Android 代码签名

要在 Play Store 上发布，你需要使用数字证书签署你的应用。

¥To publish on the Play Store, you need to sign your app with a digital certificate.

Android App Bundles 和 APK 必须先签名，然后才能上传以供分发。

¥Android App Bundles and APKs must be signed before being uploaded for distribution.

Google 还为 Play Store 中分发的 Android App Bundles 提供了额外的签名机制。有关更多信息，请参阅 官方 Play App Signing 文档。

¥Google also provides an additional signing mechanism for Android App Bundles distributed in the Play Store. See the official Play App Signing documentation for more information.

创建密钥库和上传密钥

¥Creating a keystore and upload key

Android 签名需要 Java Keystore 文件，可以使用官方 keytool CLI 生成：

¥Android signing requires a Java Keystore file that can be generated using the official keytool CLI:

macOS/Linux

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload

Windows

keytool -genkey -v -keystore $env:USERPROFILE\upload-keystore.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload

此命令将 upload-keystore.jks 文件存储在你的主目录中。如果你想将其存储在其他地方，请更改传递给 -keystore 参数的参数。

¥This command stores the upload-keystore.jks file in your home directory. If you want to store it elsewhere, change the argument you pass to the -keystore parameter.

:::tip 提示

• keytool 命令可能不在你的 PATH 中。你可能会发现它安装在与 Android Studio 一起安装的 JDK 中：

  ¥The keytool command might not be in your PATH. You may find it installed in the JDK that is installed with Android Studio:

Linux

/opt/android-studio/jbr/bin/keytool ...args

Android Studio 目录路径取决于你的 Linux 发行版

¥Android Studio directory path depends on your Linux distribution

macOS

/Applications/Android\ Studio.app/Contents/jbr/Contents/Home/bin/keytool ...args

Windows

C:\\Program Files\\Android\\Android Studio\\jbr\\bin\\keytool.exe ...args

:::

安全警告

将 keystore 文件保持私密；不要将其签入公共源代码控制！

¥Keep the keystore file private; don’t check it into public source control!

有关更多信息，请参阅 官方文档。

¥See the official documentation for more information.

配置签名密钥

¥Configure the signing key

创建一个名为 [project]/src-tauri/gen/android/keystore.properties 的文件，其中包含对你的密钥库的引用：

¥Create a file named [project]/src-tauri/gen/android/keystore.properties that contains a reference to your keystore:

password=<password defined when keytool was executed>
keyAlias=upload
storeFile=<location of the key store file, such as /Users/<user name>/upload-keystore.jks or C:\\Users\\<user name>\\upload-keystore.jks>

安全警告

将 keystore.properties 文件保持私密；不要将其签入公共源代码控制。

¥Keep the keystore.properties file private; don’t check it into public source control.

你通常会在 CI/CD 平台中生成此文件。以下代码片段包含 GitHub Actions 的示例作业步骤：

¥You will usually generate this file in your CI/CD platform. The following snippet contains an example job step for GitHub Actions:

- name: setup Android signing
  run: |
    cd src-tauri/gen/android
    echo "keyAlias=${{ secrets.ANDROID_KEY_ALIAS }}" > keystore.properties
    echo "password=${{ secrets.ANDROID_KEY_PASSWORD }}" >> keystore.properties
    base64 -d <<< "${{ secrets.ANDROID_KEY_BASE64 }}" > $RUNNER_TEMP/keystore.jks
    echo "storeFile=$RUNNER_TEMP/keystore.jks" >> keystore.properties

在此示例中，密钥库使用 base64 -i /path/to/keystore.jks 导出到 base64 并设置为 ANDROID_KEY_BASE64 密钥。

¥In this example the keystore was exported to base64 with base64 -i /path/to/keystore.jks and set as the ANDROID_KEY_BASE64 secret.

配置 Gradle 以使用签名密钥

¥Configure Gradle to use the signing key

通过编辑 [project]/src-tauri/gen/android/app/build.gradle.kts 文件，配置 gradle 以在发布模式下构建应用时使用你的上传密钥。

¥Configure gradle to use your upload key when building your app in release mode by editing the [project]/src-tauri/gen/android/app/build.gradle.kts file.

1. 在文件开头添加所需的导入：

   ¥Add the needed import at the beginning of the file:

   import java.io.FileInputStream

2. 在 buildTypes 块之前添加 release 签名配置：

   ¥Add the release signing config before the buildTypes block:

   signingConfigs {
       create("release") {
           val keystorePropertiesFile = rootProject.file("keystore.properties")
           val keystoreProperties = Properties()
           if (keystorePropertiesFile.exists()) {
               keystoreProperties.load(FileInputStream(keystorePropertiesFile))
           }
   
           keyAlias = keystoreProperties["keyAlias"] as String
           keyPassword = keystoreProperties["password"] as String
           storeFile = file(keystoreProperties["storeFile"] as String)
           storePassword = keystoreProperties["password"] as String
       }
   }
   
   buildTypes {
       ...
   }

3. 在 buildTypes 块中的 release 配置中使用新的 release 签名配置：

   ¥Use the new release signing config in the release config in buildTypes block:

   buildTypes {
       getByName("release") {
           signingConfig = signingConfigs.getByName("release")
       }
   }

现在将自动签名你的应用的发布版本。

¥Release builds of your app will now be signed automatically.