expo-cli
expo-cli copied to clipboard
Credentials Manager: Stores Keystore Key as Alias Key
Summary
Credentials Manager (expo credentials:manager
) stores Keystore Key as Alias Key, therefore any build with expo build:android -t app-bundle -c
while uploading my own keystore credentials leads to an error. The Alias Key isn't stored at all.
Environment
Expo CLI 4.12.1 environment info: System: OS: Linux 5.11 Ubuntu 21.04 (Hirsute Hippo) Shell: 5.1.4 - /bin/bash Binaries: Node: 16.0.0 - /usr/local/bin/node Yarn: 1.22.15 - /usr/bin/yarn npm: 7.10.0 - /usr/local/bin/npm npmPackages: @expo/webpack-config: ~0.12.63 => 0.12.82 expo: ^42.0.0 => 42.0.4 react: 16.13.1 => 16.13.1 react-dom: 16.13.1 => 16.13.1 react-native: https://github.com/expo/react-native/archive/sdk-42.0.0.tar.gz => 0.63.2 react-native-web: ~0.13.12 => 0.13.18 Expo Workflow: managed
Please specify your device/emulator/simulator platform, model and version
Ubuntu 21.04 (Linux), IntelliJ 2021.2.2 (Ultimate Edition)
Error output
When Running Gradle with expo build:android -t app-bundle -c
[stderr] Execution failed for task ':app:signReleaseBundle'.
[stderr] > A failure occurred while executing com.android.build.gradle.internal.tasks.Workers$ActionFacade
[stderr] > Failed to read key oberhauser-dev-01 from store "/tmp/turtle/keystore-1c0006fe-c326-4c0c-b4a0-ec6cabb4fc04.jks": Get Key failed: Given final block not properly padded
Reproducible demo or steps to reproduce from a blank project
I call:
expo credentials:manager
✔ Select platform › android ✔ What do you want to do? › Upload Keystore hashes ✔ Would you like to upload a Keystore or have us generate one for you? If you don't know what this means, let us generate it! :) › I want to upload my own file ✔ Path to the Keystore file. … /my-dev.jks ✔ Keystore password … myKeyStorePass ✔ Key alias … my-dev-01 ✔ Key password … myAliasKeyPass (other than the first, tried multiple times, copy paste and manual key inputs) Keystore updated successfully
Next: ✔ What do you want to do? › Download Keystore from the Expo servers ✔ Do you want to display the Android Keystore credentials? … yes Saving Keystore to @my-dev__my-dev.bak.jks Keystore credentials Keystore password: myKeyStorePass Key alias: my-dev-01 Key password: myKeyStorePass Path to Keystore: @my-dev__my-dev.bak.jks
Hey @Gustl22 ! I tried repro'ing your issue on the latest version of expo-cli, and I was not able to get this behaviour :/
For what it's worth, I tried:
- uploading my keystore through
expo credentials:manager
ANDexpo build:android -c
(flag clears previous credentials) - Downloaded the keystore through the website (https://expo.dev/accounts/[account]/projects/[project]/credentials?platform=android). if you navigate to the
Android (Classic)
tab, you can download your keystore and see the passwords that were uploaded. Also tried downloading via cli with same results.
Could you please perform a quick sanity check by downloading your keystore from the website to verify the problem is with the double passwords?
I updated my expo client from 4.12.1
(released 20 days ago) to 4.12.7
and it seems to work now. Thanks for your support!
I have rejoiced too soon:
I made the same procedure as before, then I displayed my credentials, they were correct.
After that, I executed the android build, which didn't work, because it cannot sign the package: https://expo.dev/accounts/naturfreunde/projects/naturfreunde-ski-alpin/builds/65b2fa12-342d-40e6-9ff5-14f6afc2bccf
Then I displayed the credentials again, and TADA again the password for the alias was the same as for the key store.
So it displays the right key until I close the Credential Manager, and start it again, then it displays the wrong key. On uploading there is no error displayed via expo-cli
Now I used the Website, to upload my key and I get the following error:
Error: Invalid JKS Keystore: Invalid keystore format
But this cannot be: I used the same file for my Android projects, and I can open it via KeyStore Explorer 5.4.4
So maybe Expo doesn't support jks
files generated by Android Studio, maybe...
Edit: I will create some new credentials via Android Studio, to be sure, and then try to upload them. I'll inform you.
@Gustl22 -- I looked into your project and it looks like you have a PKCS12 formatted keystore (you can see it in the Type
section in the Keystore ui)
Keystore passwords aren't relevant in this case -- PKCS12 formats have no keystore password and only a key password. I'll try to repro your issue with a pkcs keystore, but in the meantime, you can unblock yourself by converting your pkcs keystore to the more common jks format with the keytool
binary: keytool -importkeystore -srckeystore somekeystore.pkcs12 -destkeystore somenewkeystore.jks -deststoretype jks
You're right. I generated another Keystore + alias via Android Studio (Build -> Generate signed APK
with a valid Android Project). The Plugin proposed the file ending .jks
but actually it's a PKCS 12
. But I had to specify keystore password AND alias password.
So what I'm not sure about it the keystore password: In the expo-cli
you have to specify keystore
password and alias
password, too, with a .p12
file (after I renamed it). Further you can set both somehow via keytool
https://stackoverflow.com/questions/31228462/how-to-change-pkcs12-keystore-password-using-keytool
Thanks, I'm sure your solution works and I'll convert my keys to .jks
now. Nether the less, the expo-cli
should display some error or handle .p12
correctly, as it seems the default output of IntelliJ Android Plugin.
This issue is stale because it has been open for 60 days with no activity. If there is no activity in the next 7 days, the issue will be closed.
@quinlanj I'll try to reproduce again. But as nothing was updated here, I think the issue still exists. I'll let you know.
This appears to be resolved in EAS CLI (expo build:android
is deprecated). If you encounter this issue in the future, please open an issue on expo/eas-cli.