

将在平台/android/ant-build/app_name-release.apk中创建APK.

来源与 cordova-android/

本文地址：https://www.itbaoku.cn/post/1937934.html

百度翻译此文有道翻译此文

问题描述

I am having problems with the error described in the questions below:

Published Android apk gives error "Package file was not signed correctly"
Some (but not all) users receive "Package file was not signed correctly" when downloading my app from Google Play

Specifically, when some users try to download my Google Play app, they get the error, others don't.

My question is: how to detect before submission whether the problem is going to occur or not?

For what it's worth, when I run

jarsigner -verify -verbose -certs myapk.apk

I see something like the following:

86226 Sun Nov 09 10:34:54 EET 2014 META-INF/MANIFEST.MF X.509, //[personal stuff omitted] [certificate is valid from 8/20/14 8:04 AM to 1/5/42 7:04 AM] [CertPath not validated: Path does not chain with any of the trust anchors] // several hundred entries like the above, and then: jar verified.

Warning: This jar contains entries whose certificate chain is not validated. This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2042-01-05) or after any future revocation date.

其他推荐答案

Not actually a test to see if the apk is signed propably, but I feel this is usefull:

I got this problem a while ago, my solution: sign by hand.
Here is the script:

#!/bin/bash
storepass="your store pass"
keypass="your key pass"
alias="alias"
if [ $# -lt 1 ]; then
    echo "$0 <apk file>"
    exit 1;
fi

filename=$(basename "$1")
extension="${filename##*.}"
filename="${filename%.*}"


if [ $extension != "apk" ]; then
    echo "Inputfile is no apk!"
    exit 1;
fi

cp $filename.apk $filename-tmp.apk
zip -d $filename-tmp.apk "META-INF*"
rm -rf $filename-signed.apk
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $keystore -storepass $storepass -keypass $keypass $filename-tmp.apk $alias
/Developer/android-sdk-macosx/build-tools/20.0.0/zipalign -f -v 4 $filename-tmp.apk $filename-signed.apk
rm -rf $filename-tmp.apk

You might need to update for your settings. I have tested it with Multiple devices (Galaxy Note 10.5, Samsung Galaxy S3, S5, Nexus 4, Lenovo Tab)
Seems to work so far.

(Signed on Mac OSX)