03-24-2011 07:30 PM
I just solved the problem that I know a few of us have been having while exporting a release build from Burrito and version 0.9.4 of the SDK. I thought I should post the solution here so that others can make sure their apps are properly signed.
Here's the problem: People are trying to export their apps using Flash Builder by following the steps listed here: http://docs.blackberry.com/en/developers/deliverab
Upon exporting their app, they may realize that the app was still not properly signed. I'm going to assume that a lot of people will not even discover that their apps are not signed, because this was my case until I read a post saying you can check the META-INF directory to see if your app is properly signed. Flash Builder fails silently and looks like it created a signed app, so if you've used Burrito to export your release, I would double check it.
To check if your app is signed: Change the file extension of your app from .bar to .zip and extract the file. In there, you will find a META-INF directory. Inside that folder, if you have only the MANIFEST.MF file, your app is not properly signed!
You should have the following files, indicating that your app is signed:
So what happens if you've done everything and you still can't export a release that is signed? Here's what I've discovered. The solution:
I read someone say that you can only sign your app once per version number, so that is step one. Make sure that you increment your versionNumber in your "-app.xml" file, found in your Flash Builder project. Each time you export a release, you MUST increment this versionNumber.
The second problem that I discovered completely by fluke is that the "copyright" tag must contain your vendor name exactly as you have indicated when registering with the RIM signing authority. This was my mistake. It's very misleading because the comment above the <copyright> tag says that it's an optional tag, but this couldn't be further from the truth. I discovered this because in the MANIFEST.MF, there is a line with Package-Author and this gets set directly by your copyright tag.
So make sure that you have set the copyright to your vendor name and increment the versionNumber on every build. Then you should be good to use Flash Builder to export your releases.
I really hope this helps anyone experiencing problems.
Oh, one last thing... If you're having problems because you can't find out where your release was exported to, read my other post about what happens to the bin-release directory here :
03-24-2011 08:26 PM
Still no dice on my end - app-dev-mode is set to false. Kudos regardless, if anything for the lurkers you'll inevitably help out in the future.
03-24-2011 10:00 PM
wailord, what is your problem with signing? is it just not giving you the 5 files? something i noticed was that when i created my .p12 in flash builder it would not sign correctly. I have other ideas though for what may be wrong.
03-24-2011 10:09 PM
Yeah, the five files never show up. I've grown so used to signing with the command line that I just went ahead with that. Sure, it'd be nice to have a GUI to guide me, but it's not the end of the world... the certificate wasn't made with FB.
03-29-2011 09:06 PM - edited 03-29-2011 09:08 PM
And even using all you tips I have one project which doesnt want to be signed whatewer I do!!!
3 other apps signed well!
PS While signing from command line I've got only 3 files under META-INF:
Is that ok?
03-29-2011 09:14 PM - edited 03-29-2011 09:17 PM
Figured this out!
In case you are using blackberry-tablet.xml
Please pay attention to
you have to put exactly the same vendor you've put during key registration, and yes it is CASE SENSITIVE string.
03-30-2011 08:25 PM
Thank you clinch - this is helpful - but i am still not seing those files in the bar. I tried to use command line but it appears you can only use single CSJ once and in my case it is already linked to Flash Builder. Can I request another CSJ and have two valid signing methods - one from Flash Builder and one from command line? I am bit confused. Also what happens to version number - does the incrementing is specific to each method - so that if i have last signed in Flahs Builder version 1.0.1 and now go with command line can i re-sign as 1.0.1 or does it have to be 1.0.2?
BTW - this version increment is kind of stupid thing. I had 1.0.0 submitted, now my signing failed with 1.0.1 -- so do i need to "skip" a version and go to 1.0.2 (what if it fails few more times?) or it only counts when it is succesfully signed?
03-30-2011 08:55 PM
I am going to answer part of my own question:
- the CSJ registration is once per PC
therefore it appears i do not need to connect and authorize the pc once I have done it from Buritto.
However now when I try to sign from command line I get bunch (a lot) of hex numbers and at the end:
barsigner error: Can't find resource for bundle net.rim.device.codesigning.barsigner.BarSignerReso
The question about incrementing still stands: do I need to increment only after succesfull signing or EACH TIME i run the signing tool (even when the signing fails?)