Bug 8560 - Keystore creator (Publish Android Application...) ignores requested validity period
Summary: Keystore creator (Publish Android Application...) ignores requested validity ...
Status: RESOLVED FIXED
Alias: None
Product: Visual Studio Extensions
Classification: Xamarin
Component: Android ()
Version: 3.0
Hardware: PC Windows
: High major
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-11-22 13:07 UTC by Yvan Rodrigues
Modified: 2016-03-14 10:46 UTC (History)
14 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Yvan Rodrigues 2012-11-22 13:07:03 UTC
If you don't have a release keystore, "Publish Android Application..." offers a way to create one. It asks all the right questions, but when it generates the keystore the validity period is 6 months instead of whatever you requested.

To make things more confusing, uploading an app signed with this keystore to Google Play results in a misleading error message explaining that the package was signed in debug mode. What it *means* is that typically debug keys have a short life expectancy, and it is far short of the ~23 year expiration requirement.

REPRODUCE:
1. Create a keystore using the GUI tool.
2. Verify the keystore, note validity.

WORKAROUND: follow the instructions "Creating a Private Keystore" at http://docs.xamarin.com/Android/Guides/Deployment%252C_Testing%252C_and_Metrics/publishing_an_application/Part_1_-_Preparing_an_Application_for_Release#Creating_a_Private_Keystore
Comment 1 Yvan Rodrigues 2012-11-22 16:55:07 UTC
There is an alternate explanation.

When using the GUI tool to sign my project I get the messages:

Packaging successfully completed
Attempting to Sign package with custom key

Failed to sign package
jarsigner: unable to open jar file: C:\\Users\\Yvan\\Dropbox\\Red Cell Innovation\\Projects\\City of Guelph Tourism App\\Source\\Guelph.App.Android.VisitGuelph\\Guelph.App.Android.VisitGuelph\\bin\\Release\\Guelph.App.Android.VisitGuelph-Signed.apk

Attempting to Align package

Failed to Align package
jarsigner: unable to open jar file: C:\\Users\\Yvan\\Dropbox\\Red Cell Innovation\\Projects\\City of Guelph Tourism App\\Source\\Guelph.App.Android.VisitGuelph\\Guelph.App.Android.VisitGuelph\\bin\\Release\\Guelph.App.Android.VisitGuelph-Signed.apk

The filenames that it uses are incorrect, and not what I entered in the dialog.
Comment 2 TotallyEvil Devs 2013-01-03 13:49:19 UTC
+1 confirmation from me. I had to manually override the keystore for all Release builds to finally get the APK uploaded to Android Market.

I used a keystore that we created back in April 2012 to publish Mayan Tiles and it also did not get used by the publication tool (in VS2010). Nothing I did seemed to work to get the signature out of debug mode until I did the manual override by setting properties in the csproj file and creating my own keystore.

This was using version 4.4.54.
Comment 3 Aranda 2013-01-11 12:16:40 UTC
This is affect me too using VS2010 MfA 4.4.54. I'm not really sure how to work around it - @TotallyEvil Devs, could you expand on your workaround? I don't recall ever creating a keystore on PC or the VS2010 Publish wizard ever asking about it either.
Comment 4 TotallyEvil Devs 2013-01-11 12:33:13 UTC
Step 1:

setlocal
set path=C:\"Program Files"\Java\jdk1.6.0_16\bin;%path%
keytool.exe -genkey -v -keystore arandas_key.keystore -alias Aranda -keyalg RSA -keysize 2048 -validity 25000 -storepass my_password_here -keypass same_password_here
endlocal
pause

You set the "arandas_key.keystore" to a file name of your choosing. You will use this keystore file forever.

You set the Alias -> "Aranda" above -> to something else. We use "TotallyEvil".

"my_password_here"
"same_password_here"

These are your keystore passwords. If you don't specify the password on the command line, it will ask you for it. Just don't forget it. 

Step 2:

Edit your csproj file:

  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
    <DebugType>none</DebugType>
    <Optimize>true</Optimize>
    <OutputPath>bin\Release\</OutputPath>
    <DefineConstants>TRACE;ANDROID</DefineConstants>
    <ErrorReport>prompt</ErrorReport>
    <WarningLevel>4</WarningLevel>
    <AndroidUseSharedRuntime>False</AndroidUseSharedRuntime>
    <AndroidLinkMode>Full</AndroidLinkMode>
    <AndroidLinkSkip />
    <EmbedAssembliesIntoApk>True</EmbedAssembliesIntoApk>
    <!-- Here is the fun -->
    <AndroidKeyStore>True</AndroidKeyStore>
    <AndroidSigningKeyStore>PathToYourKeyStoreFile\arandas_key.keystore</AndroidSigningKeyStore>
    <AndroidSigningStorePass>my_password_here</AndroidSigningStorePass>
    <AndroidSigningKeyAlias>Aranda</AndroidSigningKeyAlias>
    <AndroidSigningKeyPass>same_password_here</AndroidSigningKeyPass>
  </PropertyGroup>

That's it. Make sure you edit the AndroidManifest file to set the app_icon. It’s not enough to do this in the Activity attributes, but you have to do it at the application level as well, otherwise it will get rejected.
Comment 5 Aranda 2013-01-11 13:33:18 UTC
Thanks TotallyEvil, I appreciate it. I ended up reading through the link Yvan posted and it does explain the process, for some reason I skipped over the link last time:

http://docs.xamarin.com/Android/Guides/Deployment%252C_Testing%252C_and_Metrics/publishing_an_application/Part_1_-_Preparing_an_Application_for_Release#Creating_a_Private_Keystore)

Xamarin team: Is this a definite bug or are we expected to go manually create and manage our keystore?
Comment 6 Miguel de Icaza [MSFT] 2013-05-22 14:25:01 UTC
Michael,

Should we add UI to Xamarin Studio/Visual studio to handle this?

The documentation linked is kind of long and boring.
Comment 7 Arthur Daley 2013-08-20 12:55:07 UTC
No offence, but not only is the documentation long and boring, but the process doesn't work.

I get the following in the output window:

_____________________________________________________________________

Attempting to Sign package with custom key

Failed to sign package
jarsigner: unable to open jar file: <path>/<projectname>.Android.apk

Attempting to Align package

Failed to Align package
jarsigner: unable to open jar file: <path>/<projectname>.Android.apk
______________________________________________________________________


Isn't being able to actually deploy your application a kind of basic requirement?

I'm kind of amazed by this, when paying $1000 per license... I kind of expected it work.
Comment 8 Arthur Daley 2013-08-20 13:16:56 UTC
Sorry... I was having a "moment".
Comment 9 Herman Schoenfeld 2013-10-21 03:04:41 UTC
Confirmed this still is not fixed in Oct 21, 2013.. Xamarin team acting like their product still open source. Unacceptable.
Comment 13 Dylan Wilson 2014-02-18 05:09:58 UTC
I also experienced this today.
Comment 14 Atsushi Eno 2014-09-01 04:27:15 UTC
Still present.
Comment 15 Atsushi Eno 2014-09-01 05:01:20 UTC
Actually it is not the case. At present, we need to create a new key that is valid at least for *25* years. With that long term, the dialog resulted in generating valid apk.

I verified this with XS. VS may still have this issue, so keeping this open.
Comment 16 dean.ellis 2016-03-14 10:46:00 UTC
I created a keystore with a 22 year expiration using the UI in VS. 
I then verified the expiration date using the keytool and it was reporting that the keystore had a 22 year expiration. 

I am therefore closing this issue as fixed.