How to sign an apk through command line

问题

Be informed that we have created an apk file through command line with the help of Android SDK. Now since uploading it to google play store needs the apk to be signed. How shall we do this.

回答1:

Step 1

First you need to generate a private signing key

keytool -genkey -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000

This command will prompt you for a password for your keystore and key (also for some additional fields). Please remember to keep your keystore file private at anytime.

Step 2

Next you need to setup gradle

1. Place my-release-key.keystore which you generated in Step 1 under android/app

2. Update your ~/.gradle/gradle.properties under android/app and add the following

   MYAPP_RELEASE_STORE_FILE=my-release-key.keystore
   MYAPP_RELEASE_KEY_ALIAS=my-key-alias
   MYAPP_RELEASE_STORE_PASSWORD=<The password you choose earlier with the keytool>
   MYAPP_RELEASE_KEY_PASSWORD=<The password you choose earlier with the keytool>
   

Step 3

Finally you need to update your android/app/build.gradle.

android {
    ...
    defaultConfig { ... }
    signingConfigs {
        release {
            if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
                storeFile file(MYAPP_RELEASE_STORE_FILE)
                storePassword MYAPP_RELEASE_STORE_PASSWORD
                keyAlias MYAPP_RELEASE_KEY_ALIAS
                keyPassword MYAPP_RELEASE_KEY_PASSWORD
            }
        }
    }
    buildTypes {
        release {
            ...
            signingConfig signingConfigs.release
        }
    }
}

Now you can simply generate a signed release via the command line by running the following command in your android directory

./gradlew assembleRelease

The generated apk can then be found under your build/outputs/apk/release directory.

回答2:

1. First you need a keystore to begin the process. You will be signing your apk with this keystore and you need to sign with same keystore for future updates. Know more about keystore here: https://developer.android.com/studio/publish/app-signing#generate-key

2. Once you generate the keystore, you should jarsigner utility (which is available in JDK folder)

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore your-release-key.keystore android-release-unsigned.apk alias -storepass password

3. Next step is to use zipalign tool(available in android SDK folder) to verify the apk.

path-to-android-sdk/build-tools/version/zipalign -v 4 android-release-unsigned.apk android-prod-released-signed.apk

4. Last step is to verify with apksigner tool (available in android SDK folder)

path-to-android-sdk/build-tools/version/apksigner verify android-prod-released-signed.apk

PS: Replace paths, files and passwords with actual values

回答3:

Follow these commands to make the apk play store ready:

Step 1: Create an unsigned apk:

./gradlew assembleRelease

Step 2: Create a signed apk:

jarsigner -keystore YOUR_KEYSTORE_PATH -storepass YOUR_KEYSTORE_PASSWORD app/build/outputs/apk/release/app-release-unsigned.apk YOUR_KEY_ALIAS

Step 3: Zipaligning the apk:

your_android-sdk_path/android-sdk/build-tools/your_build_tools_version/zipalign -v 4 app/build/outputs/apk/release/app-release-unsigned.apk release.apk

来源：https://stackoverflow.com/questions/50705658/how-to-sign-an-apk-through-command-line