I am using apksigner binary that comes with android build tools (29.0.2). First, i upload an unsigned apk file to Artifactory as a part of CI/CD process. In signing phase, i download the apk from Artifactory (that is successfull), and trying to sign the file using apksigner like that:
COMMAND: '/yarrak/sdk/android/build-tools/29.0.2/apksigner' sign --ks /yarrak/tool/gradle/jks/TST.jks --ks-pass "pass:siktasak123" --out /yarrak/var/data/build-dir/MOBO-JOB1/myfile-signed-r.apk /yarrak/var/data/build-dir/MOBO-JOB1/myfile-signed.apk
Things to mention:
- I create the output apk file and set file permissions to 775 before signing
- I am working in Linux environment
- The apk file is uploaded from a MacOS machine to Artifactory
Below command throws the error:
Exception in thread "main" com.android.apksig.apk.ApkFormatException: Malformed APK: not a ZIP archive at com.android.apksig.ApkSigner.sign(ApkSigner.java:217) at com.android.apksig.ApkSigner.sign(ApkSigner.java:193) at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:340) at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83) Caused by: com.android.apksig.zip.ZipFormatException: ZIP End of Central Directory record not found at com.android.apksig.apk.ApkUtils.findZipSections(ApkUtils.java:57) at com.android.apksig.ApkSigner.sign(ApkSigner.java:215) ... 3 more
What could be the reason? I though the unsigned apk file might be somehow corrupted while uploading to Artifactory from a MacOS machine.
I have solved the problem. The problem was not caused by Artifactory upload.
In my development scenario, apart from the .apk file, a .json file is uploaded right after the original one (apk), and that .json file is a definition-like file and does not contain any binary as you may guess. In the upload phase, i named two files same by mistake (just be careful with the variables and scopes). Naturally, in the sign phase, the last file override my to-be-signed file and my apksigner binary could not sign a .json file that disguised as an archive file.