fix: How to Bypass PrivateKeyEntry Expiry Check in Shorebird Release for Android APK Packaging

[JedTsai33]

When I execute the command shorebird release android --flutter-version=3.22.2 --artifact=apk to package the APK, an error "Failed to generate v1 signature" occurs. The error's cause is due to the expiration of the keystore's PrivateKeyEntry. However, using flutter build apk --release does not have this issue. Due to specific requirements, I cannot update the keystore. Is there a way to bypass the PrivateKeyEntry expiry check when executing shorebird release android to allow the APK to be packaged successfully?

[eseidel]

This might be related to shorebirdtech/shorebird#2113.

Are we using the correct key-store? e.g. just bundletool.jar (which is what we I think use to get the .apk out of the underlying .aab we build) is more strict than flutter build apk --release? Or are we using the wrong keystore in this case?

[JedTsai33]

The issue is not using the wrong keystore.

The main problem is that the Android keystore has expired, but we don't want to generate a new app when installing the app due to a new keystore. We want to use the original keystore to overwrite the app.

Previously, we tested that running the command flutter build apk --release can package the APK normally, but running the command shorebird release android --flutter-version=3.22.2 --artifact=apk does not work.

So I would like to ask for your help on whether there is a way to bypass the expired keystore check.

[JedTsai33]

I found that in the function buildReleaseArtifacts in buildReleaseArtifacts.dart, buildAppBundle is executed first, and then it is determined whether to execute buildApk. May I ask if it is possible to skip buildAppBundle and directly execute buildApk?