nix: build unsigned Android APK, sign separately

[jakubgs]

This has several benefits:

• Less abuse of extra-sandbox-paths Nix option
• Less inputs to the Android release build derivation
• Easier for users to sign the build themselves
• Simplification of scripts/release-android.sh
• Preparation for building using Nix Flakes

The only two remaining credentials passed via extra-sandbox-paths is the Infura and OpenSea API keys, and there is no way around that other than passing them via Nix arguments, but that would cause them to end up in /nix/store as part of .drv files.

I'm also renaming release-fdroid to build-fdroid to be consistent.

Depends on: https://github.com/status-im/status-jenkins-lib/pull/42

[status-im-auto]

Jenkins Builds

Click to see older builds (108)

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	f7c551d	#1	2022-04-22 08:33:46	~10 min	android	📦apk 📲
✖️	f7c551d	#1	2022-04-22 08:34:00	~10 min	android-e2e	📦apk 📲
✔️	f7c551d	#1	2022-04-22 08:35:30	~12 min	ios	📦ipa 📲
❌	45962a7	#2	2022-04-22 09:03:49	~4 min	android-e2e	📄log
❌	45962a7	#2	2022-04-22 09:03:54	~4 min	android	📄log
✔️	45962a7	#2	2022-04-22 09:11:01	~11 min	ios	📦ipa 📲
❌	cd535b6	#3	2022-04-22 09:13:18	~3 min	android	📄log
❌	cd535b6	#3	2022-04-22 09:13:20	~3 min	android-e2e	📄log
✔️	cd535b6	#3	2022-04-22 09:21:37	~12 min	ios	📦ipa 📲
❌	301d816	#4	2022-04-22 10:32:11	~9 min	android-e2e	📄log
❌	301d816	#4	2022-04-22 10:32:17	~9 min	android	📄log
✔️	301d816	#4	2022-04-22 10:36:27	~13 min	ios	📦ipa 📲
❌	5b38ea6	#5	2022-04-22 10:52:30	~10 min	android-e2e	📄log
❌	5b38ea6	#5	2022-04-22 10:52:36	~10 min	android	📄log
✔️	5b38ea6	#5	2022-04-22 10:53:17	~11 min	ios	📦ipa 📲
❌	798670e	#6	2022-04-22 11:17:28	~9 min	android-e2e	📄log
❌	798670e	#6	2022-04-22 11:17:33	~9 min	android	📄log
✔️	798670e	#6	2022-04-22 11:19:58	~11 min	ios	📦ipa 📲
❌	5724c73	#7	2022-04-22 12:57:40	~10 min	android-e2e	📄log
❌	5724c73	#7	2022-04-22 12:57:44	~10 min	android	📄log
✔️	5724c73	#7	2022-04-22 12:57:53	~10 min	ios	📦ipa 📲
✔️	6605c06	#8	2022-04-22 13:33:53	~10 min	ios	📦ipa 📲
❌	6605c06	#8	2022-04-22 13:34:24	~11 min	android-e2e	📄log
❌	6605c06	#8	2022-04-22 13:34:38	~11 min	android	📄log
❌	fff11eb	#9	2022-04-22 13:52:01	~9 min	android-e2e	📄log
❌	fff11eb	#9	2022-04-22 13:52:18	~9 min	android	📄log
✔️	fff11eb	#9	2022-04-22 13:54:10	~11 min	ios	📦ipa 📲
❌	3ade370	#10	2022-04-22 14:24:14	~10 min	android-e2e	📄log
❌	3ade370	#10	2022-04-22 14:24:15	~10 min	android	📄log
✔️	3ade370	#10	2022-04-22 14:25:32	~11 min	ios	📦ipa 📲
❌	b72908e	#11	2022-04-22 14:37:55	~8 min	android-e2e	📄log
❌	b72908e	#11	2022-04-22 14:38:11	~9 min	android	📄log
✔️	b72908e	#11	2022-04-22 14:39:57	~11 min	ios	📦ipa 📲
❌	aefe291	#12	2022-04-22 15:33:41	~10 min	android	📄log
✖️	aefe291	#12	2022-04-22 15:34:00	~10 min	android-e2e	📦apk 📲
✔️	aefe291	#12	2022-04-22 15:34:47	~11 min	ios	📦ipa 📲
✖️	0e594c4	#13	2022-04-27 11:21:54	~11 min	android-e2e	📦apk 📲
✔️	0e594c4	#13	2022-04-27 11:22:13	~12 min	android	📦apk 📲
✔️	0e594c4	#13	2022-04-27 11:22:52	~12 min	ios	📦ipa 📲
✖️	0e594c4	#14	2022-04-27 13:08:17	~9 min	android-e2e	📦apk 📲
✖️	e3e0b16	#15	2022-05-09 10:48:04	~10 min	android-e2e	📦apk 📲
✔️	e3e0b16	#14	2022-05-09 10:49:54	~12 min	android	📦apk 📲
✔️	e3e0b16	#14	2022-05-09 10:50:19	~13 min	ios	📦ipa 📲
✖️	32dc588	#16	2022-05-10 07:17:07	~11 min	android-e2e	📦apk 📲
✔️	32dc588	#15	2022-05-10 07:17:27	~11 min	android	📦apk 📲
✔️	32dc588	#15	2022-05-10 07:18:14	~12 min	ios	📦ipa 📲
✔️	e0d9b24	#16	2022-05-10 11:41:03	~9 min	android	📦apk 📲
✖️	e0d9b24	#17	2022-05-10 11:41:14	~9 min	android-e2e	📦apk 📲
✔️	e0d9b24	#16	2022-05-10 11:47:52	~16 min	ios	📦ipa 📲
✔️	dfc1dfd	#17	2022-05-11 13:13:33	~15 min	android	📦apk 📲
✔️	dfc1dfd	#18	2022-05-11 13:14:09	~15 min	android-e2e	📦apk 📲
✔️	dfc1dfd	#17	2022-05-11 13:31:27	~32 min	ios	📦ipa 📲
✔️	a86f8e6	#19	2022-05-11 13:59:57	~8 min	android-e2e	📦apk 📲
✔️	a86f8e6	#18	2022-05-11 14:00:46	~9 min	android	📦apk 📲
✔️	a86f8e6	#18	2022-05-11 14:06:55	~15 min	ios	📦ipa 📲
❌	2440bfb	#19	2022-05-11 14:53:03	~9 min	android	📄log
❌	2440bfb	#20	2022-05-11 14:53:11	~9 min	android-e2e	📄log
✔️	2440bfb	#19	2022-05-11 14:59:20	~15 min	ios	📦ipa 📲
❌	5c01501	#21	2022-05-11 15:08:09	~11 min	android-e2e	📄log
❌	5c01501	#20	2022-05-11 15:08:27	~11 min	android	📄log
✔️	5c01501	#20	2022-05-11 15:11:51	~14 min	ios	📦ipa 📲
❌	5c01501	#21	2022-05-11 15:40:53	~9 min	android	📄log
✔️	5c01501	#22	2022-05-11 16:01:39	~10 min	android	📦apk 📲
❌	6f44c38	#22	2022-05-11 17:15:21	~8 min	android-e2e	📄log
❌	6f44c38	#23	2022-05-11 17:16:13	~9 min	android	📄log
✔️	6f44c38	#21	2022-05-11 17:19:03	~12 min	ios	📦ipa 📲
✔️	6f44c38	#24	2022-05-11 17:27:51	~9 min	android	📦apk 📲
✔️	15aef90	#23	2022-05-11 17:41:14	~11 min	android-e2e	📦apk 📲
✔️	15aef90	#25	2022-05-11 17:41:37	~11 min	android	📦apk 📲
✔️	15aef90	#22	2022-05-11 17:41:58	~12 min	ios	📦ipa 📲
✔️	8b60886	#24	2022-05-11 18:11:02	~9 min	android-e2e	📦apk 📲
✔️	8b60886	#26	2022-05-11 18:11:27	~10 min	android	📦apk 📲
✔️	8b60886	#23	2022-05-11 18:13:27	~12 min	ios	📦ipa 📲
✔️	6b1cb9d	#25	2022-05-11 18:32:31	~10 min	android-e2e	📦apk 📲
✔️	6b1cb9d	#27	2022-05-11 18:33:08	~10 min	android	📦apk 📲
✔️	6b1cb9d	#24	2022-05-11 18:38:14	~15 min	ios	📦ipa 📲
✔️	dda4726	#26	2022-05-12 17:11:45	~9 min	android-e2e	📦apk 📲
✔️	dda4726	#28	2022-05-12 17:11:47	~9 min	android	📦apk 📲
✔️	dda4726	#25	2022-05-12 17:29:48	~27 min	ios	📦ipa 📲
❌	eb0ad19	#27	2022-05-12 17:29:16	~1 min	android-e2e	📄log
❌	eb0ad19	#29	2022-05-12 17:29:17	~1 min	android	📄log
❌	eb0ad19	#30	2022-05-12 17:47:43	~9 min	android	📄log
❌	9758d9c	#28	2022-05-12 17:58:30	~8 min	android-e2e	📄log
❌	9758d9c	#31	2022-05-12 17:59:20	~9 min	android	📄log
❌	9758d9c	#32	2022-05-12 18:24:18	~10 min	android	📄log
✔️	9758d9c	#27	2022-05-12 18:31:39	~41 min	ios	📦ipa 📲
❌	09a47e7	#29	2022-05-12 18:40:39	~8 min	android-e2e	📄log
❌	09a47e7	#33	2022-05-12 18:41:26	~9 min	android	📄log
✔️	5782aaa	#34	2022-05-12 18:48:23	~9 min	android	📦apk 📲
✔️	5782aaa	#30	2022-05-12 18:49:13	~10 min	android-e2e	📦apk 📲
✔️	5782aaa	#29	2022-05-12 19:08:56	~30 min	ios	📦ipa 📲
✔️	9ca449f	#31	2022-05-12 19:40:32	~11 min	android-e2e	📦apk 📲
✔️	9ca449f	#35	2022-05-12 19:40:56	~11 min	android	📦apk 📲
✔️	9ca449f	#30	2022-05-12 19:44:36	~15 min	ios	📦ipa 📲
❌	9ca449f	#36	2022-05-13 15:48:53	~10 min	android	📄log
✔️	9ca449f	#37	2022-05-13 16:21:19	~10 min	android	📦apk 📲
✔️	d9ff0c4	#32	2022-05-19 07:36:44	~11 min	android-e2e	📦apk 📲
✔️	d9ff0c4	#38	2022-05-19 07:36:49	~11 min	android	📦apk 📲
✔️	d9ff0c4	#31	2022-05-19 07:39:38	~13 min	ios	📦ipa 📲
✔️	a3a9228	#33	2022-05-19 09:08:54	~8 min	android-e2e	📦apk 📲
✔️	a3a9228	#39	2022-05-19 09:09:03	~8 min	android	📦apk 📲
✔️	a3a9228	#32	2022-05-19 09:12:05	~11 min	ios	📦ipa 📲
✔️	56cf2ae	#34	2022-05-19 09:45:06	~8 min	android-e2e	📦apk 📲
✔️	56cf2ae	#40	2022-05-19 09:45:12	~8 min	android	📦apk 📲
✔️	56cf2ae	#33	2022-05-19 09:47:49	~11 min	ios	📦ipa 📲
✔️	5ecb34e	#35	2022-05-19 10:17:45	~8 min	android-e2e	📦apk 📲
✔️	5ecb34e	#41	2022-05-19 10:17:56	~9 min	android	📦apk 📲
✔️	5ecb34e	#34	2022-05-19 10:20:48	~11 min	ios	📦ipa 📲

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	747db0f	#42	2022-05-20 11:36:59	~9 min	android	📦apk 📲
✔️	747db0f	#36	2022-05-20 11:40:27	~12 min	android-e2e	📦apk 📲
✔️	747db0f	#35	2022-05-20 11:42:48	~15 min	ios	📦ipa 📲
❌	c05fc08	#37	2022-05-20 11:49:07	~8 min	android-e2e	📄log
❌	c05fc08	#43	2022-05-20 11:50:28	~10 min	android	📄log
✔️	c05fc08	#36	2022-05-20 11:54:03	~13 min	ios	📦ipa 📲

[jakubgs]

The APK signing process works, but I encountered an issue when installing:

 > adb install StatusIm-Mobile-220511-155039-5c0150-pr13296-universal.apk
Performing Streamed Install
adb: failed to install StatusIm-Mobile-220511-155039-5c0150-pr13296-universal.apk:
  Failure [
    -124: Failed parse during installPackageLI:
    Targeting R+ (version 30 and above) requires the resources.arsc of installed
    APKs to be stored uncompressed and aligned on a 4-byte boundary
  ]

Which apparently it's because the APK(which is a ZIP) needs to be "aligned":

Caution: You must use zipalign at one of two specific points in the app-building process, depending on which app-signing tool you use:

• If you use apksigner, zipalign must only be performed before the APK file has been signed. If you sign your APK using apksigner and make further changes to the APK, its signature is invalidated.
• If you use jarsigner, zipalign must only be performed after the APK file has been signed.

https://developer.android.com/studio/command-line/zipalign

And since in the current implementation I'm using jarsigner I have to either also run zipalign, or switch to using apksigner.

[jakubgs]

And indeed, signing with apksigner does work:

 > adb install ~/StatusIm-Mobile-220511-172946-15aef9-pr13296-universal.apk 
Performing Streamed Install
Success

[Parveshdhull]

Hi @jakubgs , what will be the difference between the output of build-android and release-fdroid.

[Parveshdhull]

And do we need release-fdroid?

[jakubgs]

Just look at the targets:
https://github.com/status-im/status-react/blob/56cf2ae03d460d7402b7d05ff9d0b860a6135519/Makefile#L202-L208
The first target builds an unsigned APK, the second one signs it. You cannot install an unsigned APK on an Android phone.

[jakubgs]

Ah, you're asking about the difference between release and fdroid build. Here it is:
https://github.com/status-im/status-react/blob/56cf2ae03d460d7402b7d05ff9d0b860a6135519/Makefile#L197-L201
https://github.com/status-im/status-react/blob/56cf2ae03d460d7402b7d05ff9d0b860a6135519/Makefile#L209-L213
There are two main differences:

• BUILD_TYPE - F-Droid build uses .env.release while build-android uses .env.nightly(not great naming, agreed).
• ANDROID_ABI_INCLUDE - F-Droid build includes x86_64 because that's what they need for their emulator.

Actually, maybe we should change the name of release-fdroid to build-fdroid to be more consistent. Since it's not signed.

[jakubgs]

Merged as: acfa73a