Notice (2018-05-24): bugzilla.xamarin.com is now in
Please join us on
Visual Studio Developer Community and in the
Mono organizations on
GitHub to continue tracking issues. Bugzilla will remain
available for reference in read-only mode. We will continue to work
on open Bugzilla bugs, copy them to the new locations
as needed for follow-up, and add the new items under Related
Our sincere thanks to everyone who has contributed on this bug
tracker over the years. Thanks also for your understanding as we
make these adjustments and improvements for the future.
Please create a new report for Bug 28461 on
Developer Community or GitHub if you have new
information to add and do not yet see a matching new report.
If the latest results still closely match this report, you can use the
In special cases on GitHub you might also want the comments:
GitHub Markdown with public comments
If I setup a keystore, alias and passwords on the Android Build preferences and my password contains the percent sign (%) or amperstand (&) it gets decoded by some kind of URL Decode and my password is always wrong.
To reproduce create a keystore using a passowrod like:
Setup the project preferences accordingly and try to make an Android Package to use it. On the Build log you'll see that the password will be always sent URL decoded to the jarsigner execution, breaking the package creation.
This is an MSBuild feature. The signing information is stored within a <PropertyGroup/>, as MSBuild properties:
MSBuild properties are not "literal" values; they're *interpreted* by MSBuild. For example, this allows *appending* values to MSBuild properties, as is done in Mono's Microsoft.Common.targets:
Because Property values are interpreted, any "special characters" need to be hex-escaped. This includes '$', '%', '@', and others:
Ok @jonpryor, I see that it is a MSBuild feature. But shouldn't Xamarin.Android plugin solve it so that despite the escaping the password to store on the XML it reaches jarsigner unescaped? As it is implemented today it doesn't matter if I escape it once or twice it always reaches the jarsigner as a wrong password.
> If I setup a keystore, alias and passwords on the Android Build preferences
Doh! I overlooked that.
Yes, absolutely, the IDE should properly escape your values on save.
@jon, back to you.
Even if we store the value of the password encoded in the .csproj, XA is still decoding it when it's passed to jarsginer.
The password above (MyPassw%34ord&Is%Very&Secure), stored encoded looks like
but gets passed to jarsigner like:
which is the same as if we had not stored the password encoded.
The %34 part of the password is being decoded into 4, even after being decoded initially from the csproj.
@greg: Back to you. :-)
There are two issues here:
1. Data stored within the .csproj needs to be properly encoded. That's you.
2. xbuild is buggy.
Assume the following escape.targets file:
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Run" ToolsVersion="4.0"
<Message Text="What is the escaped text? $(IsThisEscaped)" />
Run with xbuild:
$ xbuild escape.targets:
What is the escaped text? MyPassw4ord&Is%Very&Secure
Compare to MSBuild:
> msbuild escape.targets
What is the escaped text? MyPassw%34ord&Is%Very&Secure
These are not the same. :-)
jarsigner using the wrong string (Comment #4) is due to an xbuild bug, and rather outside my domain. (Aside: we're trying to migrate to MSBuild proper, though we don't know how long that will take.)
In the meantime, many of our customers *are* on Windows, and thus use the actual (working) MSBuild. Consequently, Xamarin Studio should properly encode the strings so that MSBuild/Windows can behave properly.