React-native-code-push: Code Signing not working - Always Network request failed
Thanks so much for filing an issue or feature request! Please fill out the following (wherever relevant):
Steps to Reproduce
- Added private key in string.xml (Android)
- The used release-react command with -k (private key .pem)
- Uploaded success and version changed
Expected Behavior
Application should able to download js and apply
Actual Behavior
[12:01:04] Report status failed: {"previousLabelOrAppVersion":"vXX","previousDeploymentKey":"XXXXX","appVersion":"1.0.8"}
[12:01:04] Network request failed"}]
[12:01:04] Network request failed
Environment
- react-native-code-push version: 5.4.2
- react-native version: 0.56.0
- iOS/Android/Windows version: Android
- Does this reproduce on a debug build or release build? Debug
- Does this reproduce on a simulator, or only on a physical device? Both
(The more info the faster we will be able to address it!)
schavaLogi
All 9 comments
More Information:
After applying private key but in the application we didn't add sign public key to verify the behaviour
Actual behaviour:
Warning! JWT signature exists in code push update but code integrity check couldn't be performed because there is no public key configured. Please ensure that the public key is properly configured within your application.
Expected hash: 17dc01721699dffd7677ccb7401cbccb1ed5e3f7cb94fa86af0d6892fc45c429, actual hash: 17dc01721699dffd7677ccb7401cbccb1ed5e3f7cb94fa86af0d6892fc45c429
[12:14:40] The update contents succeeded the data integrity check.
[12:14:59] Loading JS bundle from "/data/user/0/com.logi.pavarotti.inte/files/CodePush/17dc01721699dffd7677ccb7401cbccb1ed5e3f7cb94fa86af0d6892fc45c429/CodePush/index.android.bundle"
[12:15:03] Reporting CodePush update success (v89)
schavaLogi
on 13 Oct 2018
Hi @schavaLogi ,
Thanks for reporting!
- Added private key in string.xml (Android)
Please ensure that you added public key. Not private. As private should be existed only on developer-end and should be used for signing release with add -k option for CLI.
Also please ensure that you configured CodePush for using this public key as described here(2 paragraph): https://github.com/Microsoft/react-native-code-push/blob/master/docs/setup-android.md#code-signing-setup
If it was not helpful could you please add dummy project with reproducing issue?
Thanks,
Alexander
alexandergoncharov
on 15 Oct 2018
@alexandergoncharov sorry for the confusion. Added public key in strings.xml
Will try to create a sample application and will share the link
schavaLogi
on 15 Oct 2018
@alexandergoncharov
Hi Attached sample code github https://github.com/srinuch1981/ReduxNavigation
schavaLogi
on 15 Oct 2018
@schavaLogi , Thanks for sample.
At first, you shouldn't get string from resources for public key. https://github.com/srinuch1981/ReduxNavigation/blob/master/android/app/src/main/java/com/reduxnavigation/MainApplication.java#L36
For this you should add just id of this resource(without getString wrapper) to constructor. As if constructor gets id for this last parameter it will use it as public key. In string case constructor will use it as custom server for CodePush deployments and releases.
Please check logic with this changes and let me know it was helpful or issue is still here.
alexandergoncharov
on 15 Oct 2018
@alexandergoncharov
Thanks for the details information. I made a simple mistake yet important not checked even after your reference.
One more point in case if i don't use public key in my application but server uses private key we are able to download and apply patch. is that expected behaviour?
new CodePush(getString(R.string.code_push_key),
getApplicationContext(),
BuildConfig.DEBUG)
Logs:
D/ReactNative: [CodePush] Applying full update.
D/ReactNative: [CodePush] Warning! JWT signature exists in codepush update but code integrity check couldn't be performed because there is no public key configured. Please ensure that public key is properly configured within your application.
D/ReactNative: [CodePush] Verifying hash for folder path: /data/user/0/xxxx/files/CodePush/5fae422719864f531e241766555f9f47ea767d05df10102092c6f7bb25cb8de6
D/ReactNative: [CodePush] Expected hash: 5fae422719864f531e241766555f9f47ea767d05df10102092c6f7bb25cb8de6, actual hash: 5fae422719864f531e241766555f9f47ea767d05df10102092c6f7bb25cb8de6
D/ReactNative: [CodePush] The update contents succeeded the data integrity check.
I/ReactNativeJS: [CodePush] Reporting CodePush update success (v90)
schavaLogi
on 15 Oct 2018
@schavaLogi , Yeah, it is expected because checking signing or not is configured on device end(not server) and even release is singed but device shouldn't check it, release should be installed.
On other side if signing is enabled on device side and release was not signed then release shouldn't be installed.
I hope it was helpful for you :)
alexandergoncharov
on 15 Oct 2018
@alexandergoncharov Thanks for the clarification.
schavaLogi
on 16 Oct 2018
@schavaLogi , Yeah, it is expected because checking signing or not is configured on device end(not server) and even release is singed but device shouldn't check it, release should be installed.
On other side if signing is enabled on device side and release was not signed then release shouldn't be installed.I hope it was helpful for you :)
club9822
on 14 Jan 2020
Related issues
osdnk
路
3Comments
diegocouto
路
4Comments
chrisjrex
路
4Comments
djw27
路
3Comments
kevando
路
4Comments
Most helpful comment
@schavaLogi , Thanks for sample.
At first, you shouldn't get string from resources for public key. https://github.com/srinuch1981/ReduxNavigation/blob/master/android/app/src/main/java/com/reduxnavigation/MainApplication.java#L36
For this you should add just id of this resource(without
getStringwrapper) to constructor. As if constructor gets id for this last parameter it will use it as public key. In string case constructor will use it as custom server for CodePush deployments and releases.Please check logic with this changes and let me know it was helpful or issue is still here.