Bug 22897 - Publish Android Package should sign with SHA1 on 4.2 and below
Summary: Publish Android Package should sign with SHA1 on 4.2 and below
Alias: None
Product: Xamarin Studio
Classification: Desktop
Component: Android Add-in ()
Version: unspecified
Hardware: PC All
: Normal normal
Target Milestone: 5.8.x (C4SR3)
Assignee: Greg Munn
: 23811 24539 ()
Depends on:
Reported: 2014-09-11 21:15 UTC by Joe
Modified: 2015-03-12 04:26 UTC (History)
12 users (show)

Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Joe 2014-09-11 21:15:55 UTC
Certain Android versions are unable to install packages signed with SHA256, 4.2 and lower I think? It appears as though Xamarin Android signs with whatever the default JDK is installed with. With 1.6 it defaults to SHA1, with 1.7, SHA256. It should likely always pass appropriate arguments based on what the minimum Android version is. I am aware that it requires 1.6, but I only had 1.7 installed, and the SDK location appeared valid.
Comment 1 Arpit Jha 2014-09-12 03:24:50 UTC
I have checked this issue and able to reproduce it.

I tried following steps to reproduce it.
1.Create a PCL application.
2.Go to Right click of Android project -> Option ->Android Application and 
 General. Set Minimum Android version,Target android version and Target Framework
 to 1.6.
3. Select Android Project. Go to Project -> Add Package -> Add .Net Utilities from
  Nuget Gallery Which Signed with SHA256 Algorithm.

I observed that Unable to install package with a build Error "Could not install package 'Pro.NET.Utilities 1.0.5351.31691'. You are trying to install this package into a project that targets 'MonoAndroid,Version=v1.6', but the package does not contain any assembly references or content files that are compatible with that framework. For more information, contact the package author."

Screencast Regarding same: http://screencast.com/t/pmU5jIGp

Environment Info :
=== Xamarin Studio ===

Version 5.3 (build 441)
Installation UUID: f75f53ae-7c21-493c-8339-c2031a7f0448
	Microsoft .NET 4.0.30319.34014
	GTK+ 2.24.22 (MS-Windows theme)
	GTK# 2.12.25

=== Xamarin.Android ===

Version: 4.16.0 (Trial Edition)
Android SDK: D:\android-sdk
	Supported Android versions:
		1.6    (API level 4)
		2.1    (API level 7)
		2.2    (API level 8)
		2.3    (API level 10)
		3.0    (API level 11)
		3.1    (API level 12)
		4.0    (API level 14)
		4.0.3  (API level 15)
		4.1    (API level 16)
		4.2    (API level 17)
		4.3    (API level 18)
		4.4    (API level 19)
		4.4.87 (API level 20)
Java SDK: C:\Program Files (x86)\Java\jdk1.6.0_31
java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b05)
Java HotSpot(TM) Client VM (build 20.6-b01, mixed mode)

=== Build Information ===

Release ID: 503000441
Git revision: befb6aa1176d37a5f678f4274f340a0159091b7a
Build date: 2014-09-08 20:54:12-04
Xamarin addins: 6dc7c388e31fdfc8014689839d37de0d4622435c

=== Operating System ===

Windows 6.2.9200.0 (64-bit)
Comment 2 Atsushi Eno 2014-09-17 04:08:19 UTC
@arpitj: I'm confused;

- what did you mean by PCL application? Do you actually mean Android application?
- ".Net Utilities" is a NuGet package right?
  I cannot add this to Android project because it is not compatible with Android.
  Furthermore I don't think PCL package signing has nothing to do with android apk packaging.

I still need information on how to reproduce this, especially because as far as I chcked we explicitly invoke "jarsigner" with argument "-digestalg SHA1".
Comment 3 Arpit Jha 2014-09-17 04:31:33 UTC

Yes I agree with your comment.It is incompatible with Android So that unable to add this nuget package.
Comment 4 Atsushi Eno 2014-09-17 06:04:06 UTC
This turned out to be XS publisher workflow issue. XA xbuild invokes jarsigner with "-sigalg md5WithRSA -digestalg SHA1" correctly, but XS does not seem to be doing it. I could successfully create installable apk to API Level 10 emulator.

If you are using Business+ license, you can workaround the problem by manually running MSBuild (or xbuild) as follows:

$ MSBuild {your_app_csproj} /p:Configuration=Release /p:AndroidSigningKeyStore={your_keystore_file} /p:AndroidSigningStorePass={your_keystore_pwd} /p:AndroidSigningKeyAlias={your_key_alias} /p:AndroidSigningKeyPass={your_key_alias_pwd} /t:SignAndroidPackage
Comment 5 Alexandre Rocha Lima e Marcondes 2014-09-25 14:31:12 UTC
Wouldn't it be great to have an advanced mode on the publishing dialog on XS that allows us to choose the algorithms to be used accordingly to the JDK you are using?

Maveriks comes with Java 7 and it would break by default on Android 4.2 and lower versions.
Comment 6 Alexandre Rocha Lima e Marcondes 2015-02-03 07:30:27 UTC
Just to give notice to Xamarin, there are duplicates of this report or at least somewhat related regarding the signing algorithm and JDK 7:

* https://bugzilla.xamarin.com/show_bug.cgi?id=24539
* https://bugzilla.xamarin.com/show_bug.cgi?id=23811
* https://bugzilla.xamarin.com/show_bug.cgi?id=13154
Comment 7 Peter Collins 2015-02-03 18:34:45 UTC
*** Bug 23811 has been marked as a duplicate of this bug. ***
Comment 8 Peter Collins 2015-02-03 18:34:49 UTC
*** Bug 24539 has been marked as a duplicate of this bug. ***
Comment 9 Greg Munn 2015-02-09 11:02:37 UTC
Fixed in master
Comment 14 Mohit Kheterpal 2015-03-11 15:09:18 UTC
@Peter @Greg Apologise for the same, Actually I have followed steps given in comment 1.

Could you please provide the steps so that I can reproduce this issue and verify it efficiently.

Comment 15 Peter Collins 2015-03-11 15:22:32 UTC
@Mohit: To reproduce, the system requires jdk 1.7 or higher:
1. Switch to release configuration in the IDE
2. Select Project -> Publish Android Application
3. Follow the publishing workflow to completion, which should result in an *-Aligned.apk being created in your project directory.
4. Attempt to install the *-Aligned.apk on any device with an API level lower than 4.2
 >adb install *-Aligned.apk
5. Installation should _not_ fail with the error [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
Comment 16 Alexandre Rocha Lima e Marcondes 2015-03-11 15:24:07 UTC
How can I acess the master release? I understand it is pre-alpha.
Comment 17 Greg Munn 2015-03-11 15:33:22 UTC
Project | Publish Android Application is only available in XS 5.8, for 5.9 and above you will need to use the new publishing workflow (Build | Archive for Publishing, Distribute).
Comment 18 Mohit Kheterpal 2015-03-11 15:46:32 UTC
Thanks @Peter I am able to reproduce this issue by following your steps given in comment 15 using Samsung Galaxy Tab 3 (4.4.2).

Thanks @Greg Now I am able to install .apk file on Samsung Galaxy Tab 3 (4.4.2). using steps given in your comment 17 and I have installed java on my machine.

Hence closing this issue.

Comment 20 Ben Beckley 2015-03-11 17:44:18 UTC
The fix has been verified to work on one of the latest XS master builds,
6.0.0 (build 104) 46eb1666836b6dad9f8b90952e4d28f06972bd22
This was tested on a Motorola Droid X2 using API 2.3.5 with java version "1.7.0_67".

Also as expected, the failure still occurs on the latest stable version of XS,
5.8 (build 443)
Comment 21 Saurabh 2015-03-12 04:26:02 UTC
I have checked this Issue with latest Master build of XS and Cycle 4 Service Release 3 build of XS using steps mentioned in Comment#15. I am successfully able to install .apk  on device having version below 4.2 (Samsung S2 Version 4.1.2)

Using C4SR3 build:
C:\Users\Saurabh\AppData\Local\Android\android-sdk\platform-tools>adb install \Users\Saurabh\Desktop\TestAndroidApp.TestAndroidApp.apk
345 KB/s (3494030 bytes in 9.871s)
        pkg: /data/local/tmp/TestAndroidApp.TestAndroidApp.apk
rm failed for -f, No such file or directory

Build Details: https://gist.github.com/saurabh360/f43d919d2a537a66a32c

Using Master build:
C:\Users\Saurabh\AppData\Local\Android\android-sdk\platform-tools>adb install \Users\Saurabh\Desktop\com.companyname.testandroid.apk
652 KB/s (3520719 bytes in 5.270s)
        pkg: /data/local/tmp/com.companyname.testandroid.apk
rm failed for -f, No such file or directory

Build Details: https://gist.github.com/saurabh360/a38b1646c01e1c4f6312