Provide way to sign package/bundle with custom keyfile without writing passphrase to log

[mungojam]

When I run msbuild with /t:SignAndroidPackage and provide a custom keystore, the keystore and key passwords end up being written out to the build log because it logs the call made to jarsigner / apksigner.

I wanted to prevent the passwords being written to the log, so I have ended up doing the signing as a separate step. In this step I make use of the :env the suffix in jarsigner or the env: prefix in apksigner before I switched to bundles.

Below is what my build looks like now. AndroidSigning_StorePass is an environment variable that I populate in a pre-build step with the password:

    commands:
       - msbuild MyProj/MyProj.csproj /restore
         /p:Configuration=Release
         /p:AndroidSdkDirectory=/android/sdk
         /t:Package
       - jarsigner -sigalg SHA256withRSA -digestalg SHA-256
         -keystore ../my.keystore
         -keypass:env AndroidSigning_StorePass
         -storepass:env AndroidSigning_StorePass
         -signedjar ./MyProj/bin/Release/com.me.myapp-Signed.aab
         ./MyProj/obj/Release/android/bin/com.me.myapp.aab $AndroidSigning_KeyAlias

The above seems to work fine, but it took a lot of effort to get there. It would be better if I could use the standard build target but still keep the sensitive data out of the log. Then I wouldn't need to do the custom signing and could benefit from any future tweaks that you put in the standard build target.

[dellis1972]

@mungojam Thanks for the bug report, I will take a look at adding a couple of new MSBuild properties which will provide the env and file versions of the -keypass and -storepass command line arguments.

In fact it might be easier to allow the user to do something like

/p:AndroidSigningStorePass=env:Foo //use an EnvVar
/p:AndroidSigningStorePass=file:Foo // use a File
/p:AndroidSigningStorePass=Foo // use Foo

we can then just parse those values in the task an use the correct argument.

[mungojam]

In fact it might be easier to allow the user to do something like

/p:AndroidSigningStorePass=env:Foo //use an EnvVar
/p:AndroidSigningStorePass=file:Foo // use a File
/p:AndroidSigningStorePass=Foo // use Foo

we can then just parse those values in the task an use the correct argument

happy with that solution for my own use. It does rely on people not happening to start their passwords with env: or file: though, unlikely but not implausible. I expect the same issue affects the underlying apksigner though. Up to you :)

[dellis1972]

Yup, if you have env: or file: in your password that would be a problem lol.

[brendanzagaeski]

Release status update

A new Preview version has now been published on Windows that includes the fix for this item. The fix is not yet included in a Release version. I will update this item again when a Release version is available that includes the fix.

The fix is not yet available on macOS. I will update this item again when a Preview version with the fix is available on macOS.

Fix included in Xamarin.Android 10.0.99.100.

Fix included on Windows in Visual Studio 2019 version 16.4 Preview 1. To try the Preview version that includes the fix, check for the latest updates in Visual Studio Preview.

Fix not yet available on macOS.

[mungojam]

Thanks, I actually need it for the Linux build of android which I fetch off Jenkins as part of a docker image. But that Linux build has been failing since earlier this year:

#2009

[mrk-han]

Hey @mungojam , we are also seeking the Android.Xamarin.Linux build and just noticed it has been failing for sometime now. Have you received any communication on this? The main build looks like it is just failing to communicate to Github... https://jenkins.mono-project.com/view/Xamarin.Android/job/xamarin-android-linux/