so each time I try to build for Android I’m getting:
28 actionable tasks: 28 executed
[stderr]
FAILURE: Build failed with an exception.
[stderr]
* What went wrong:
[stderr]
Execution failed for task ':app:packageRelease'.
[stderr]
> com.android.ide.common.signing.KeytoolException: Failed to read key XYZ from store "/tmp/turtle/keystore-XYZ.jks": Get Key failed: Given final block not properly padded
[stderr]
* Try:
[stderr]
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
[stderr]
* Get more help at https://help.gradle.org
[stderr]
BUILD FAILED in 3m 45s
Error: ./gradlew exited with non-zero code: 1
at ChildProcess.completionListener (/app/turtle/node_modules/@expo/xdl/node_modules/@expo/spawn-async/build/spawnAsync.js:52:23)
at Object.onceWrapper (events.js:317:30)
at emitTwo (events.js:126:13)
at ChildProcess.emit (events.js:214:7)
at maybeClose (internal/child_process.js:915:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:209:5)
...
at spawnAsync (/app/turtle/node_modules/@expo/xdl/node_modules/@expo/spawn-async/build/spawnAsync.js:17:21)
at spawnAsyncThrowError (/app/turtle/node_modules/@expo/xdl/build/detach/ExponentTools.js:169:43)
at buildShellAppAsync (/app/turtle/node_modules/@expo/xdl/build/detach/AndroidShellApp.js:697:11)
at <anonymous>
@thomascdaly I’ve seen that exact error message before and it was a credentials issue. If you haven’t uploaded any previous versions to the store yet, just run the build command with -c flag which will clear credentials and generate new ones. You can also run expo fetch:android:keystore and verify whether those credentials are valid for the keystore.
@thomascdaly yours looks to be keystore related as well,
Execution failed for task ':app:packageRelease'.
> com.android.ide.common.signing.KeytoolException:
Hey @charliecruzan, the command I ran is expo build:android --clear-credentials --no-publish --type app-bundle and entered in the path to the keystore I wanted to use with the associated passwords and alias. My understanding is that this will clear the existing keystore, upload a new keystore, and build an android bundle signed with the specified keystore.
after the build failed, I fetched the keystore that was in on expo’s servers, and it was not the one that I uploaded.
This was such a stupid process. We went through the whole expo opt-in-google-play-signing process and thankfully we thought to hang onto the .jks.bak file and the details that Expo spat out when opting into Google Play signing. Expo suggested that it should delete the cert from their servers given that I’d confirmed that Google Play signing was turned on.
Then we ran into the exact issue above. Builds were failing because Expo couldn’t find the cert. Derp. So we ran expo build:android --clear-credentials -t app-bundle just to get builds working again. We let Expo generate its own cert because we didn’t think it mattered. When we tried to push this to Google Play we got the error:
[!] Google Api Error: apkNotificationMessageKeyBundleSignedWithWrongKey: The Android App Bundle was signed with the wrong key. Found: SHA1: 43:4A:06:DB:…, expected: SHA1: CA:94:83:B8:…
So we ran keytool -list -v -keystore app_sign.jks.bak -alias QGNoYXJnZWZ to check the fingerprint of the .jks.bak file that Expo spat out. Lo and behold it’s the exact cert that we still need to be signing our builds with.
So we ran another build with --clear-credentials and uploaded that cert back to Expo’s servers and everything works again now.
@charliecruzan I have a .jks which I would like to use to sign the bundle (the same one we’ve been using all along for previous builds), expo build:android --clear-credentials --no-publish --type app-bundle fails to upload and sign using the .jks I specify.
I read the doc you posted, but don’t see anything I might have missed. Can you confirm that the command I listed should upload the specified .jks and sign the app bundle? I’ve double checked that the .jks is valid and that the credentials I enter when prompted are correct.
Yes, you are correct. Can you provide a link to one of those builds?
Error posted by the original author of this topic was caused by opt-in-google-play-signing, did you used this command too?
When you clear credentials does keystore stay the same or is it a new one (expo fetch:android:hashes)?
What version of expo-cli are you using?
@wkozyra this was not caused by running opt-in-google-play-signing - our app was already enabled for Google Play signing prior to trying to build an app bundle.
Expo version 3.0.9
The hashes before and after a failed build are the same.
Can you run keytool -list -keystore keystore.jks on keystore you want to use and on the one on expo servers.
What is the Keystore type (should be jks)?
Are Certificate fingerprints matching ones on app signing page in google play console?