Build online but do not sign

2025-07-13 05:16:43 +02:00 · 2024-11-01 11:24:51 -04:00
parent 6bd821985f
commit 8cab348eed
3 changed files with 46 additions and 101 deletions
--- a/sign.sh
+++ b/sign.sh
@ -0,0 +1,38 @@
+#!/bin/bash
+set -e
+
+# Script to sign unsigned APKs
+# Assumptions:
+# 1. Your PGP key is already imported on the locally running agent
+# 2. An Android SDK is located at $ANDROID_HOME (or ~/Android/Sdk as fallback)
+
+usage() {
+  echo "sign.sh <PATH_TO_KEYSTORE> <PATH_TO_BUILD_DIR>"
+  exit 1
+}
+
+if [ -z "$1" ] || [ -z "$2" ] || [ ! -f "$1" ] || [ ! -d "$2" ]; then
+  usage
+fi
+
+KEYSTORE_LOCATION="$1"
+BUILD_DIR="$2"
+
+read -s -p "Enter your keystore password: " KEYSTORE_PASSWORD
+
+if [ -z "$ANDROID_HOME" ]; then
+  ANDROID_HOME=~/Android/Sdk
+fi
+if [ ! -d "$ANDROID_HOME" ]; then
+  echo "Could not find Android SDK!" >&2
+  exit 1
+fi
+
+for apk in "$BUILD_DIR"/*-release*.apk; do
+  unsignedApk=${apk/-release/-unsigned}
+  mv "$apk" "$unsignedApk"
+  ${ANDROID_HOME}/build-tools/$(ls ${ANDROID_HOME}/build-tools/ | tail -1)/apksigner sign --ks "$KEYSTORE_LOCATION" --ks-pass pass:"${KEYSTORE_PASSWORD}" --out "${apk}" "${unsignedApk}"
+  sha256sum ${apk} | cut -d " " -f 1 >"$apk".sha256
+  gpg --batch --sign --detach-sig "$apk".sha256
+  rm "$unsignedApk"
+done