[mythtv] Android version signing key

Peter Bennett pb.mythtv at gmail.com
Mon Sep 10 15:16:22 UTC 2018


I am no Android expert so please correct me if I have anything wrong here.

The signing key that we use with development is a temporary key with a 1 
year expiration. Anybody who is using it may encounter a problem after 1 
year.

Upgrading your installation with a package that has a different signing 
key is not allowed. Anybody who installed David's build will have to 
uninstall before being able to install Peter's build, for example.

I have a site on bintray.com where I can distribute android packages 
(this is where I also have the Raspberry Pi packages). However they need 
to have a consistent signing key so that people can upgrade.

I can  either
1. Create my own keystore and sign the builds I put on bintray with it. 
Nobody else could create builds that are compatible.
2. Create a keystore and add it to git and add the password to the 
script. Everybody can build compatible packages but security-conscious 
people would be very unhappy.
3. Add the keystore to git and keep the password secret, known only to 
developers and authorized people.
Any ideas?

I don't know about adding the application to the play store. There are 
some restrictions and requirements. New apps must target at least 
Android 8.0 (API level 26). Maximum size of apk is 100MB (we squeak in 
just below that without plugins), other things.

I never use plugins. Should they be included? I would prefer them to be 
a separate package installed afterward, but I don't know how to do that 
with android.

Peter




More information about the mythtv-dev mailing list