When releasing apk via gradle, we have to sign it with our keystore and its password. The easiest way is to include our keystore link and password directly in build.gradle:
android {
...
signingConfigs {
release {
storeFile file("my.keystore")
storePassword "store_password"
keyAlias "my_key_alias"
keyPassword "key_password"
}
}
buildTypes {
release {
signingConfig signingConfigs.release
}
}
}
Separating keystore and Password From build.gradle
Some articles like Signing Open Source Android Apps Without Disclosing Passwords and Use signing.properties file which controls which keystore to use to sign the APK with gradle give us a way by making a properties file which build.gradle file will refer, then we add it to git ignore list. But what happens when we forget to add the properties file to ignore list? We will disclose our password to the world. The problems still persist.Instead making properties file in the same directory within our project, we should make it outside. We make it outside by using gradle.properties file.
Here the steps (all code can be download from my gist):
1. Edit or create gradle.properties on your root project and add the following code, remember to edit the path with your own:
AndroidProject.signing=/your/path/androidproject.properties
2. Create androidproject.properties in /your/path/ and add the following code to it, don't forget to change /your/path/to/android.keystore to your keystore path:
STORE_FILE=/your/path/to/android.keystore
STORE_PASSWORD=yourstorepassword
KEY_ALIAS=yourkeyalias
KEY_PASSWORD=yourkeypassword
3. In your app module build.gradle (not your project root build.gradle) add the following code if not exist or adjust to it:
signingConfigs {
release
}
buildTypes {
debug {
debuggable true
}
release {
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
}
4. Add the following code below the code in step 3:
if (project.hasProperty("AndroidProject.signing")
&& new File(project.property("AndroidProject.signing").toString()).exists()) {
def Properties props = new Properties()
def propFile = new File(project.property("AndroidProject.signing").toString())
if(propFile.canRead()) {
props.load(new FileInputStream(propFile))
if (props!=null && props.containsKey('STORE_FILE') && props.containsKey('STORE_PASSWORD') &&
props.containsKey('KEY_ALIAS') && props.containsKey('KEY_PASSWORD')) {
android.signingConfigs.release.storeFile = file(props['STORE_FILE'])
android.signingConfigs.release.storePassword = props['STORE_PASSWORD']
android.signingConfigs.release.keyAlias = props['KEY_ALIAS']
android.signingConfigs.release.keyPassword = props['KEY_PASSWORD']
} else {
println 'androidproject.properties found but some entries are missing'
android.buildTypes.release.signingConfig = null
}
} else {
println 'androidproject.properties file not found'
android.buildTypes.release.signingConfig = null
}
}
Now we don't need to worry again of risk of exposing our keystore password.
The above step have been test on Android Studio 1.4.1 in Slackware64 current with these settings in build.gradle:
- 'com.android.tools.build:gradle:1.2.3'
- buildToolsVersion "22.0.1"
Note:
Article is heavily being influenced with Handling signing configs with Gradle article.
References:
1. Handling signing configs with Gradle
2. Use signing.properties file which controls which keystore to use to sign the APK with gradle.
3. http://stackoverflow.com/questions/20562189/sign-apk-without-putting-keystore-info-in-build-gradle
4. Signing Open Source Android Apps Without Disclosing Passwords
5. Where to put the gradle.properties file
6. Gradle Doc, Configuring the build environment via gradle.properties
0 comments:
Silahkan tinggalkan komentar anda: