Welcome to the Oculus Developer Forums!

Your participation on the forum is subject to the Oculus Code of Conduct.

In general, please be respectful and kind. If you violate the Oculus Code of Conduct, your access to the developer forums may be revoked at the discretion of Oculus staff.

APK is signed with Signature Scheme V3

NinjaGGNinjaGG Posts: 251 Oculus Staff
edited May 2019 in Oculus Go Development
Some of you may have encountered this error prompt recently when uploading your APK:
ERROR: APK is signed with Signature Scheme V3, which is not yet supported. Please disable signing with Scheme V3 and upload again.
Our build upload and scanning process in the past has only supported v1 APK signing. However, recent change in the process now fully enforces v1 APK signing, resulting in the message you are seeing now.

As such, if you're using Unity, you should be able to use Gradle to v1 sign. To do so, make sure you generate a custom Gradle template (https://docs.unity3d.com/Manual/android-gradle-overview.html), which should create a file called mainTemplate.gradle. Open this file in your preferred text editor and add in the following line:

v2SigningEnabled false

A perfect example of what the mainTemplate.gradle file should look like can be found here: https://developer.android.com/about/versions/nougat/android-7.0#apk_signature_v2

If you are not using Unity or prefer not to use Gradle (and want to use the regular internal build system instead), you can use jarsigner (found in your JDK bin folder) to sign your built APK with v1. To do so, use the following command (replacing the variables in <> with your app's specific arguments):

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <KEYSTORE> -storepass <STOREPWD> -keypass <KEYPWD> <APKFILE> <ALIASNAME>
If you need immediate help or want additional support/context on an issue you are having with our platform or integrations:

1. Gather any and all logs, screenshots, and version numbers of relevant software (Oculus SDK, engine, etc.)
2. Please submit a ticket here (include what you've gathered in step 1).
3. Tag me @NinjaGaijin once you have done so!

Comments

  • rhillCampfirerhillCampfire Posts: 24 Oculus Start Member
    Hi. Where in the mainTemplate.gradle file should "v2SigningEnabled false" be included? The page you link to has it inside a release {} block and after a keyPassword line. In mainTemplate.dradle, the keyPassword line doesn't exist, thought the release {} block does. So I tried it inside the release {} block right after a line that says **SIGNCONFIG** but that failed. I also tried it instead of **SIGNCONFIG** and that failed. Etc.

    Where within the mainTemplate.gradle file, should the line "v2SigningEnabled false" be included?


  • vexdevelopervexdeveloper Posts: 2
    NerveGear
    Oculus why are you still using V1? V2 and V3 signing is now a thing maybe you could update your system to be more inline with 2019 build process
  • doudoiddoudoid Posts: 15 Oculus Start Member
    Where within the mainTemplate.gradle file, should the line "v2SigningEnabled false" be included?
    Wish I had seen this a couple days ago! I just went through this process. Add a block just below the **SIGN** block. If you need to, you can see the full expansion of the template by checking "Export" from the build dialog.

    **SIGN**
      // Add this block just below **SIGN**
      signingConfigs {
        release {
          v1SigningEnabled true
          v2SigningEnabled false
        }
      }
      


    GOD THANKS !
  • mccmcc Posts: 36
    Brain Burst
    It creates a problem for our process that the Go mandates v1 and the Quest mandates v2 signing— we do not care which signing you use, but it is inconvenient the Oculus devices disagree with each other. Is there a plan to eventually support v2 signing on the Go…? (I understand there are reasons why Gear apps still require v1 signing.)
  • ruibalp-oculusruibalp-oculus Posts: 7 Oculus Staff
    @mcc - If we added a feature to allow V2/V3 signatures for Go but prevented the binary from being visible to Gear VR, would something like that work?
  • mccmcc Posts: 36
    Brain Burst
    @ruibalp-oculus, that feature would be helpful to us!
  • LeomagpocLeomagpoc Posts: 1
    NerveGear
    is there any news on allowing v2 signatures on go I've been trying to use a custom gradle as suggested and I am not able to get my alpha apps to work on my go. I am sure if I keep trying I will figure it out, but I am wondering if I should wait if they are planning on an easier solution soon.
  • JaVo93JaVo93 Posts: 1
    NerveGear
    edited December 2019
    @NinjaGG

    I have an issue with Signing for the Oculus Quest. I use the newest Oculus integration version and Unity 2019.2.
    I followed your advice with the maintemplate. Unfortunately in the builded gradle:

       signingConfigs {
            release {
        v1SigningEnabled true
        v2SigningEnabled true
              
            }
        }

    both is set to true, although I wrote in my template false.

    The android manifest has   <uses-feature android:name="android.hardware.vr.headtracking" android:version="1" android:required="false" />

    Do you have any advice please?

    Edit: I got it working with zipalign and apkdesigner. 

    Unfortunately when I give other users for testing purposes access they have an issue that oculus go is activated in the app settings. How I can switch to quest?
  • myerpheusmyerpheus Posts: 3
    NerveGear
    Hello community, I am having issues trying to get V2 signing turned off despite following the above advice from @NinjaGG and @pld_google

    The attempted upload via the OVR Platform tool will not let me upload to my alpha build channel, after I have created a custom gradle template and turned off V2 signing.  Any advice?  
  • myerpheusmyerpheus Posts: 3
    NerveGear
    "ERROR: APK is signed with Signature Scheme V2, which is not yet supported. Please disable signing with Scheme V2 and upload again" :(
  • Heaney-555Heaney-555 Posts: 134
    Art3mis
    @mcc - If we added a feature to allow V2/V3 signatures for Go but prevented the binary from being visible to Gear VR, would something like that work?
    Please do this, especially now that Gear VR support is dropped from the SDK!
  • quentindecagnyquentindecagny Posts: 4
    NerveGear
    I just tried everything to add those lines (v1Signing...) in the maintemplate, but none of my dozens (without exaggeration) of attempts seemed to be able force v1 instead of v2 signing. Can someone explain here how to use this maintemplate as if i were new to Unity (which i'm absolutely not) ?
    My current work version 2019.3.0

  • demolabnokiademolabnokia Posts: 1
    NerveGear
    edited May 4
    This is really something very annoying and weird at the same time. I spent a whole day trying to fix this signing error. First in my case I was trying to upload the app through the web portal and everytime it just hangs in the uploading process without any error. After some investigation I found the command line tool and only then I was able to see that there's an issue with the signing. Dashboard web didn't say anything it just hangs showing a random (1/3) or (2/3) progress.

    Using the command line I got the error "APK was signed with V2 which is not compatible" .. then I get to this thread. I enabled the "Custom gradle template" option and inserted the following code in the template (following the above advice):

    **SIGN**
      // Add this block just below **SIGN**
      signingConfigs {
        release {
          v1SigningEnabled true
          v2SigningEnabled false
        }
    }

    However, this didn't work and my surprise was when I saw that Unity for whatever reason, was overwriting the false by a true. So when I check the template generated during the build (in my case: Temp/GradleOut/build.gradle) I can see how Unity during the build overwrote the false with a "true". So the generated template in my case was something like:

    signingConfigs {
        release {
            storeFile file('PATH_TO_MY_KEYSTORE')
            storePassword 'XXX'
            keyAlias 'XXX'
            keyPassword 'XXX'
        v2SigningEnabled true
        }
    }
    signingConfigs {
      release {
        v1SigningEnabled true
        v2SigningEnabled true
      }
    }

    So to skip this weird behaviour what I did is just to keep saving the "build.gradle" file during the build process (this way I overwrite the one generated by Unity) and this actually works and I could upload the app. But this is really, nasty and ugly trick .. I don't even dare to call it a "workaround" .. it seems that Unity is not respecting what I'm putting in the template and just put true for the v2SigningEnabled no matter what I had put in the template.

    EDIT: 
    I find the the culprit, it's the script OVRGradleGeneration.cs as explained in the following post [1]. To fix the issue in my case I just deleted the whole Oculus OVR asset in Unity since I was not using OVR for anything.

    To check that your apk has actually been generated correctly, you can use the apksigner to verify which signatures are included, for example:

    apksigner.bat verify --verbose myapp.apk
    Verified using v1 scheme (JAR signing): true
    Verified using v2 scheme (APK Signature Scheme v2): false
    Number of signers: 1

    BTW: my Unity version is 2018.4.19f1
    [1] forum.unity.com/threads/how-to-modify-build-gradle-in-a-build-script.720656/
Sign In or Register to comment.