Android: Add proper APK signing & zipalign'ing

[hoffie]

APKs currently do not seem to be signed. The androiddeployqt does not contain the relevant parameters:

jamulus/autobuild/android/autobuild_apk_2_build.sh

Line 33 in 5f8ce85

"${QTDIR}"/bin/androiddeployqt --input $(ls *.json) --output android-build --android-platform android-30 --jdk "${JAVA_HOME}" --gradle

This means that APKs are currently signed with debug keys (which, I assume, are freshly generated in each new run).

02-19 11:55:00.948  1070  1625 W PackageManager: Package com.github.jamulussoftware.jamulus signatures do not match previously installed version; ignoring!
02-19 11:55:00.965   462 30113 E         : Couldn't opendir /data/app/vmdl2123040391.tmp: No such file or directory
02-19 11:55:00.965   462 30113 E installd: Failed to delete /data/app/vmdl2123040391.tmp: No such file or directory

$ /opt/android-sdk/build-tools/30.0.3/apksigner verify --print-certs jamulus_3.8.2beta1_android.apk 
Signer #1 certificate DN: C=US, O=Android, CN=Android Debug
Signer #1 certificate SHA-256 digest: 027398c8681ae8f1eb530afc224e1acbc9a904752af435c37e4e8fcfd47e568f
Signer #1 certificate SHA-1 digest: e080c2b954df6cd94d1305fc025d96a4068f12c8
Signer #1 certificate MD5 digest: af64a6a9340ed57910e387fd8ba1d8b8

$ /opt/android-sdk/build-tools/30.0.3/apksigner verify --print-certs jamulus_3.8.2rc1_android.apk 
Signer #1 certificate DN: C=US, O=Android, CN=Android Debug
Signer #1 certificate SHA-256 digest: 61a02eb837389a9cf17bb7f4b91f3ec72e81e27e19b9a7d3a88fd59142f8497b
Signer #1 certificate SHA-1 digest: b584757c43598e2fb18cac1227ca47600a14816b
Signer #1 certificate MD5 digest: 07eea7058e5a4cd42e14984a50dc64f3

Has this feature been discussed and generally agreed?

No. I believe this is one (maybe even the one) reason for #1760. As signing is a separate, non-trivial task and as I'm not sure if it solves everything, I'm opening this as a dedicated issue.

Describe the solution you'd like

Without having put much effort into research, I assume that simply signing with a proper, permanent self-signed certificate should work: https://doc.qt.io/qtcreator/creator-deploying-android.html#signing-android-packages

Hints that this is the likely root cause:
https://stackoverflow.com/questions/41709102/package-signatures-do-not-match-the-previously-installed-version/41711890#41711890
https://qa.h-mdm.com/5207/cannot-upgrade-the-application-signatures-do-not-match

• Only start work after autobuild logic refactoring has been completed
• Securely generate a key
• Store it in Github secrets
• Modify autobuild androiddeployqt call to use the key from Github secrets
• Ensure that zipalign is also run
• Verify that the Warnining/Error/Update problem goes away

Describe alternatives that have been considered

cc @NickHyHo

[ann0see]

To me it seems as if there's a lot of work to be done on Android: Fdroid wants Qt to be compiled from source, the Android build takes ages, signing, improving latency,...

Back to signing:

1. If we add signing we should publish the public key
2. We need to change the autobuild logic to point to a non-debug build
3. I don't get why we set the build option "release" but still generate a debug build

[pljones]

If we add signing we should publish the public key

Should be easy enough - each key that jamulussoftware/jamulus uses should have its public key published. We just need to find out how and where...

We need to change the autobuild logic to point to a non-debug build

... would that improve latency, too..?

[ann0see]

... would that improve latency, too..?

I doubt that. How much does the debug build differ on Windows?

[pljones]

don't get why we set the build option "release" but still generate a debug build

Is it anything other than the signing that isn't "release"? That is, is it just debug for signing as the cert isn't supplied

[hoffie]

To me it seems as if there's a lot of work to be done on Android: Fdroid wants Qt to be compiled from source, the Android build takes ages, signing, improving latency,...

Yes. Let's track that individually though. :)

Back to signing:

1. If we add signing we should publish the public key

I'm not opposed, but I don't see a huge benefit, so it'd just be another burden. I don't think there's an easy way to verify those keys for end users. The most important part seems to be that the key doesn't change.

2. We need to change the autobuild logic to point to a non-debug build

Yes. That's implicit with signing according to the docs.

3. I don't get why we set the build option "release" but still generate a debug build

The build option is just for the Qt-related part, not for the Android-related part. Despite that, it's redundant and should be removed as that's the default in Jamulus.pro by now, IIRC.

[NickHyHo]

Thanks for putting in this effort, everybody! I can't help with coding/building, but I'm happy to test whatever comes out of the pipeline in due course, just let me know... N. ;-)

[pljones]

This appears to have gone stale for 3.9.0. Moving to 3.9.1.