[mythtv] Android version signing key
Peter Bennett
pb.mythtv at gmail.com
Mon Sep 10 15:16:22 UTC 2018
I am no Android expert so please correct me if I have anything wrong here.
The signing key that we use with development is a temporary key with a 1
year expiration. Anybody who is using it may encounter a problem after 1
year.
Upgrading your installation with a package that has a different signing
key is not allowed. Anybody who installed David's build will have to
uninstall before being able to install Peter's build, for example.
I have a site on bintray.com where I can distribute android packages
(this is where I also have the Raspberry Pi packages). However they need
to have a consistent signing key so that people can upgrade.
I can either
1. Create my own keystore and sign the builds I put on bintray with it.
Nobody else could create builds that are compatible.
2. Create a keystore and add it to git and add the password to the
script. Everybody can build compatible packages but security-conscious
people would be very unhappy.
3. Add the keystore to git and keep the password secret, known only to
developers and authorized people.
Any ideas?
I don't know about adding the application to the play store. There are
some restrictions and requirements. New apps must target at least
Android 8.0 (API level 26). Maximum size of apk is 100MB (we squeak in
just below that without plugins), other things.
I never use plugins. Should they be included? I would prefer them to be
a separate package installed afterward, but I don't know how to do that
with android.
Peter
More information about the mythtv-dev
mailing list