Turtle showing "jar is unsigned" messasge

#1

Hello,

I’m using Google Play App signing. I’ve created a keystore with the upload certificate, set the --keystore-alias and --keystore-path flags, as well as setting the EXPO_ANDROID_KEYSTORE_PASSWORD and EXPO_ANDROID_KEY_PASSWORD environment variables all with the correct values. When I run turtle I’m seeing the following output:

Jan 4 14:06:46 turtle[41770] INFO:    s = signature was verified 
  buildPhase: "verifying apk"
  source: "stdout"
Jan 4 14:06:46 turtle[41770] INFO:    m = entry is listed in manifest
  buildPhase: "verifying apk"
  source: "stdout"
Jan 4 14:06:46 turtle[41770] INFO:    k = at least one certificate was found in keystore
  buildPhase: "verifying apk"
  source: "stdout"
Jan 4 14:06:46 turtle[41770] INFO:    i = at least one certificate was found in identity scope
  buildPhase: "verifying apk"
  source: "stdout"
Jan 4 14:06:46 turtle[41770] INFO:  jar is unsigned.
  buildPhase: "verifying apk"
  source: "stdout"
Jan 4 14:06:46 turtle[41770] INFO:  copying build to fake upload directory
  buildPhase: "copying build artifact"
Jan 4 14:06:46 turtle[41770] INFO:  copied build to /Users/me/Desktop/build.apk
  buildPhase: "copying build artifact"

Any thoughts on what I’m doing wrong?

#2

Hello @theorchard,
unfortunately, turtle-cli doesn’t have support for Google Play App Signing. You must use raw keystore instead.

#3

Thanks for the reply @dsokal. Can you explain how to do that?

#4

https://docs.expo.io/versions/v31.0.0/distribution/turtle-cli#building-for-android

#5

Thanks. That’s exactly what I had followed – I created a keystore with the upload signing certificate from Google Play App Signing. Am I missing something?

#6

Generally, if you are not sure what is Android Keystore and how it’s different from upload key (https://developer.android.com/studio/publish/app-signing), you should trust Expo in generating one for you.
So, use expo build:android to do the first build, then run expo fetch:android:keystore to get your keystore from Expo servers, then you can use turtle-cli for further builds :slight_smile:

#7

The only problem with that approach is that you can’t opt out of App Signing by Google Play once you’ve opted in… so unfortunately my bundle identifier requires me to use it. I’m pretty sure that I’ve generated a keystore correctly with the upload certificate (as indicated in the Android app signing documentation), but I don’t understand the logging messages that cause turtle to fail to sign the app.

#8

Well, you can always choose a new android package name.

closed #9

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.