jarsigner: unable to sign jar: java.util.zip.ZipException: invalid entry compressed size (expected 463 but got 465 bytes)
You are trying to sign an already signed .apk.
You need to export an unsigned .apk file and then sign it with jarsigner.
You definitely are able to sign an already signed apk multiple times using different keys:
Note that you can sign an APK multiple times with different keys.
E.g. I accomplished to sign a Debug-Apk with the release key so that I was able to test upgrades of released versions. Also, I was able to sign an already released apk with the debug key for reproducing bugs.
This is what you should do
- Rename the
.apkfile to.zip - Unpack the
.zipfile and remove theMETA-INFfolder - Zip the folder again and rename it to
.apk - Sign the apk:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 \
-keystore my-release-key.keystore my_application.apk alias_name
For the debug key, the alias should be androiddebugkey and the password android. The debug keystore is per default $HOME/.android/debug.keystore. See also Signing in Debug Mode.
This is the 1 Liner/1 Step version of @Joerg's answer above:
zip -d foo.apk META-INF/\*
That uses the built in "delete from existing archive" functionality of the zip command. When you run that command you should see:
deleting: META-INF/MANIFEST.MF
deleting: META-INF/CERT.SF
deleting: META-INF/CERT.RSA
...as the output. Those files are the existing signature. Removing them allows you to sign it again.
I would also like to reiterate that you should be sure to pass the -sigalg SHA1withRSA and -digestalg SHA1 arguments to the jarsigner to avoid this issue: https://code.google.com/p/android/issues/detail?id=19567