Change md5withRSA to SHA1withRSA which is the default sig alg.

[fekberg]

SHA1withRSA is now the default signature algorithm according to this JDK issue: https://bugs.openjdk.java.net/browse/JDK-6560733

[dnfclas]

This seems like a small (but important) contribution, so no Contribution License Agreement is required at this point. We will now review your pull request.
Thanks,
.NET Foundation Pull Request Bot

[fekberg]

I'd much rather see apksigner being used instead as per this https://bugzilla.xamarin.com/show_bug.cgi?id=57914

Meanwhile, I think moving away from MD5 is a good idea.

[dellis1972]

We have to be careful with the signing algorithm. In previous attempts to upgrade we found that apps published on the google play store no longer installed on older devices. Especially those which are stuck on older versions of android because the vendor stopped issuing updates. I would love to know if this change has the same problem.

In addition to apksigner we should probably parameterise the -sigalg value with an MSBuild property which defaults to md5withRSA but will allow the developer to upgrade if they want too.

[fekberg]

Do you have any records on what those devices are? I've got a hard time finding any good information about it.

Parameterising -sigalg is probably a better idea than changing it to another default value.

[dellis1972]

@fekberg I have an old Galaxy S1 which is on Android 2.3.6 which won't installer apps signed with a new algorithm. You get a weird error from google play when you try to. Its been a while though so I can't remember the exact problem.

[fekberg]

@dellis1972 That's a very old phone.. :) I haven't seen any apps that still targets anything below 4.x

[dellis1972]

I know games that target 2.3.6, its a very small part of the market though. Still, doing this with a parameter that the developer can override is probably the best way forward in this case.

I'm gonna work on apksigner this week so hopefully that will help too.

[fekberg]

@dellis1972 We had a discussion yesterday on Slack in regards of adding apksigner instead. Not sure you saw that?

Anyways, in the meantime, I could update the PR to parameterize this instead. Haven't done that before, is it enough to just add it as a property in this class and it magically works?

[dellis1972]

you can add a new string property SigningAlgorithm or something to the class. It will not need the [Required] attribute since we will make it optional.
The you can do a null check and replace the value with the old default md5withRSA.

You will also need to edit Xamarin.Android.Common.targets. Look for the _Sign target and add

SigningAlgorithm="$(AndroidSigningAlgorithm)"

at around [1].

[1] https://github.com/xamarin/xamarin-android/blob/master/src/Xamarin.Android.Build.Tasks/Xamarin.Android.Common.targets#L2441.

[dellis1972]

if you are feeling adventurous you could also document it at some point around https://github.com/xamarin/xamarin-android/blob/master/Documentation/build_process.md#AndroidVersionCodeProperties :P

[fekberg]

Awesome, thanks for pointing these out!

[fekberg]

@dellis1972 I've updated the PR with changes to the target.

I set it to this: SigningAlgorithm="$(_ApkSigningAlgorithm)" to use the same convention as the other parameters in that section.

[dellis1972]

Apart from the IDE messing up the formatting (we use tabs rather than spaces I'm afraid) this looks ok apart from the naming of _ApkSigningAlgorithm. Once that is fixed I'll merge this

[dellis1972]

we should use ApkSigningAlgorithm rather than _ApkSigningAlgorithm. In msbuild the convention is _ prefixed properties are private and should not be used by the end user. Ones without are public. So we should remove the _ since we expect the user to override this.

[fekberg]

Should be corrected now!

[dellis1972]

build

[dellis1972]

@fekberg cool. perfect. Just waiting for the PR builder to give it the thumbs up and we are good :) thanks for the PR!

[dellis1972]

@fekberg we have a typo here

IsNullorWitespace vs IsNullOrWitespace

[fekberg]

Oh my, sorry about that!

[dellis1972]

@fekberg really sorry, looks like you committed changes to the .sln.

[fekberg]

I was sure I reverted that.. Let me try again :)

[dellis1972]

cool :) thanks

[dellis1972]

build

[dellis1972]

build

[fekberg]

@dellis1972 Thanks for all the help, happy I can be of service!

[jonpryor]

Manually merged in commit 1b4af39, and documentation added.