Generate keys for VPN android app signing and try the signing process
For vpn#302 (closed) we need to generate 2 signing keys:
- Key 1 that will be used to sign the .aab file to upload to Google, and the .apk file for fdroid
- Key 2 that will be used by Google to sign the release on googleplay
So I think we can do the following:
-
Generate some test key and try signing the .aab file from https://tb-build-02.torproject.org/~dan/vpn/ to see how that works - done in !1261 (merged) -
Generate Key 1 and install it on our signing machine -
Upload the public part of Key 1 to google so they accept uploads from this key -
Manually sign the vpn .aab file, so we can try uploading it to google: https://people.torproject.org/~boklm/tmp/vpn/vpn-0.9.0-om-fc27c71d341ee2b8a6cb5db534458ad598a14135-release-signed.aab -
Generate Key 2 and send it to google -
Try publishing the signed .aab file on googleplay
Some pages about .aab signing:
- https://developer.android.com/studio/publish/app-signing
- https://stackoverflow.com/questions/50560045/sign-android-app-bundle-from-command-line
- https://stackoverflow.com/questions/43121499/how-to-sign-aar-artifacts-in-android/43196242#43196242
- https://medium.com/ama-xperteye/signing-apks-or-libraries-for-release-in-android-21aa8bcc03f3
(some of those pages are about signing .aar files, not .aab, and I confused them before, but it looks like both are signed in the same way)
/cc @dan
Edited by boklm