1396496 - Zerda for Android - internal alpha - Signing & Upload

Status: RESOLVED FIXED

(Release Engineering :: Release Requests, enhancement)

Description

[Wesley Huang [:wesley_huang] (EPM) (NI me)]

We want to release Project Zerda after code complete, for Mozillians to dogfooding

I'll attach the release APKs to this bug. We need to sign them with the release keys and upload them to Google Play.

Comment 1

[Kim Moir [:kmoir] ET]

jlorenzo: You mentioned that another bug documents the steps to create release keys - is this the bug 1366003 or is there another one?

Comment 2

[Kim Moir [:kmoir] ET]

Bug 1371318 has the steps for creating a new release key

Comment 3

[Max Liu [:maliu]]

Attachment: app-zerda-beta-943.apk

Comment 4

[Johan Lorenzo [:jlorenzo]]

Attachment: app-zerda-beta-943_signed-aligned.apk

Comment 5

[Wesley Huang [:wesley_huang] (EPM) (NI me)]

(In reply to Johan Lorenzo [:jlorenzo] from comment #4)
> Created attachment 8906638 [details]
> app-zerda-beta-943_signed-aligned.apk

There is a blocking issue found earlier today for this v943.
So we'll fix and provide another apk.

Comment 6

[Max Liu [:maliu]]

Attachment: app-zerda-webkit-beta-955_unsigned.apk

Comment 7

[Johan Lorenzo [:jlorenzo]]

Attachment: app-zerda-webkit-beta-955_signed-aligned.apk

APK signed. I see Sylvestre wasn't CC'd on the bug. Would you like to upload it, Sylvestre?

Comment 8

[Sylvestre Ledru [:Sylvestre]]

I would like but I can't:
---
Upload failed
You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint:
[ SHA1: 89:56:XX ]
and the certificate used to sign the APK you uploaded have fingerprint:
[ SHA1: 63:0F:XX ]
---

Comment 9

[Johan Lorenzo [:jlorenzo]]

Sylvestre and I investigated. It turns out there was 1 dummy APK already uploaded. Google Play is pretty simple in terms of trusting signing keys: It trusts the key of the first APK (it's a "trust on first use" model). 

Then, the dummy APK made the keys generated in bug 1396871, unusable. Sylvestre sees 3 scenarios:
a. We keep using the first signing key (the one of the dummy APK).
b. We contact Google Play support so they purge org.mozilla.zerda, and we upload a real first APK.
c. We create a new Google Play product with a different namespace. For instance: org.mozilla.rocket

I'd go with solution c, it's the fastest and most secure.

Solution a is risky: the machine that generated the signing key is a workstation, which was connected to a lot of different networks/services. The key generator may have been compromised. Moreover, the private key might have been stored insecurely.

Solution b would be the simplest. However, I doubt Google has a way to delete products, given our previous history[1].

Max, what do you think?

[1] https://johanlorenzo.github.io/blog/2017/06/12/part-3-how-mozilla-publishes-apks-onto-google-play-store-in-a-reasonably-secure-and-automated-way.html#there-is-no-way-to-rollback-to-previous-apks-even-if-you-ask-a-human

Comment 10

[Max Liu [:maliu]]

It's super surprise to me that it is our first-time bump to this problem. I thought the pair of upload key and package name is locked permanently in first upload apk is BASIC principle Google Play operation.

Please make sure this won't happen so easily next time. In our case this time, we only have to revoke the adjust token. In other scenarios, e.g. Leanplum/Firebase/GCE, we may have to replace all the credential bound to deprecate package name. This will block release-candidate testing when it was getting more close to launch date.

I will provide apk with solution C, with package name "org.mozilla.rocket"

Comment 11

[Max Liu [:maliu]]

Attachment: app-rocket-webkit-beta-1013_unsigned.apk

Comment 12

[Johan Lorenzo [:jlorenzo]]

Attachment: app-rocket-webkit-beta-1013_signed-aligned.apk

I'm sorry and I understand this unpleasantness. As far as I've seen, dummy APKs have never been uploaded to previous project. It's a first.

I don't see a way to have an automated check, on our end. Google doesn't even show a warning message the first time you upload APKs. Then, humans will have to be careful. This may blow back to us again.

I'll file a request to Google, to see if they can improve their workflow. That's our best bet, I think.

Comment 13

[Johan Lorenzo [:jlorenzo]]

I just chatted with the Google Play support. The person said it was a valid piece of feedback. She will transmit it to the right team. However, we won't have a way to track it. She said we could follow their tech blog[1] to see if that features gets in.

[1] https://android-developers.googleblog.com/

Comment 14

[Sylvestre Ledru [:Sylvestre]]

OK. 
1) I removed the zerda app
2) I created the rocket app
3) I updated the permissions for the two users having access to zerda
4) I uploaded the signed apk to the alpha track, worked fine

Now, we have to update the listing to be able to publish it

Comment 15

[Max Liu [:maliu]]

Attachment: app-rocket-webkit-beta-1033.apk

Hi Johan,

We have finished the beta testing and this version is ready for beta launch. Would you help to sign the apk, please? Thank you.


Hi Sylvestre,

After upload apk to google play console, would you help to add the google plus community as testers, please? Thank you.

https://plus.google.com/communities/105550538379640131671

Comment 16

[Sylvestre Ledru [:Sylvestre]]

The listing has to be updated to be able to publish anything.

Comment 17

[Johan Lorenzo [:jlorenzo]]

Attachment: app-rocket-webkit-beta-1033_signed-aligned.apk

Comment 18

[Wesley Huang [:wesley_huang] (EPM) (NI me)]

(In reply to Sylvestre Ledru [:sylvestre] from comment #16)
> The listing has to be updated to be able to publish anything.

all green now.